March 24, 1997 10:00 AM ET
Microsoft ships new IE beta
By Norvin Leach

  Microsoft Corp. last week released a new build of the Internet Explorer 4.0 beta to private testers, only to be hit with reports of more bugs and security breaches in other areas.

The new build addresses some concerns from the first beta, including printing problems and sluggish installation and setup. It also adds some of the push functions that Microsoft has been touting.

The first private beta required users to download and install IE 4.0 directly from the server, a procedure about which beta testers complained loudly. Changes to the ActiveSetup system now let users simply download the compressed files and install IE 4.0 later.

"The deferred installation is a lot more convenient," said a beta tester, who requested anonymity. "And the download seems a lot smoother."

The new build also fixed recently reported bugs that let malicious HTML links launch applications on a remote desktop. IE 4.0's Outlook Express, the new Mail and News client, was susceptible to these bugs because it lets users send HTML pages as mail messages.

Meanwhile, another round of bugs was uncovered that could pose threats to users of Internet Explorer and other Microsoft Internet and networking products.

One recently discovered hole in Internet Explorer makes it possible for hackers to get users' log-in passwords over the Internet, according to Computer and Network Security researchers at www.security.org.il. Microsoft, of Redmond, Wash., had not responded with a patch for the hole by late last week.

Microsoft last week also posted a fix for a bug in the FrontPage Server Extensions that could have let people viewing a Web page add content to the page by editing the HTML.

Users also reported a problem with Macromedia Inc.'s Shockwave plug-in that allowed a Web server to read files on clients using various E-mail packages. Macromedia officials said users can download a fixed version of Shockwave 5.0 from the Macromedia Web site.

On the positive side for IE 4.0, a group of ISVs last week threw support behind the new Dynamic HTML technology that will be built into the browser.

Borland International Inc., the Powersoft division of Sybase Inc. and Macromedia each announced that its development and authoring tools would support the new object model for HTML.

Additional reporting by Jim Rapoza

More bugs explored in Internet Explorer 4.0

Bug
Status
Outlook Express susceptible to HTML application-launching bug Fixed in beta
Shockwave control lets users read E-mail Update posted by Macromedia
FrontPage Server Extensions let people add content to a page Microsoft patch posted
Samba SMB server can reveal passwords of Explorer users Patch pending

Copyright(c) 1997 Ziff-Davis Publishing Company. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Ziff-Davis Publishing Company is prohibited. PC Week and the PC Week logo are trademarks of Ziff-Davis Publishing Company. PC Week Online and the PC Week Online logo are trademarks of Ziff-Davis Publishing Company.

Send mail to PC Week