Yep. Almost (but not quite) left forgotten by the celebration of Microsoft’s Windows 7 Beta release has been the announcement that Internet Explorer 8 Release Candidate is now available.
The team will post more about all changes between Beta 2 and RC. In brief:
- Platform Complete. The technical community should expect the final IE8 release to behave as the Release Candidate does. The IE8 product is effectively complete and done. We’ll post separately about the thousands of additional test cases we’re contributing to the W3C. We've listened very carefully to feedback from the betas. With the Release Candidate, we’re listening carefully for critical issues.
- Reliability, Performance, and Compatibility improvements. We’ve studied the telemetry feedback about the browser's underlying quality and addressed many issues.
- Security. We’ve worked closely with people in the security community to enable consumer-ready clickjacking protection. Sites can now protect themselves and their users from clickjacking attacks “out of the box,” without impacting compatibility or requiring browser add-ons. We also made some changes to InPrivate based on feedback from customers and partners.
We also made some changes to the user experience based on feedback. For example, based on data about how people use actually it, we made fitting more items on the Favorites bar easier. (Note that the IE8 Release Candidate is for Windows Vista, XP, and Server only; Windows 7 users will get an updated IE8 with the next update of Windows 7. Also, the Release Candidate of the Internet Explorer Administration Kit is available for download now.)
I’ve been using the Beta release for a while in a virtual system and it has performed well. Next I will need to bump it up to the RC version.
It doesn’t appear to be as big a deal but you better still read the fine print before embarking.
This post has a bunch of goodies for the intrepid installers.
Let’s rip out the critical bits from that post.
- If you are on Vista and already have an IE8 Beta version, then this will upgrade in place. No uninstall of the previous version will be needed.
- There is a new pre-requisite for IE8 RC1 (KB957388). Be on the lookout for it.
- Windows 7 Beta users already are running a special build of IE8 already. Don’t try to install it on that platform.
- Release notes for RC1 outline a few scenarios you should watch out for when installing IE8 RC1.
- Technet Edge interview [the post author] did covers many install topics
XP users (most)
Download the installer file. (Unless you already have a IE8 pre-RC version installed in which case you might be offered it via Automatic Updates or Windows Update.)
Be prepared that the IE8 RC installer will first uninstall (if previously installed) IE8 pre-RC versions from your system. Then it will reboot, complete the IE8 RC install, then reboot again.
Check the version by going to Help –> About Internet Explorer dialog to see the version number 8.0.6001.18372.
XP SP3 users (a chosen few): Red pill or Blue pill?
If you happened to first install IE8 pre-RC versions before upgrading to XP-SP3 you’ve got some hard choices to make. If your option to uninstall the IE8 pre-RC version is “grayed” out, then you can continue to install IE8 RC (and future release versions including the final version) but you will no longer be able to uninstall either IE8 or XP SP3 from here on out. You will get a nice warning dialog before you proceed. Do so and both your IE8 and XP SP3 tattoos stick permanently.
If this concerns you, then you need to uninstall the XP SP3 service pack, then uninstall your IE8 Beta version, reinstall XP SP3, then go forward to installing IE8 RC.
It’s up to you. Choose wisely.
Vista Users have it Easiest
IE designers, based on user feedback, built IE8 installer to automatically replace IE8 pre-RC builds as part of the RC installation process. This makes things very simple.
After IE8 RC1 installation is wrapped up the final screen of the Install Wizard should tell you that IE8 finished cleanly.
To verify, launch IE, open Help –> About Internet Explorer and find the version number 8.0.6001.18372.
Dwight Silverman has a illustrated guide to the process for Vista at TechBlog: Installing Internet Explorer 8 RC1: A visual tour
Other IE8 Bits
Here is some more IE8 reading on features
IEBlog : IE8 Security Part VII: ClickJacking Defenses – It’s a bit dense with web-code architecture and how it relates to browser design but this seems to be the point IE designers want us to know:
As we designed Internet Explorer 8, we had to be very careful not to increase the browser’s attack surface for CSRF attacks. IE8’s new XDomainRequest object, for instance, allows cross-domain communication upon explicit permission of the server, but contains specific restrictions to ensure that new types of CSRF attacks are not made possible. End-users can mitigate the impact of CSRF attacks by logging out of sensitive websites when not in use, and by browsing in independent InPrivate Browsing sessions. (InPrivate sessions start with an empty cookie jar, so cached cookies cannot be replayed in CSRF attacks.)
Security’s Crux: Real Problems vs Point Solutions – Digital Soapbox blog Rafal Los provides a very interesting counterpoint to this approach. He steps back and takes a wider view and analysis of the clickjacking threat.
I keep reading Giorgio's posts on the Internet Explorer 8 BETA1 release and "ClickJacking" protections offered therein (here and here), yes he's the guy who does NoScript, and it's all of the sudden become clear to me. Once again, Microsoft has solved an industry-wide problem by perpetuating their own proprietary technologies and then marketing them as ground-breaking. NoScript addresses the UI Redress attack (more commonly known as ClickJacking), but since IE is so proprietary and closed... they have to re-invent the wheel to self-serve. This perpetuates the need for Microsoft to "save the masses"... since most people that don't know better are hooked on Microsoft's IE technology like crack.
I quickly got lost on Giorgio’s own blog site following those links. Again, unless you are a security wonk or web-design guru you might get lost, but I still found them very fascinating to read. Especially as they touch on an important topic for browser security.
- Ehy IE8, I Can Has Some Clickjacking Protection? – Giorgio Maone’s hackademix blog
- IE8’s “Clickjacking Protection” Exposed – Giorgio Maone’s hackademix blog
- X-FRAME-OPTIONS in Firefox – Giorgio Maone’s hackademix blog
- All That ClickJazz… – Giorgio Maone’s hackademix blog
- Search box can display images for instant “visual search results”
- Smart Address Bar now displays feed results optionally, autocomplete suggestion does not show entire sections, and more results are displayed in the list.
- The Favorites Bar now allows you to customize the width of item titles so you can cram more on there without having to manually rename (or remove them). This is nice.
- InPrivate Browsing and InPrivate Blocking have been tweaked so that they may be used separately.
Overview of Platform Improvements in IE8 RC1 – IEBlog – Light post that highlights some page design and standards handling improvements with IE8 along with performance and aspects for developers.