1 / 66

What You Need to Know About Migrating from IE6 to IE8

humphrey
Download Presentation

What You Need to Know About Migrating from IE6 to IE8

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Chris Jackson Principal Consultant, “The App Compat Guy” Microsoft Corporation appcompatguy@microsoft.com http://www.appcompatguy.com @appcompatguy What You Need to Know About Migrating from IE6 to IE8

    4. Is IE6 Engineering Perfection?

    5. Agenda Getting from IE6 to IE8 Why do you want IE8? How do you get to IE8? How do you fix your apps for IE8?

    6. Browsers are Hard to Make Backward and forward compatibility Not all scenarios are predicted “hacks”

    7. Internet Explorer and Standards

    9. Internet Explorer and Standards

    10. Why Do Standards Matter? Reduce risk Increased vendor options Integration options Continuous improvements Durable solutions Increased resource pool New hires Flexibility with existing staff Reduced bandwidth costs Search engine optimization Accessibility

    11. What Happened?

    12. Rumors of our irrelevance have been exaggerated Where do we still lead?

    13. The Microsoft Security Development Lifecycle Message of the slide in one line: The SDL infuses security into each phase of development to help protect customers by creating software that is less vulnerable and more resilient to malicious attacks. Most software organizations—and this includes Microsoft before Bill Gates’ Trustworthy Computing Memo—deal with security in the testing and release phase, long after security flaws have been programmed into an application. The Microsoft SDL prescribes security activities in each stage of the development process. the goal is dual: eliminate as many vulnerabilities as practical and reduce the severity of vulnerabilities that slip through. For such a comprehensive process to work at Microsoft, which is a software development company first and foremost, the SDL must be practical and risk based (as part of the process, the product team identifies and focuses on the most exposed and risky software modules). This is why threat modeling, which happens at the design phase, is considered so important to the effectiveness of the SDL. BTW, a positive advantage of eliminating security problems early is that they are much easier and therefore less costly to fix. It is estimated by NIST that to fix a bug that is found in the production phase (where most companies conduct security audits) costs 30X over fixing the same bug in the design phase. Message of the slide in one line: The SDL infuses security into each phase of development to help protect customers by creating software that is less vulnerable and more resilient to malicious attacks. Most software organizations—and this includes Microsoft before Bill Gates’ Trustworthy Computing Memo—deal with security in the testing and release phase, long after security flaws have been programmed into an application. The Microsoft SDL prescribes security activities in each stage of the development process. the goal is dual: eliminate as many vulnerabilities as practical and reduce the severity of vulnerabilities that slip through. For such a comprehensive process to work at Microsoft, which is a software development company first and foremost, the SDL must be practical and risk based (as part of the process, the product team identifies and focuses on the most exposed and risky software modules). This is why threat modeling, which happens at the design phase, is considered so important to the effectiveness of the SDL. BTW, a positive advantage of eliminating security problems early is that they are much easier and therefore less costly to fix. It is estimated by NIST that to fix a bug that is found in the production phase (where most companies conduct security audits) costs 30X over fixing the same bug in the design phase.

    14. Percentage of Total Vulnerabilities by Browser Internet Explorer 8 has enhanced security features that help protect customers from the online security threats they face daily. Even though Internet Explorer 8 is the worlds leading browser, and likely the #1 attach surface for attackers, a recent study by Cenzic, showed that Internet Explorer 8 had nearly a third fewer vulnerabilities than Mozilla’s Firefox in the first half of 2009, and 20% fewer than Apple’s Safari. Note: Chrome isn’t covered likely because Cenzic hadn’t started tracking them. A list of CVE’s can be found on the CVE database at http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=chrome Cenzic Study: http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q1-Q2-2009.pdfInternet Explorer 8 has enhanced security features that help protect customers from the online security threats they face daily. Even though Internet Explorer 8 is the worlds leading browser, and likely the #1 attach surface for attackers, a recent study by Cenzic, showed that Internet Explorer 8 had nearly a third fewer vulnerabilities than Mozilla’s Firefox in the first half of 2009, and 20% fewer than Apple’s Safari. Note: Chrome isn’t covered likely because Cenzic hadn’t started tracking them. A list of CVE’s can be found on the CVE database at http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=chrome Cenzic Study: http://www.cenzic.com/downloads/Cenzic_AppSecTrends_Q1-Q2-2009.pdf

    15. Blocking Malware Attacks An updated study from NSS Labs shows Internet Explorer 8’s investment in blocking malware has helped protect millions of users. We are the #1 browser in blocking malware, beating the nearest competitor by 56% – malware is the most common and impactful security threat facing internet users today. We’re the only browser who has seen an improvement in our malware protection rate across all three tests. An updated study from NSS Labs shows Internet Explorer 8’s investment in blocking malware has helped protect millions of users. We are the #1 browser in blocking malware, beating the nearest competitor by 56% – malware is the most common and impactful security threat facing internet users today. We’re the only browser who has seen an improvement in our malware protection rate across all three tests.

    16. Internet Explorer Protected Mode

    17. Protected Mode Works! Microsoft Security Advisory 980088 Microsoft Security Advisory 973882 Microsoft Security Bulletin MS10-002 Microsoft Security Bulletin MS09-034 Microsoft Security Bulletin MS08-078 Microsoft Security Bulletin MS07-017

    18. Who Else is Using Isolation? Microsoft Office 2010 Google Chrome Adobe Reader 10 (just announced)

    19. Best Lifecycle for the Enterprise

    20. Reliability: LCIE Loosely coupled IE / procmon, toolbar management, no add-ons mode, reset to factory settingsLoosely coupled IE / procmon, toolbar management, no add-ons mode, reset to factory settings

    21. DEMO Reliability

    22. Customer Case Study

    23. Communicate Like Crazy To your: Peers Management Web content owners Anyone who will listen Don’t just sell how – also sell why Tabs Accelerators F12 Debugging Tools

    24. Use the Platform Don’t just give possibility – give realization

    25. Get It on the Approved List

    26. Create an IECTT Package

    28. Set an Online Support Page

    29. Be Available

    30. How did that go?

    31. People may not want IE6, but they do want their apps to work. The Virtualization Solutions

    32. MED-V

    33. DEMO MED-V v2

    34. Citrix

    35. Citrix Danger Out of sight, out of mind Kind of like your XP apps!

    36. Fixing your apps for tomorrow The Policy and Code Solutions

    37. VIDEO GE Centricity

    38. What is Compatibility View?

    39. DOCTYPE Switches

    40. What’s Wrong with DOCTYPE? It assumes that it is possible for either a page or a browser to perfectly implement a set of web standards!

    41. Another Developer Keyboard Ships Without a > Key Versioning

    42. Conditional Comments <!--[if gte IE 8]> <p>You're using a recent version of IE.</p> <![endif]--> <!--[if lt IE 7]> <p>Hm. You should upgrade your copy of IE.</p> <![endif]--> <![if !IE]> <p>You're not using IE.</p> <![endif]>

    43. User Agent Strings Your announcement to the world, “I have these browser capabilities” with every request Needs to be parsed to be usable Usable both on the client and server

    44. User Agent Strings function getInternetExplorerVersion() // Returns the version of Internet Explorer or a -1 if not IE { var rv = -1; // Return value assumes failure. if (navigator.appName == 'Microsoft Internet Explorer') { var ua = navigator.userAgent; var re = new RegExp("MSIE ([0-9]{1,}[\.0-9]{0,})"); if (re.exec(ua) != null) rv = parseFloat( RegExp.$1 ); } return rv; } function checkVersion() { var msg = "You're not using Internet Explorer."; var ver = getInternetExplorerVersion(); if ( ver > -1 ) { if ( ver >= 8.0 ) msg = "You're using a recent copy of Internet Explorer." else msg = "You should upgrade your copy of Internet Explorer."; } alert( msg ); }

    45. Real World Issues: (Large Tech Company) Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.5; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; InfoPath.1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; MS-RTC LM 8) chromeframe/5.0.375.62

    46. Real World Issues: (Large Tech Company) Web standards do not limit History limited them to 256 characters Thus, so did ASP.NET We had to hotfix ASP.NET 1.1: http://support.microsoft.com/kb/974762 2.0: http://support.microsoft.com/kb/962204/

    47. Real World Issues: (Large Tech Company) They could also edit the registry HKLM\Software\Microsoft\Windows\ CurrentVersion\Internet Settings\User Agent\Pre Platform HKLM\Software\Microsoft\Windows\ CurrentVersion\Internet Settings\User Agent\Post Platform HKCU\Software\Microsoft\Windows\ CurrentVersion\Internet Settings\User Agent\Pre Platform HKCU\Software\Microsoft\Windows\ CurrentVersion\Internet Settings\User Agent\Pre Platform

    48. Real World Issues: (Large Tech Company) IE9 will send a short user agent string by default: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) http://blogs.msdn.com/b/ie/archive/2010/03/23/introducing-ie9-s-user-agent-string.aspx

    49. Tools: Fiddler HTTP/HTTPS Debugger Runs as a proxy server on the local machine or on a remote server Written in C# (.NET Framework v2.0) Freely available from http://www.fiddler2.com

    50. DEMO Troubleshooting a Versioning Issue

    51. or: How I Learned to Stop Using CSS Hacks and Love Standards Rendering

    52. Who Uses Quirks? People who don’t have their DOCTYPE as the first element in a document (IE6) People who don’t have a DOCTYPE People who have an old DOCTYPE

    53. DEMO Troubleshooting a Rendering Issue

    54. Vintage 1997 Kool-Aid ActiveX

    55. Tools: Process Monitor Real-time file, registry, process, and network monitor Provides tools to show you: The process tree Number of occurences Etc.

    56. Real World Issues: (Large Manufacturing Co.) License file was manually installed to Program Files On Windows 7: License file installed Software still complained it wasn’t licensed What do you think happened?

    57. Real World Issues: (Large Manufacturing Co.)

    58. Real World Issues: (Large Manufacturing Co.)

    59. DEMO Troubleshooting an ActiveX Issue

    60. javascript? jscript? ecmascript? Scripting

    61. Tools: F12 Debugging Integrated and simple to use A visual interface to the platform When source inspection is hard to interpret See what CSS is applied, and why Fast experimentation Real-time modification of HTML and CSS Optimize application performance Profiler – measures how often, and how quickly, your scripts run

    62. DEMO Troubleshooting a Scripting Issue

    64. Question & Answer Session

    65. Related Content CLI 408 – Inside the Application Compatibility Toolkit 5.6: Finding, Testing, and Fixing Applications on Windows 7 CLI316 – What You Need to Know About Migrating from Internet Explorer 6 to Internet Explorer 8

    67. Resources

More Related