Google barks back at Microsoft over Chrome Frame security
Posted using ShareThis
"Accessing sites using Google Chrome Frame brings Google Chrome’s security features to Internet Explorer users," said a Google spokesman today. "It provides strong phishing and malware protection, absent in IE6, robust sandboxing technology [in IE6 and on Windows XP], and defenses from emerging online threats that are available in days rather than months."
Looks like the intended market for Chrome Frame is IE6 on XP. If that was the case then why allow the installer to work if IE7 or IE8 is installed on a system. Sure there is no reason for it to not work on other versions of Windows and different versions of the browser.
Sounds like Google is trying to say that Internet Explorer 6.0 is more secure with Google Chrome Frame installed than the native IE6. Interesting statement that thus far does not appear to have any real world data to backup the statement. If Chrome is still using the older Safari SDK not sure how one can even make a comparable security statement.
Mozilla slams Google’s Chrome Frame as ‘browser soup’
Posted using ShareThis
You know something big is happening when the Firefox folks take sides with Microsoft.
Of course the Mozilla team are just as concerned about Market Share as Microsoft. If Chrome Frame runs under Internet Explorer then why would anyone download Firefox.
The battle is on and the Love/Hate relationship of the browser developers is on.
Stay tuned, this is just getting started.
Link: Microsoft blasts Google over Chrome Frame plug-in
Doubles IE8′s potential security problems, cripples privacy mode, argues exec
By Gregg Keizer
September 24, 2009 04:05 PM ET
Posted using ShareThis
If everyone remembers we at IE8 Blog talked about some of the security aspects of the Google Chrome Frame when run under IE and cautioned readers to stay alert while evaluating CF. It appears that some of the management at MSFT is echoing the same caution with respect to security. See the following, I have seen it all now. Google Chrome rendering and script engine running under Internet Explorer. Are you kidding me!!!
This is an up hill battle for Google from a PR and security point of view. Sure what they did is very cool from a technology point of view but there is more to the internet than passing the Acid 3 test and running some scripts faster than IE. Ordinary users need the total package which is what IE brings to the table. Sure there are glitches and perf hits on this site or that site but keep in mind ordinary users make up the bulk of the users.
Hobbyist, geeks, IT Pros, and developers for decades went with what was perceived as the best on any given weekend and we at IE8 Blog are not different. But in the end when you are trying to appeal to the mass public the entire ‘this is the most awesome technology in the world’ is smothered by the business aspects software and the needs of the masses. If the masses want Chrome then they will install it no different than Firefox, Avant, Safari, are the dozens of other browser out there trying to get onto your desktop.
Be safe out there folks, it is a dangerous internet.
Since the following document is becoming difficult to find and the original location has been removed for some time we are posting the document for the community. Plus we seem to never be able to find it when we needed it. There are some calls that do not work as expected with IE or the syntax/usage is different so we will update this post once we find the specifics again.
Note: This is the original Netscape document on PAC files, released with Netscape Navigator 2.0 in 1996. It provides a basic description of many of the common functions used to build PAC files.
Navigator Proxy Auto-Config File Format
March 1996
(There are several examples and tips in the end of this document)
The proxy autoconfig file is written in JavaScript. The file must define the function:
function FindProxyForURL(url, host)
{
...
}
which will be called by the Navigator in the following way for every URL that is retrieved by it:
ret = FindProxyForURL(url, host);
where:
url
the full URL being accessed.
host
the hostname extracted from the URL. This is only for convenience, it is the exact same string as between :// and the first : or / after that. The port number is not included in this parameter. It can be extracted from the URL when necessary.
ret
(the return value) a string describing the configuration. The format of this string is defined below.
Saving the Auto-Config File
Setting the MIME Type
- You should save the JavaScript function to file with a .pac filename extension; for example:
proxy.pac
Note 1: You should save the JavaScript function by itself, not embed it in HTML.
Note 2: The examples in the end of this document are complete, there is no additional syntax needed to save it into a file and use it (of course, the JavaScripts have to be edited to reflect your site’s domain name and/or subnets).
- Next, you should configure your server to map the .pac filename extension to the MIME type:
application/x-ns-proxy-autoconfig
If using a Netscape server, edit the mime.types file in the config directory. If using Apache, CERN or NCSA servers, use the AddType directive.
Return Value Format
The JavaScript function returns a single string.
If the string is null, no proxies should be used.
The string can contain any number of the following building blocks, separated by a semicolon:
DIRECT
Connections should be made directly, without any proxies.
PROXY host:port
The specified proxy should be used.
SOCKS host:port
The specified SOCKS server should be used.
If there are multiple semicolon-separated settings, the left-most setting will be used, until the Navigator fails to establish the connection to the proxy. In that case the next value will be used, etc.
The Navigator will automatically retry a previously unresponsive proxy after 30 minutes, then after 1 hour from the previous try (always adding an extra 30 minutes).
If all proxies are down, and there was no DIRECT option specified, the Navigator will ask if proxies should be temporarily ignored, and direct connections attempted. The Navigator will ask if proxies should be retried after 20 minutes has passed (then the next time 40 minutes from the previous question, always adding 20 minutes).
Examples:
PROXY w3proxy.netscape.com:8080; PROXY mozilla.netscape.com:8081
Primary proxy is w3proxy:8080; if that goes down start using mozilla:8081 until the primary proxy comes up again.
PROXY w3proxy.netscape.com:8080; PROXY mozilla.netscape.com:8081; DIRECT
Same as above, but if both proxies go down, automatically start making direct connections. (In the first example above, Netscape will ask user confirmation about making direct connections; in this third case, there is no user intervention.)
PROXY w3proxy.netscape.com:8080; SOCKS socks:1080
Use SOCKS if the primary proxy goes down.
Predefined Functions and Environment for the JavaScript Function
isPlainHostName(host)
host
the hostname from the URL (excluding port number).
True iff there is no domain name in the hostname (no dots).
Examples:
isPlainHostName("www")
is true.
isPlainHostName("www.netscape.com")
is false.
dnsDomainIs(host, domain)
host
is the hostname from the URL.
domain
is the domain name to test the hostname against.
Returns true iff the domain of hostname matches.
Examples:
dnsDomainIs("www.netscape.com", ".netscape.com")
is true.
dnsDomainIs("www", ".netscape.com")
is false.
dnsDomainIs("www.mcom.com", ".netscape.com")
is false.
localHostOrDomainIs(host, hostdom)
host
the hostname from the URL.
hostdom
fully qualified hostname to match against.
Is true if the hostname matches exactly the specified hostname, or if there is no domain name part in the hostname, but the unqualified hostname matches.
Examples:
localHostOrDomainIs("www.netscape.com", "www.netscape.com")
is true (exact match).
localHostOrDomainIs("www", "www.netscape.com")
is true (hostname match, domain not specified).
localHostOrDomainIs("www.mcom.com", "www.netscape.com")
is false (domain name mismatch).
localHostOrDomainIs("home.netscape.com", "www.netscape.com")
is false (hostname mismatch).
isResolvable(host)
host
is the hostname from the URL.
Tries to resolve the hostname. Returns true if succeeds.
Examples:
isResolvable("www.netscape.com")
is true (unless DNS fails to resolve it due to a firewall or some other reason).
isResolvable("bogus.domain.foobar")
is false.
isInNet(host, pattern, mask)
host
a DNS hostname, or IP address. If a hostname is passed, it will be resoved into an IP address by this function.
pattern
an IP address pattern in the dot-separated format
mask
mask for the IP address pattern informing which parts of the IP address should be matched against. 0 means ignore, 255 means match.
True iff the IP address of the host matches the specified IP address pattern.
Pattern and mask specification is done the same way as for SOCKS configuration.
Examples:
isInNet(host, "198.95.249.79", "255.255.255.255")
is true iff the IP address of host matches exactly 198.95.249.79.
isInNet(host, "198.95.0.0", "255.255.0.0")
is true iff the IP address of the host matches 198.95.*.*.
<hr size=4 width="100%" align=center>
dnsResolve(host)
host
hostname to resolve
Resolves the given DNS hostname into an IP address, and returns it in the dot separated format as a string.
Example:
dnsResolve("home.netscape.com")
returns the string "198.95.249.79".
<hr size=4 width="100%" align=center>
myIpAddress()
Returns the IP address of the host that the Navigator is running on, as a string in the dot-separated integer format.
Example:
myIpAddress()
would return the string "198.95.249.79" if you were running the Navigator on that host.
<hr size=4 width="100%" align=center>
dnsDomainLevels(host)
host
is the hostname from the URL.
Returns the number (integer) of DNS domain levels (number of dots) in the hostname.
Examples:
dnsDomainLevels("www")
returns 0.
dnsDomainLevels("www.netscape.com")
returns 2.
<hr size=4 width="100%" align=center>
shExpMatch(str, shexp)
str
is any string to compare (e.g. the URL, or the hostname).
shexp
is a shell expression to compare against.
Returns true if the string matches the specified shell expression.
Actually, currently the patterns are shell expressions, not regular expressions.
Examples:
shExpMatch("http://home.netscape.com/people/ari/index.html", "*/ari/*")
is true.
shExpMatch("http://home.netscape.com/people/montulli/index.html", "*/ari/*")
is false.
weekdayRange(wd1, wd2, gmt)
wd1
and
wd2
are one of the weekday strings:
SUN MON TUE WED THU FRI SAT
gmt
is either the string: GMT or is left out.
Only the first parameter is mandatory. Either the second, the third, or both may be left out.
If only one parameter is present, the function yeilds a true value on the weekday that the parameter represents. If the string "GMT" is specified as a second parameter, times are taken to be in GMT, otherwise in local timezone.
If both wd1 and wd1 are defined, the condition is true if the current weekday is in between those two weekdays. Bounds are inclusive. If the "GMT" parameter is specified, times are taken to be in GMT, otherwise the local timezone is used.
Examples:
weekdayRange("MON", "FRI")
true Monday trhough Friday (local timezone).
weekdayRange("MON", "FRI", "GMT")
same as above, but GMT timezone.
weekdayRange("SAT")
true on Saturdays local time.
weekdayRange("SAT", "GMT")
true on Saturdays GMT time.
weekdayRange("FRI", "MON")
true Friday through Monday (note, order does matter!).
dateRange(day)
dateRange(day1, day2)
dateRange(mon)
dateRange(month1, month2)
dateRange(year)
dateRange(year1, year2)
dateRange(day1, month1, day2, month2)
dateRange(month1, year1, month2, year2)
dateRange(day1, month1, year1, day2, month2, year2)
dateRange(day1, month1, year1, day2, month2, year2, gmt)
day
is the day of month between 1 and 31 (as an integer).
month
is one of the month strings:
JAN FEB MAR APR MAY JUN JUL AUG SEP OCT NOV DEC
year
is the full year number, for example 1995 (but not 95). Integer.
gmt
is either the string "GMT", which makes time comparison occur in GMT timezone; if left unspecified, times are taken to be in the local timezone.
Even though the above examples don’t show, the "GMT" parameter can be specified in any of the 9 different call profiles, always as the last parameter.
If only a single value is specified (from each category: day, month, year), the function returns a true value only on days that match that specification. If both values are specified, the result is true between those times, including bounds.
Examples:
dateRange(1)
true on the first day of each month, local timezone.
dateRange(1, "GMT")
true on the first day of each month, GMT timezone.
dateRange(1, 15)
true on the first half of each month.
dateRange(24, "DEC")
true on 24th of December each year.
dateRange(24, "DEC", 1995)
true on 24th of December, 1995.
dateRange("JAN", "MAR")
true on the first quarter of the year.
dateRange(1, "JUN", 15, "AUG")
true from June 1st until August 15th, each year (including June 1st and August 15th).
dateRange(1, "JUN", 15, 1995, "AUG", 1995)
true from June 1st, 1995, until August 15th, same year.
dateRange("OCT", 1995, "MAR", 1996)
true from October 1995 until March 1996 (including the entire month of October 1995 and March 1996).
dateRange(1995)
true during the entire year 1995.
dateRange(1995, 1997)
true from beginning of year 1995 until the end of year 1997.
<hr size=4 width="100%" align=center>
timeRange(hour)
timeRange(hour1, hour2)
timeRange(hour1, min1, hour2, min2)
timeRange(hour1, min1, sec1, hour2, min2, sec2)
timeRange(hour1, min1, sec1, hour2, min2, sec2, gmt)
hour
is the hour from 0 to 23. (0 is midnight, 23 is 11 pm.)
min
minutes from 0 to 59.
sec
seconds from 0 to 59.
gmt
either the string "GMT" for GMT timezone, or not specified, for local timezone. Again, even though the above list doesn’t show it, this parameter may be present in each of the different parameter profiles, always as the last parameter.
True during (or between) the specified time(s).
Examples:
timerange(12)
true from noon to 1pm.
timerange(12, 13)
same as above.
timerange(12, "GMT")
true from noon to 1pm, in GMT timezone.
timerange(9, 17)
true from 9am to 5pm.
timerange(8, 30, 17, 00)
true from 8:30am to 5:00pm.
timerange(0, 0, 0, 0, 0, 30)
true between midnight and 30 seconds past midnight.
Example #1: Use proxy for everything except local hosts
This would work in Netscape’s environment. All hosts which aren’t fully qualified, or the ones that are in local domain, will be connected to directly. Everything else will go through w3proxy:8080. If the proxy goes down, connections become automatically direct.
function FindProxyForURL(url, host)
{
if (isPlainHostName(host) ||
dnsDomainIs(host, ".netscape.com"))
return "DIRECT";
else
return "PROXY w3proxy.netscape.com:8080; DIRECT";
}
Note: This is the simplest and most efficient autoconfig file for cases where there’s only one proxy.
Example #1b: As above, but use proxy for local servers which are outside the firewall
If there are hosts (such as the main Web server) that belong to the local domain but are outside the firewall, and are only reachable through the proxy server, those exceptions can be handled using the localHostOrDomainIs() function:
function FindProxyForURL(url, host)
{
if ((isPlainHostName(host) ||
dnsDomainIs(host, ".netscape.com")) &&
!localHostOrDomainIs(host, "www.netscape.com") &&
!localHostOrDoaminIs(host, "merchant.netscape.com"))
return "DIRECT";
else
return "PROXY w3proxy.netscape.com:8080; DIRECT";
}
The above will use the proxy for everything else except local hosts in the netscape.com domain, with the further exception that hosts www.netscape.com and merchant.netscape.com will go through the proxy.
Note the order of the above exceptions for efficiency: localHostOrDomainIs() functions only get executed for URLs that are in local domain, not for every URL. Be careful to note the parentheses around the or expression before the and expression to achieve the abovementioned efficient behaviour.
Example #2: Use proxy only if cannot resolve host
This example would work in an environment where internal DNS is set up so that it can only resolve internal host names, and the goal is to use a proxy only for hosts which aren’t resolvable:
function FindProxyForURL(url, host)
{
if (isResolvable(host))
return "DIRECT";
else
return "PROXY proxy.mydomain.com:8080";
}
The above requires consulting the DNS every time; it can be grouped smartly with other rules so that DNS is consulted only if other rules do not yield a result:
function FindProxyForURL(url, host)
{
if (isPlainHostName(host) ||
dnsDomainIs(host, ".mydomain.com") ||
isResolvable(host))
return "DIRECT";
else
return "PROXY proxy.mydomain.com:8080";
}
Example #3: Subnet based decisions
In this example all the hosts in a given subnet are connected to directly, others through the proxy.
function FindProxyForURL(url, host)
{
if (isInNet(host, "198.95.0.0", "255.255.0.0"))
return "DIRECT";
else
return "PROXY proxy.mydomain.com:8080";
}
Again, use of DNS in the above can be minimized by adding redundant rules in the beginning:
function FindProxyForURL(url, host)
{
if (isPlainHostName(host) ||
dnsDomainIs(host, ".mydomain.com") ||
isInNet(host, "198.95.0.0", "255.255.0.0"))
return "DIRECT";
else
return "PROXY proxy.mydomain.com:8080";
}
Example #4: Load balancing/routing based on URL patterns
This example is more sophisticated. There are four (4) proxy servers; one of them is a hot stand-by for all of the other ones, so if any of the remaining three goes down, the fourth one will take over.
Furthermore, the three remaining proxy servers share the load based on URL patterns, which makes their caching more effective (there is only one copy of any document on the three servers — as opposed to one copy on each of them). The load is distributed like this:
Proxy
Purpose
#1
.com domain
#2
.edu domain
#3
all other domains
#4
hot stand-by
All local accesses are desired to be direct. All proxy servers run on the port 8080 (they wouldn’t need to). Note how strings can be concatenated by the + operator in JavaScript.
function FindProxyForURL(url, host)
{
if (isPlainHostName(host) || dnsDomainIs(host, ".mydomain.com"))
return "DIRECT";
else if (shExpMatch(host, "*.com"))
return "PROXY proxy1.mydomain.com:8080; " +
"PROXY proxy4.mydomain.com:8080";
else if (shExpMatch(host, "*.edu"))
return "PROXY proxy2.mydomain.com:8080; " +
"PROXY proxy4.mydomain.com:8080";
else
return "PROXY proxy3.mydomain.com:8080; " +
"PROXY proxy4.mydomain.com:8080";
}
Example #5: Setting a proxy for a specific protocol
Most of the standard JavaScript functionality is available for use in the FindProxyForURL() function. As an example, to set different proxies based on the protocol, the substring() function can be used:
function FindProxyForURL(url, host)
{
if (url.substring(0, 5) == "http:") {
return "PROXY http-proxy.mydomain.com:8080";
}
else if (url.substring(0, 4) == "ftp:") {
return "PROXY ftp-proxy.mydomain.com:8080";
}
else if (url.substring(0, 7) == "gopher:") {
return "PROXY gopher-proxy.mydomain.com:8080";
}
else if (url.substring(0, 6) == "https:" ||
url.substring(0, 6) == "snews:") {
return "PROXY security-proxy.mydomain.com:8080";
}
else {
return "DIRECT";
}
}
Note: The same can be accomplished using the shExpMatch() function described earlier; for example:
...
if (shExpMatch(url, "http:*")) {
return "PROXY http-proxy.mydomain.com:8080;
}
...
Tips
- The autoconfig file can be output by a CGI script. This is useful e.g. when making the autoconfig file act differently based on the client IP address (the REMOTE_ADDR environment variable in CGI).
- Use of isInNet(), isResolvable() and dnsResolve() functions should be carefully considered, as they require DNS server to be consulted (whereas all other autoconfig related functions are mere string matching functions). If a proxy is used, the proxy will perform its own DNS lookup which would double the impact on the DNS server. Most of the time these functions are not necessary to achieve the desired result.
March 1996
Additional Useful Resources:
The Practical Proxy PAC File guide
http://www.returnproxy.com/proxypac/
PAC File forum
http://www.returnproxy.com/forums/
http://www.findproxyforurl.com/
Extensions to the Navigator Proxy Auto-Config File Format specification to support IPv6 v0.9
http://blogs.msdn.com/wndp/articles/IPV6_PAC_Extensions_v0_9.aspx
Here I will show you how to hide Favorites btn from IE 8. This solution should work with all IE versions (Internet Explore 6, Internet Explorer 7, Internet Explore 8).
Here is how you can disable Internet Explore FAVORITES Button. I know that
The Registry key:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars]
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions]
“NoCommandBar”=dword:00000001
Custom ADM
How to load the Custom ADM Template?
- To start Group Policy, click Start and then click Run. In the Open box, type GPedit.msc or GPMC.msc if from a Domain policy and then click OK.
- Select Administrative Templates from the Computer Configuration branch.
- Right-click the Administrative Templates branch, and then select All Tasks.
- Select Add/Remove Templates.
- Click Add.
- Load the ADM templates.
Here is how you disable the Group policy filer, so you can see the new Policy Template:
- Right click on the Policy and select View > detail > Filtering
- Remove the check mark from the check box next to “Only show policy settings that can be fully managed”
- You should see the template now.
Copy and paste from line below!;
———————- Start————————
;This policy will help you hide the Favorite Button from IE Toolbar
;The value is a Dword NoCommandBar set to 1= Enable and 0=Disable
CLASS USER
CATEGORY “Custom Favorite Toolbars”
POLICY “Remove_IE_Favorite_Button”
Explain “This Policy will allow you to remove the Favorite Btn from IE Toolbar”
KEYNAME “Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions”
VALUENAME “NoCommandBar”
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
[strings]
RemoveFavoritesBTN=”Removes Favorites Button from IE Toolbar”
RemoveFavoritesBTN=”Now you can hide Favorites… Nice”
;———————- END ————————
I hope this helps you achive your restrictions needs!
Pink
Folks we at IE8Blog love cool things. An example of an interesting software solution is a Firefox add-on called IE Tab. IE Tab allows you to load an instance of Internet Explorer in a tab within Firefox. Great for evaluating rending and javascript quickly with in the same application. (https://addons.mozilla.org/en-US/firefox/addon/1419).
We have great passion for Microsoft Internet Explorer 8 and the compatibility improvements and the high level of security that has been put into the product over the years. By far Internet Explorer 8 is the most secure browser out there. Several reports have been done on the safety that IE8 brings to the table not only for the consumer at home but for corporate world.
There are always concerns about the security of the browser when installing add-ons, Flash has seen its fair share of vulnerabilities over the years and so have many other popular ActiveX controls. As always we caution you about add-ons that directly alter the core browser technology. Just like any software Google Chrome had and has its fair share of vulnerabilities as well.
Browser Security – Phishing Test Report – http://nsslabs.com/browser-security-phishing-3q2009
Browser Security – Socially Engineered Malware Test Report – http://nsslabs.com/browser-security-malware-3q2009
Okay enough about talking up the security of IE8, yes we like Internet Explorer.
Google has figured out how to create a direct plug-in to Internet Explorer that can change the rendering engine, jscript engine, and to some degree the network stack to Google Chrome. Despite what happens after the fact one does need to admit that swapping out core features of IE is rather cool from a pure technology point of view.
One should give credit to both companies, Microsoft for their IE API’s and Google for their creative us of the IE API set.
From the write up this is being driven by the need for a high end experience with Google Wave (we know nothing about Google Wave yet – http://wave.google.com/)
http://code.google.com/chrome/chromeframe/ <- Get Google Chrome
http://code.google.com/chrome/chromeframe/developers_guide.html <- Not just for developers
From reviewing the developers guide there meta header http-equiv is used to trigger the use of the Chrome engine..
<meta http-equiv="X-UA-Compatible" content="chrome=1">
For those up on Internet Explorer 8.0 know that the X-UA-Compatible is used to switch the rendering mode of IE as well. See META Tags and Locking in Future Compatibility at http://msdn.microsoft.com/en-us/library/cc817574.aspx
Some other writes up on Google Chrome
http://blog.chromium.org/2009/09/introducing-google-chrome-frame.html
http://blogs.zdnet.com/hardware/?p=5537
http://www.neowin.net/news/main/09/09/22/google-brings-chrome-rendering-engine-to-ie6-7-and-8
UPDATES from our readers and our own limited testing:
Some of our readers have already started to report back on Chrome Frame results.
1. cf:http://acid3.acidtests.org/ will put IE in Chrome Frame Mode, note the cf: which we guess you would call a protocol handler. Running the same page without cf: you can see the obvious rendering differences.
2. If you have the full Chrome browser installed and open a new window folks are reporting that Chrome Frame is opening the new window in the Chrome Browser.
3. The status bar in IE is reporting UNKNOWN zone, we feel this would be expected but is important as it does appear Zone technology is not available in when in Chrome Frame mode. Further testing on this is required to validate.
4. You can not PRINT or PRINT PREVIEW when in Chrome Frame mode. Not sure if window.print will fire or not. We expect future version of CF to have at least basic printing functionality.
5. We did test Firefox with the IE Tab add-on and could not get Chrome Frame to initialize when the Firefox was switched to IE Mode.
6. Some users reported problems with submitting form data when under the Chrome Frame interface.
7. So far no one is reporting hangs, freezes, or crashes under the Chrome Frame interface.
8. SSL thus far from our limited testing is working as expected. Of course it is yet to be seen what the results are with Client Certificate situations. There is a Network Layer options via Chrome Frame but we have not figured out how to test if the Chrome Network layer is being utilized or not.
9. We just noticed that when you right click on a page you will see the Chrome Frame menu versus the Internet Explorer context menu. Check out the View Source feature. We are not 100% sure yet if the Chrome Development tools are picked up as a result of having Chrome (the browser installed on the same system). Further review required.
10. Uninstall of Chrome Frame problems. Funny title on the blog post.
Uninstall is not resetting various classes (HKEY_CURRENT_USER\Software\Classes) from ChromeHTML back to htmlfile impacting the default browser.
We clean our own table when eating at McDonald’s
Unconfirmed by IE8BLOG.COM
Google Chrome Frame
Ok this post will be a little more Internet Explorer 7 focused but I thought it would be valuable to share.
So many times when I am attempting to print content off a webpage I find that the "Shrink To Fit” feature leaves a bit to be desired. I am starting out by opening http://msdn.microsoft.com as I would expect this page to render perfectly in IE and indeed it does.
Now by simply clicking on File – Print – Preview we will see a new rendering of the page which appears to look very different than the page I was just looking at. At first glance you might think hey all the content is there and it doesn’t look that bad.
But it’s when you compare this page to the same page in Firefox you see the difference.
Firefox actually even rendered the Ads and the layout looks more like the original page than the IE 7 rendering. The problem isn’t Shrink To Fit but more about how Internet Explorer is designed to print preview.
So what are your options? At this point I am not sure but I am posting this out there to see if anyone has found a good add-in that will scale the page down and still look nice. Post away on the comments.
In the following blog post by the Internet Explorer support team they explain the mandatory integrity level new to Internet Explorer 8.0. What is not covered in the article is the fact that utilizing TabProcGrowth and setting the value to 0 also disables Protected Mode.
- TabProcGrowth=0 : tabs and frames run within the same process; frames are not unified across MIC levels.
(Should also say disables Protected Mode for all Internet Explorer (IE) Security Zones)
- TabProcGrowth =1: all tabs for a given frame process run in a single tab process for a given
(Should always be tried so that Protected Mode is Enabled to validate if the situation is Protected Mode or LCIE Loosely Coupled IE)
Opening a New Tab may launch a New Process with Internet Explorer 8.0
Word to the wise be careful when setting the TabProcGowth registry value as you will leave the Internet Security Zone with Protected Mode Disabled.
- Location: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
- Name: TabProcGrowth
- Type: REG_DWORD
- Values: 0-16
It is a common troubleshooting step in the IT space for Internet Explorer 7 Freezes, Hangs, and Crashes to test the site with Protected Mode off to determine if a particular web page only fails under a Protected Mode Zone. Of course you would not attempt this with a site that you do not fully trust or suspect the content might be dangerous. The same holds true with Internet Explorer 8 on Windows Vista, Windows 2008 Server, Windows 7, and Windows 2008 R2 but you have the added security measure of LCIE (Loosely Coupled IE).
A worthy note about the Protected Mode Zones feature that the defaults have changed with respect to which zones have Protected Mode enabled by default.
IE7: Enabled – Internet, Intranet, and Restricted
IE8: Enabled – Internet and Restricted
Note: For Protected Mode to be enable you must also have the operating systems UAC feature enabled. UAC was introduced in Windows Vista and Windows 2008 Server and carried forward in Windows 7 and Windows 2008 R2.
AC: User Account Control http://msdn.microsoft.com/en-us/library/bb756996.aspx
Sidebar for Windows XP. Despite Windows XP does not support User Account Control you will see that multiple instances of the iexplore.exe process via Task Manager are created when you open a new TAB or possible a new window. So for those on still on the Windows XP TabProcGrowth still applies. So what is the big deal. XP users can run into possible authentication or cookie issues so you are not completely off the hook.
Cheers
The WinINet API was added to Windows in Windows NT4 and Windows 95. This API set is located in Wininet.dll and is used by WinINET-aware applications such as Internet Explorer, Media Player, and Instant Messenger. The WinINET API itself enables applications to interact with the Gopher, FTP and HTTP protocols. WinINet abstracts these protocols to provide application developers with an interface that resembles standard file IO. Something important to note here is that WinINet is not intended to be used by a server application or Windows service. This is due to the user interaction that is often required by applications that leverage WinINet – such as User Dialogs etc. When writing serviced-based applications, winHTTP.dll should be used instead. This DLL is based on the WinINET API set, but has been modified so that user response (dialogs, etc) has been removed.
So how does WinINet work? WinINet leverages the underlying sockets interface and emulator to access the network as shown in this diagram. It builds its services on top of this infrastructure. WinINet also interfaces with other OS components to provide services such as security and manipulation of the TCP/IP Stack configuration. In addition, upper layer protocol implementations such as UPnP also leverage WinINet. WinINET talks directly to Winsock when making it’s request. In its most basic form Internet Explorer is a Winsock application.
When dealing with WinINet issues, there are two important DLL’s to consider, wininet.dll and urlmon.dll. Let’s take a look at each of these. The diagram below shows the relationship of these components:
WININET.DLL: This DLL exposes the Windows Internet API. It provides the interface between applications using WinINet and Windows Sockets. Applications that use this API check to see whether an Internet connection exists, and establish a connection if necessary. To accomplish this, WinINet leverages the Remote Access API (RASAPI). Once a connection is verified, the application can open a handle to the remote resource, request a connection for a specific protocol and open sessions on that handle for HTTP, FTP or Gopher communications. WinINet provides capabilities such as:
- Caching, History, Cookie Management
- Authentication – Basic, NTLM, Kerberos
- Connections – Both secure (schannel) and non-secure
- Dial-up, Direct, Proxy
- Protocol and HTTP header management
It is during this process that any proxy settings are verified and handled, the username is retrieved (if required) and a connection is made with the server through sockets for any FTP requests. A connection to the server is not created for HTTP requests until the request is actually sent. If necessary, WinINet communicates with Crypto components such as SCHANNEL.DLL. WinINet.Dll provides support for many things, including cookies, history, header interpretation and processing (for example web page redirection and keep-alives), authentication and encryption. WinINet.Dll leverages another DLL, URLMON.DLL for various activities dealing with URL’s.
URLMON.DLL: This DLL is the URL Moniker support library for WinINet. A moniker is just a nickname that is used to make an object more familiar and recognizable. The following functions are handled by URLMON.DLL:
- URL Parsing – breaking down URLs into the protocol used (HTTP, HTTPS, FTP, File, Gopher), address, and target.
- GZIP compression/decompression – provides support for GZIP HTTP compression to deflate and inflate data. IE6 and IE7 handle this slightly differently. In IE7 this functionality is handled by WinINet.
- Security and Zone Management – Identifies security zones, zone crossings, permissions, etc.
- Asynchronous Pluggable Protocol Filter/Handler – correlates appropriate the protocol to the registered handler (HTTP, HTTPS, MAILTO, FILE, etc.).
- Code Download Management, Install On Demand, and Just-In-Time.
- Forms requests from the URL – creates the outbound data package and hands it off to WININET for transfer.
- MIME (Multipurpose Internet Mail Extension) type management – examines the MIME type for data returned in an HTTP response and correlates that type with a specific handler. For example, URLMON would open a Microsoft Word document (MIME type .doc) with Microsoft Word. If the MIME type is not clear from the response, URLMON is capable of examining the binary data to determine the appropriate MIME type. MIME is described more thoroughly in RFC1521.
Credits: https://blogs.msdn.com/askie/archive/2007/08/21/under-the-hood-wininet.aspx
In this article, you will learn how Proxy Auto-Disover configuration files , wpad.dat files, provide central administration for proxy connections to the Internet and how the algorithm sequence work.
When using Automatically Detect setting setting in IE will search a proxy auto-configuration file in the predefined detection methods:
NOTE: Only applies when ‘Automatically detect settings’ in Internet Options > connections > Lan Connections is the only option checked. Other options for configuring IE connection settings include Automatic Configuration Scripts and manually specifying a proxy server.
- DHCP (252 option)
- DNS A record query/queries
- NetBios
If DHCP is configured to provide the WPAD location, IE stops the detection and will make a GET request for the wpad.dat file and no further searching is done. This is true even if the DHCP 252 option is incorrect and a correct entry is configured as a DNS record.
If DHCP 252 is not configured, IE will continue until it either exhausts the search or gets a response:
- BootP request to DHCP for the 252 option containing the path to the wpad.dat file if DHCP 252 is not configured
- DNS A query for “wpad.” ex. wpad.domainname.com if the DNS query fails
- A Netbios query for a machine named WPAD occurs If Netbios fails
- A direct connection is attempted
If this attempt fails, the user is presented with the Cannot display the webpage or similar message.
The wpad.dat detection (steps 1 thru 3) occur when “Detecting proxy settings…” is displayed in the status bar in the lower left corner of the Internet Explorer window.
Example of a detection order:
- If a domain suffix is west.corp.contoso.com
IE will perform the following queries:
- wpad.west.corp.contoso.com
- wpad.corp.contoso.com
- wpad.contoso.com
NOTE: If a domain suffix search order has been specified, the first domain in the list will be used instead.
We have demostrated that there is potential overhead associated with the detection method and if you don’t ahve a WPAD solution, there is not readon to have this option enabled. Disabling this option can reduce network traffic as well as initial page laod times for Internet Explore. When we disable this option, IE will attempt to connect immediately.