Insert this in the registry and all user/passwords is remembered again:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000

@geircito

A quote from the article:

"An example of the security danger is that in a cross-frame or hidden-frame scenario, script in pages from visited Web sites can easily access the URL, parse it, and determine the username and password for other sites."

This Microsoft spokesperson just admitted that IE doesn't follow the same origin policy.

http://www.mozilla.org/p...onents/same-origin.html

Request for comments....

Why do people still use this browser?

There are so many well published security issues associated with it. Microsoft is fairly slow with patches. Etc. etc.

Why are you still using it?

because it's the best browser available. I refuse to settle for a lesser browser such as Mozilla (or it's offspring Firebird) or Opera. Sure, I have Firebird installed so that I can be sure my site is compatible with that browser, but that's all I use it for.

Speed, price, and lack of bloat.

So....how is it the best browser?

a) speed

That's the only thing I can think of.

MyIE2 is a very substantial replacement for the IE browser, in that it uses the basic IE structure to operate from, thus retaining the speed we all like from it. MyIE2 goes way beyond just being another *skin* for IE, however. Too many features to mention, but it is an EXCELLENT replacement for those who are ready for a change to the better! Just my $.02 worth.. :-)

Oh, be quiet. "Responsible" users don't suffer when security holes are found in IE. Plus, security is an inherent problem with ALL of today's software. At least Microsoft is vocal about finding and fixing its sofware's problems.

--Francis

Wow. I'd sure like to live in your world.

SPEED
- I might give you startup time, but not page display speed.

PRICE
- Mozilla, Netscape, and Firebird are all free.

LACK OF BLOAT
- You've got me there. Mozilla has all of those annoying "features" like popup and banner ad blocking.

----- Let's add a few more. -----

SECURITY. IE has none. That fact is proven time and time again.

CROSS PLATFORM. Wouldn't it be nice to create sites that look and act the same on all platforms?

STANDARDS COMPLIANCE. IE used to be compliant. Now it isn't.

So back to the original question. Why do people still use this browser?

My 2 cents worth....I have to use this browser because so many of the web sites I visit, are only "IE" friendly.
To make my life better I found that Avant's browser is awsome!! and uses IE's engine anyways.

Funny you say that; I live on earth, and in the US. What I have said still stands.

"SPEED
- I might give you startup time, but not page display speed."

Unforunately this is an all-too-common misconception. Try loading a larger HTML file like the documentation for PHP (7 MB). Internet Explorer loads the page at very least 10 times faster than Mozilla, and uses half the memory while doing it.

When one browser renders pages 10 faster than another, it's a pretty easy decision for me...

I use IE most of the time now, but Mozilla Firebird also some.

Mozilla/Firebird will never become popular until it starts working with EVERYTHING like IE does. Many times I have visited a webpage with Mozilla/Firebird, only to have plugins not work at all. Then clicking on the link to install a plugin also not working.

Mozilla/Firebird needs to come with ALL the plugins included in the setup files. Even if it requires seperate installs for each program, at least you would have everything you needed.

Now we're getting somewhere!

I don't see a difference when browsing the docs under
http://www.php.net/manual/en/
but I haven't tried every page.

Will you provide a specific link, please?

I like that idea.

Have you submitted it to the Mozilla project?
http://bugzilla.mozilla.org/

"At least Microsoft is vocal about finding and fixing its sofware's problems."

"Microsoft refrained from issuing its own advisory in December because of a new security disclosure policy, which aims to keep word of potential flaws from becoming public until Redmond has had a chance to investigate and produce a fix if necessary. Instead, Secunia made it findings public, much to the chagrin of Microsoft. "

Doesn't sound too vocal to me.

Looks like although you live on earth you don't read english too well (or choose not to read what you don't want to perhaps).

I second that! This would be great, i always had problems trying to install some plugins and java with firebird, actually it never worked :(
But firebird 0.8 is really fast!

I've tried Avant myself, and it was alright. But, if you are just concerned with still using IE's engine, then I still say MyIE2 is the way to go. Many more features, and uses the IE's engine by default. One can even change the default IE engine to the Gecko engine, if you like. Check it out, you may be pleasantly surprised... :-)

I don't know why many people expect a freeware program to be lacking in features... but many do!

I find Mozilla slow. I use Opera 7.x. Try doing a page loading test with phb in Opera.

First of all - there are many security issues for the other browsers as well. There is not one browser who is secure in itself - and it cannot be.
Next - I have tried out every existing (or once having existed) browser besides MSIE for the last 8 years - on several OS, including MS-DOS, WIN3.11 and LINUX. I have always found something that didn't work as well as with MSIE.
Next - so what am I doing?
I'm using MSIE again and again and re-again . . .

http://www.php.net/get/p...n.html.gz/from/a/mirror

Download and decompress that. Then in the latest versions of IE and Mozilla, open the file and time how long it takes for the "wait" cursor to change back into a normal arrow (indicating that the page is completely loaded).

I installed Mozilla 1.6 and repeated this test on machine, and while Mozilla does appear to be faster than when I last checked, Internet Explorer still holds a decided edge: On my Athlon 2100, IE loads the page in 4 seconds compared to 20 seconds in Mozilla.

You're right. I get similar results.

Is Mozilla slower on normal web sites / pages?

http://www.microsoft.com/
http://www.netscape.com/
http://slashdot.org/
http://www.betanews.com/

"Why do people still use this browser?"

This is not a browser vulnerability. Once the syntax is removed, IE will be the ONLY modern browser I know of which no longer supports these "spoofed" URLs. So why use this topic to attack IE? Unless you WANT them to keep the syntax and assume the world agrees... I use the syntax every day for logging into my FTP and I hope they only do this to HTTP and HTTPS login syntax. Even then, it'll break a leeching program I made for a public site with a tedious download system... Despite my reliance on the syntax which I'm sure you nearly never knowingly use, I myself welcome the changes. I received a spoofed eBay message August 8th, 2003 saying that my card on file was invalid. I had replaced my Visa check card since my last sale and I hadn't sold anything on eBay until recently. I HAD seen the exact same email when I had last replaced my check card. Despite all this, I still had suspicion. I looked at the url in my OutlookXP status bar and saw https://www.ebay.com:ac%...DTYAZJWVWAAAA9pYWwgc2l6... The complete URL was chopped off by using extended logon credentials. I noticed the colon and viewed the message source to obtain the full URL: https://www.ebay.com:ac%...ges/logo/bay/index.html

Confirmed. I knew it was another phishing scam (I got traditional ones for eBay and PayPal sometimes more than three times daily). It wasn't even an entirely effective one because the colon, following characters and "https" sorta tips off more users than http://www.ebay.com @gogle.com/ would (Spoofed ebay.com, really goes to www.google.com, no password, padded with pseudo-space "ALT+0160" characters, displays simply "http://www.ebay.com" in the status bar with a maximized IE browser at 1024x768). I just started using it this month for some forum pranks (Fake links to shock-sites like TubGirl and Goatse that actually resolved to Google searches for the term). Only then did I find out that it was widely publicized in December. Heck, if I knew I was the only one getting the eBay scam + URL spoof I would have been "publicizing" it all along! After all, it looks like MS screwed up by keeping this from the users because the scammers knew about it all along. The targetted sites being spoofed were actually INSTRUCTING their users to check the status and address bars for the domain, both of which could be spoofed. Many users didn't have a prayer :( I tested an anti-spam product which edited some of the email source data (ie, adding "***SPAM***" to the subject and why it was marked in the header), so I do not have the original unmodified source.

In short, if IE is the first to remove this syntax, and will be the only one which refuses to load the syntax how is that a reason to not use it? This is not a browser vulnerability... Especially when the URL's "spoofing" doesn't have to originate from the browser (ie, email client)...

Microsoft decided that the browser must be integrated with the operating system, so this "fix" changes the way that Windows itself operates.

How many 3rd party programs will this break?
How many automated scripts will stop working?

Why break the OS? Why not just secure the browser?

Why not give the end user the choice?

Hard to tell. All those pages load very quickly (~1 second) in both browsers.

Microsoft is clever with their code, let there be no doubt about it. I personally prefer Firebird, but I have noticed that IE can parse faster than just about anything (except w3m perhaps). This is not because Mozilla/Firebird is bloated, IE is fortunate enough to have a large amount of it's code already loaded in memory before it even runs. Because Microsoft built the OS, they can use and reuse libraries in every app they create. IE's speed is a direct result of the fact that it is basically built into the OS. The core code for IE is loading at boot. Mozilla simply can't compete with that, at least not in Window$. If Mozilla created "Mozilla OS", perhaps with a *nix core but designed with the web browser in mind, mozilla could top IE. Microsoft has proven that having a structured, focused software design model can produce quick, streamlined, integrated software. Of course, that method has its faults. I'm pretty happy with firebird in gnome on linux. After all, how often do I really load a 7.8Mb html file? Most html files firebird parses are probably in the 25-100kb range. What's a few milliseconds here and there? I'll gladly spare a few milliseconds to surround myself with unique work.

"I have noticed that IE can parse faster than just about anything (except w3m perhaps). This is not because Mozilla/Firebird is bloated, IE is fortunate enough to have a large amount of it's code already loaded in memory before it even runs."

Incorrect. "Code already loaded in memory" has _nothing_ to do with parsing speed. The "code already loaded in memory" merely makes IE start faster (and only by a few milliseconds at that).

I use IE because:
1. Can type paths into address bar and window becomes an explorer window.
2. 3rd party extensions (ieSpell, yrefresher, IEDocMon, Source Tree, IEBooster, iecrap, linked images)
3. make my own extensions.

And i forgot one more 3rd party extension.
Clarify

I really don't get all the noise about this change. When Microsoft does turn off the username and password option in the HTTP URL, they will be a step closer to the standard, at least as defined by RFC 1738 section 3.3. What other standard are they supposed to go by? The RFC document is very clear that usernames and passwords are not allowed in a HTTP URL, they are for FTP URLs and the like. Seems like Microsoft gets bashed either way.

I didn't say, "At least Microsoft immediately reveals its software's problems," I said, "At least Microsoft is vocal about finding and fixing its sofware's problems."

There's a difference, and MS has a legit reason for waiting. In my opinion, Microsoft does a much better job than many other software mfgs. at finding, fixing, and revealing (i.e. the vocal part) its software's problems.

The end user does have a choice, but I don't think you care about the truth, you only want to feel good because you can "prove" that you're better than Microsoft.

As for other browsers and security: http://www.mozilla.org/p...curity-bugs-policy.html - apparently Microsoft is not the one hiding security bugs.

You're right. I'm trying to prove that I'm better than Microsoft.

That doesn't even make sense. I'm asking a simple question. "Why do people still use this browser?"

Would you mind clarifying your answer? What choice is Microsoft giving the end user?

Q. Why do people still use this browser?
A. Because it is built-in with their OS.

Simple as that... there are many options out there, some of them really good ones, but it is a fact that most people don´t want, like, know, have the time, to look for alternatives as they can still view web pages.

Period.

Why you ask? Because it's there. Joe sixpack doesnt give a hoot about mozilla, opera, Firebird, or the IE 'Shells' like Avant or MyIE2.

All they care about is that they can click on an internet shortcut, or bring up google, or type a url in the address bar and head out over the internet. Joe doesnt care about rendering speed or standards. All he cares about is surfing. Thats all.

Maybe he's oblivious to the real threats out there, but what the hell, Microsoft will issue a fix for it eventually. So why switch?

My clients use IE for a few reasons:

a) it loads faster.
b) it's already there.

For convenience and easier accessibility, IE meets those demands. For anything else, they really don't care until it effects them directly.