Internet Explorer Feedback
- 0
- Add a Comment
- No Related Post
I wasn’t expecting a response from Microsoft on my list of Internet Explorer Annoyances. Sean Lyndersay, a former Gnomie and current Microsoftie on the IE team, wrote back this evening with an extensive list of explanations. I don’t want to overwelm everybody, so I’ll be posting half of Sean’s email here - and the remainder of it on the blog. You’ll see Sean’s notes in italics below:
Thanks for putting together this list of issues. Dean and I pulled together the answers to your questions from various members of the team into this email. It’s long, but since you took the time to put together this list, I wanted to make sure you got more than just standard answers. Let me know if you have any questions or any more concerns (or annoyances) - I’ll make sure you get answers.
I still get prompted when I want to create a shortcut to my desktop - by right-clicking the page and choosing “Create Shortcut.” Yes, I want to create a shortcut - don’t ask me again!!! Dean, please add a toggle for this annoyance.
On both Windows XP and Vista, this prompt exists primarily to let the user know where the icon will placed (without trial and error, the user won’t know).
More importantly, it is a security feature on Windows Vista. It is a requirement of protected-mode that any time IE writes to a location on the hard drive other than Temporary Internet Files folder (TIF), there must be a prompt that explains what is about to happen (and offers the user the opportunity to stop it). This protects the user from a site using an exploit to silently “break out” of the protected mode .
Let me be more detailed about how protected mode works and why this prompt is important. On Vista, the IE process itself cannot write to anywhere other than the TIF. This means that if a malicious site attempts to use an unpatched exploit in IE (something we are working hard to avoid ever happening, but which may occur nonetheless due the complexities of software development), and takes over the IE process, the exploit will not be able to write to the user’s hard disk. However, there are a number of cases where IE must write to a non-TIF location (in this case, to the user’s desktop). IE therefore calls one of a set of very specific, locked-down APIs in the IE broker process (which runs outside of protected mode) and asks the broker process to write the information to the non-TIF location.
Since an exploited IE process can also call these APIs, it is a requirement that all of these APIs first prompt the user before performing the write action. If this particular API, for example, did not prompt, the exploited IE process would be able to write any number of bogus and dangerous shortcuts to the user’s desktop without their knowledge.
Much as we would like to remove the dialog (as you probably know, we made a concerted effort to remove unnecessary dialogs from IE - most of the “you’re entering a secure site”-style prompts are gone), in this case it serves a usability and, more importantly, security purpose. So we decided to keep this one.
On XP (where it doesn’t serve a strict security purpose), we’d like to implement a “don’t ask me about this again”, but we don’t have the time to get that in for this release.
You still get prompted when dragging and dropping an item from the browser to the desktop. “Do you want to move or copy files from this zone?” Yes, I do - or I wouldn’t have tried it in the first place, you fool. There’s no clear or easy way of eliminating this prompt, other than applying this registry hack.
As you probably know, there are a number of attacks that malicious sites have used in the past that find ways to convince a user to drag-and-drop bad content on to their hard drive without them realizing that’s what’s happened. The prompt exists to order to protect the user variations on the drag-and-drop exploits that we have seen in the past.
There’s no end-user toggle to turn off this feature because it exists primarily to protect you from situations where you don’t expect to need it.
That said, it does suck that it exists, and we will be investigating some re-architecture work for in a future release of IE that will allow us to eliminate the prompt in some circumstances. These changes are too fundamental for us to consider getting into IE7.
The information bar has got to go. It was annoying in IE6, and it’s even more annoying in IE7. I tried opening information from a trusted desktop app, and IE7 infobar’ed me - then when I told the infobar that it was okay, IE reloaded and showed me another warning dialog - just in case I missed it the first time. This is absolute madness. Let’s not even go into how the information bar reloads the entire page when you want to download a file from a URL! You have to make this far less annoying before going gold, Dean.
The information bar was designed as a non-blocking way to protect the user from “bad things” happening to their PC. One technique commonly used by malicious sites was to continually offer a download to the user, until they relented and accepted the prompt, just to get it out of their way.
The info-bar is designed to be “safely ignorable” - in that, if a user ignores the info-bar, they will remain safe (nothing will be downloaded, no pop-pups and no ActiveX installs).
The specific behavior you’re seeing is due to “Local Machine Lockdown” - a mitigation that we implemented in XP SP2 to make HTML files (that may have been accidentally or maliciously downloaded) run in a secure state, instead of automatically being fully trusted, as they were in the past.
For advanced users that understand the potential of HTML files on the desktop, you easily turn off this behavior by: (1) Go to the “Advanced” tab of the Internet Options dialog; AND (2) Check the box: “Allow active content to run from files on My Computer”
As for page reloading, we found during development of the feature that the only reliable way to get pages to run properly is to reload them after the info-bar is removed. It’s far from ideal, but it’s the only thing we found that works in the majority of cases.
I really, REALLY don’t want to go into all the UI inconsistencies, though the page properties icon is an old one, the History icon looks ass-nasty, and the Print Preview dialog is using Arial and a non-standard toolbar in Classic Mode. I could easily turn this into a “top 100″ list if I broke down all the ways that the IE7 UI is still rough around the edges.
Generally speaking, we are working hard on polishing out the rough edges. To specifically address the issues you mention above:
Page properties icon: Yes, it is an old one. However, the properties page itself is a part of the Windows XP shell, so the icon comes from the there. We decided that it was not appropriate for us to update the graphics used throughout the shell (if we did that, we’d have to update everything) when IE installed. This is certainly one case where the mismatch between IE’s new graphics and Windows XP’s older graphics does show clearly (in this case, I’d guess the icon dates back to Windows 95). Fortunately, our usage data shows that this dialog is rarely used, so the impact is low. The shell team has replaced the icon with am updated design in Windows Vista RC1.
History icon: In terms of icon quality, we’re not seeing any visual issues with the history icon in the Favorites Center. Can you elaborate?
Print Preview dialog: The Print Preview dialog is (for historical reasons) written entirely as an HTML dialog. The font used is the system font, and — since theme information isn’t available to HTML dialogs — the toolbar will always appear the same regardless of theme.
Why on God’s green earth is the RSS icon in the toolbar?! It’s a modal icon - meaning it should only show up when there’s something there to see! Safari puts an RSS icon in the address bar, Opera puts an syndication icon in the address bar, and we all know that Firefox puts it in the address bar as well. Who thinks they’re being innovative by putting the indicator in a place where most people will ignore it?
Basically, we put the icon on the toolbar to increase the discoverability and usability of the feed discovery. To elaborate slightly:
- While it is true that the feed button is context-dependent, our usability research has shown that having the button in the same place even in the disabled state actually improves discoverability of the feature.
- We also decided to keep it out of the address bar to improve discoverability because the address bar (particularly the right-side of it) is devoted to security features (lock icon, and the security status bar) - and the varying colors of the address bar (green, red and yellow) would also tend to obscure an icon placed in that location.
- From a usability perspective, the typical implementation of the icon (”floating” over the address bar) presents some significant usability challenges. It is unclear at first glance how to navigate to it via the keyboard. The multiple-feed case is also interesting because it would mean that there would be two drop-downs at the right-end of the address bar (the feed button, and the address bar drop-down itself). Finally, it’s not clear how the user gets rid of it, if they decide that feed discovery is not something they’re ever interested in. The button-in-command-bar design resolves all of these issues because it makes the feed button work in exactly the same way as every other button in the command-bar.
- Finally, as one of only five default icons on the command bar, we felt that its location there gives feed discovery significant prominence.
…now this is where I’ll cut Sean’s list of responses short. Remember, I’ll be posting the rest of it on my personal blog at some point in the next 24 hours.
[tags]microsoft,software,ie7,internet explorer,browser security,ie,ie6,internet security,phishing filter,web browser,information bar[/tags]