Application Compatibility
Getting Apps to work...
Monday 12 October 2009, 11:18 AM
IE8: Another Application Compatibility Platform
Getting applications to work on Vista or Windows Server 2008 is not the only compatibility issue that you may encounter. One additional "platform" that you may not have considered is the security and application compatibility restrictions that have introduced as part of the update Microsoft's Internet Explorer - IE8.
These ideas got me thinking about the IE8 compatibility question(s). More specifically,
1) Have new security restrictions been introduced?
2) What features and functionality are no longer available?
3) Are there recent Microsoft updates or patches that may cause an issue with IE8?
4) Are there any new compatibility issues that are specifically relevant to Windows 7 and Server 2008?
It does not take long to work through the IE 8 release notes, the accumulated IE8 support documentation and with a little help from friends who have deployed IE8 to highlight some of the potential security and compatibility issues including;
Deprecated API's
Does you application reference any API's or functionality from these groups?
• DirectAnimation
• Channel Definition Format (CDF)
• Gopher Protocol
Deprecated Features
Does your application rely on any of the following functionality?
• XBM Image format
• Telnet Protocol
• Gopher Protocol
• SSL Version 1.x
• Scriptlet MIME Types
IE8 Signed Controls
Internet Explorer 7 allows for ActiveX controls to be signed and therefore allow for greater privileges and access to local machine file system. Some intranet environments may require that all controls are now signed. To deploy to these environments, you need to ensure all of your ActiveX controls that rely on the IE engine are signed.
IE8 Safe for Scripting Controls
Managing ActiveX controls in an secure enterprise environment is a difficult balancing act. IE8 allows for an additional level of security with the CATID_SafeForScripting and the CATID_SafeForInitializing component category registry settings. These settings allow your IE8 applications to fully use the ActiveX scripting model
IE8 ActiveX Pre-Approved CLSID
Due to the increased security restrictions available in IE8, ActiveX objects (DLL's) may not install correctly due to lack of sufficient permissions. Adding the unique identifier of an ActiveX control to the pre-approved list of ActiveX controls will allow the application component to install successfully. As recommend in Microsoft's (ActiveX Security: Improvements and Best Practices - see references) you should not employ this option if;
- Your ActiveX control was not designed to use pages served from the Internet (as opposed to your intranet)
- Your ActiveX control is downloaded to the target machine
- Your control is solely intranet based (you should use Active Directory Group Policy objects instead)
References:
Microsoft IE8 Release Notes
http://msdn.microsoft.com/en-us/ie/aa740486.aspx
Security and Compatibility in Internet Explorer 7
http://msdn.microsoft.com/en-us/library/ms649488.aspx
Finding Security Compatibility Issues in Internet Explore
http://msdn.microsoft.com/en-us/library/bb250493.aspx
ActiveX Security: Improvements and Best Practices
http://msdn.microsoft.com/en-us/library/bb250471.aspx
These ideas got me thinking about the IE8 compatibility question(s). More specifically,
1) Have new security restrictions been introduced?
2) What features and functionality are no longer available?
3) Are there recent Microsoft updates or patches that may cause an issue with IE8?
4) Are there any new compatibility issues that are specifically relevant to Windows 7 and Server 2008?
It does not take long to work through the IE 8 release notes, the accumulated IE8 support documentation and with a little help from friends who have deployed IE8 to highlight some of the potential security and compatibility issues including;
Deprecated API's
Does you application reference any API's or functionality from these groups?
• DirectAnimation
• Channel Definition Format (CDF)
• Gopher Protocol
Deprecated Features
Does your application rely on any of the following functionality?
• XBM Image format
• Telnet Protocol
• Gopher Protocol
• SSL Version 1.x
• Scriptlet MIME Types
IE8 Signed Controls
Internet Explorer 7 allows for ActiveX controls to be signed and therefore allow for greater privileges and access to local machine file system. Some intranet environments may require that all controls are now signed. To deploy to these environments, you need to ensure all of your ActiveX controls that rely on the IE engine are signed.
IE8 Safe for Scripting Controls
Managing ActiveX controls in an secure enterprise environment is a difficult balancing act. IE8 allows for an additional level of security with the CATID_SafeForScripting and the CATID_SafeForInitializing component category registry settings. These settings allow your IE8 applications to fully use the ActiveX scripting model
IE8 ActiveX Pre-Approved CLSID
Due to the increased security restrictions available in IE8, ActiveX objects (DLL's) may not install correctly due to lack of sufficient permissions. Adding the unique identifier of an ActiveX control to the pre-approved list of ActiveX controls will allow the application component to install successfully. As recommend in Microsoft's (ActiveX Security: Improvements and Best Practices - see references) you should not employ this option if;
- Your ActiveX control was not designed to use pages served from the Internet (as opposed to your intranet)
- Your ActiveX control is downloaded to the target machine
- Your control is solely intranet based (you should use Active Directory Group Policy objects instead)
References:
Microsoft IE8 Release Notes
http://msdn.microsoft.com/en-us/ie/aa740486.aspx
Security and Compatibility in Internet Explorer 7
http://msdn.microsoft.com/en-us/library/ms649488.aspx
Finding Security Compatibility Issues in Internet Explore
http://msdn.microsoft.com/en-us/library/bb250493.aspx
ActiveX Security: Improvements and Best Practices
http://msdn.microsoft.com/en-us/library/bb250471.aspx
Previous
