Hi, I’m David, a Senior Architect here at Browsium. As you may have noticed in the UniBrows 1.2 release, we now include two different versions of the IE6 engine; the standard IE6 engine you’re used to seeing and a new IE6 Legacy engine. While both engines render pages as IE6, there are some subtle but important differences between the two that will determine which engine is most appropriate to use with your web app.
The standard UniBrows IE6 engine offers the most support for upgrading to the latest released version of Internet Explorer while keeping your IE6-dependent applications running. Whether you’re running the standard UniBrows IE6 engine inside IE8 or IE9, you can be confident that the page is rendering the same in both browsers. The UniBrows IE6 Legacy engine, on the other hand, can only run on a PC with IE8 installed.
You might wonder why you’d ever want to use the IE6 Legacy engine with this kind of restriction; and if your web applications are running just fine with the standard UniBrows IE6 engine, there really isn’t a reason to move to the IE6 Legacy engine. However, if you have any ActiveX controls that are throwing errors even when running inside the standard IE6 engine, the IE6 Legacy engine offers much better support for older plugins that can’t run in browsers after IE6 without crashing.
While we’d rather not force this kind of decision on customers, there are some technical limitations keeping us from providing the improved plugin support of the UniBrows IE6 Legacy engine on a PC running IE9 at this time. The changes between IE6 and IE9 are significant enough that several IE6 files are no longer directly compatible with certain system files that are upgraded as part of the IE9 install. However, by introducing a few files from IE8, we can mitigate these incompatibilities. IE6 is able to communicate with the IE8 libraries and the IE8 libraries work correctly with the new system files. We get the benefits of the IE6 rendering engine, but at the cost of reduced support for older ActiveX controls. These same IE8 files that allow us to run on a machine with IE9 cause errors when older ActiveX plugins try to access the features they expect to be present in an IE6 install.
The following table sums up the usage and tradeoffs of the two UniBrows IE6 engine versions:
|Engine||Use it when…||Limitations…|
|IE6||You need basic IE6 compatibility||May not support all ActiveX controls|
|IE6 Legacy||You need IE6 compatibility with some older ActiveX controls (like those found in Siebel)||Does not run in IE9|
If you need to use the IE6 Legacy engine for the improved ActiveX control support, we recommend keeping your Internet Explorer deployment strategy consistent and exclusively running IE8 until your legacy dependencies are resolved. We are actively looking into ways to offer the improved plugin support of the IE6 Legacy engine on PCs running IE9; we know you don’t want any one piece of software dictating your upgrade path. We stand behind our goal of putting the browser you need inside the browser you want.
Improved legacy application support is just one of the many new features in the 1.2 release of UniBrows. Keep an eye on our blog for details on more features and usage scenarios.
Cheryl Cink, for Browsium
REDMOND, WA — July 18, 2011 — Browsium Inc. today announced the release of UniBrows 1.2, the newest version of Browsium’s enterprise software solution that enables millions of valuable IE6-dependent line of business applications to run inside IE8 and IE9, paving the way for large-scale enterprise migration to Windows 7.
First released in March of this year, UniBrows is a lightweight Internet Explorer add-on that is easy and inexpensive to deploy, requiring no new infrastructure and no servers. UniBrows 1.2 builds on the extensive capabilities of earlier versions, now enabling popular legacy enterprise applications like Siebel CRM to run in IE8 on Windows XP or Windows 7, along with a host of new features that promise to improve IE8 and IE9 compatibility for a wide variety of custom and off-the-shelf IE6-dependent enterprise applications.
“The clock is ticking toward the end of Microsoft support for Windows XP, fueling exponential growth in interest in solutions to IE6-dependence in the enterprise,” said Matt Heller, founder and CEO of Browsium. “With each new UniBrows release we expand the supported applications and scenarios, enabling a new wave of organizations to extend the life of existing line of business web applications as they upgrade to Windows 7.”
New features in UniBrows 1.2 include:
UniBrows 1.2 Availability
UniBrows 1.2 is available now. Customers who are currently deploying or evaluating version 1.1 will receive an email with instructions to download version 1.2. New customers and channel partners are encouraged to visit the Browsium website at www.browsium.com to learn more about the product and download the free UniBrows 60-day Evaluation Kit.
About Browsium, Inc.
Founded in 2010, Browsium Inc. creates enterprise-ready software solutions, enabling organizations to extend the life of existing line of business web applications as they deploy new operating systems and browser platforms to their client PCs. Browsium’s first product, UniBrows, promises to revolutionize browser compatibility be allowing legacy IE6-dependent web applications to run on Windows 7 and IE8 on Windows XP without modifying a single line of code.
For more information on Browsium:
Today we released UniBrows 1.2 which builds on the capabilities of earlier versions, now enabling popular legacy enterprise applications such as Siebel CRM to run in IE8 on Windows XP or Windows 7, along with a host of new features to improve IE8 and IE9 compatibility for a wide variety of custom and off-the-shelf IE6-dependent enterprise applications. If you were already evaluating or deploying version 1.2, you should have an email from Browsium with a link to download 1.2. We recommend that every customer upgrade their test and production systems to 1.2 as soon as possible, so please contact us if you did not receive that email. If you’re new to UniBrows, fill out our 60-day evaluation kit request form and we’ll send you version 1.2 straight away.
The following table is designed to give you a picture of what’s new in UniBrows 1.2. We also plan to produce a series of technical blog posts to explain many of these features (and features of prior releases) in much more detail.
|Legacy IE6 Engine Settings (Siebel and Oracle JInitiator Support)||Enables Siebel, Oracle JInitiator, and other IE6-dependent legacy applications to run in IE8 on Windows XP or Windows 7. The Legacy IE6 Engine provides APIs and behaviors typically used by extremely old web applications and ActiveX controls.|
|Citrix XenApp Command Line Scripts||Allows an IT administrator to run a specified command line after the UniBrows Controller starts and all of the engines connect to the Controller. For example, the command line can be used to run a script or batch file that runs Internet Explorer within a custom application image when Citrix XenApp is used in conjunction with Windows Terminal Services.|
|Optimized Memory Usage||Frees up unused memory faster and more reliably, enhancing long-term performance on older computers and virtual machines.|
|Loading Page||Provides users with visual feedback of progress when accessing websites over slow connections. The Loading Page is shown between the initial webpage request and the display of that webpage,|
As always, we welcome your feedback on applications and scenarios you need supported in UniBrows so that you can successfully migrate your desktops from IE6 and IE7 to IE8, IE9, and beyond. Please also share ideas for future technical blog posts. You can share your ideas using by leaving a comment on this post or by emailing us.
Welcome to the first in a series of technical blog postings about some of the advanced features available to you through UniBrows. My name is Christopher Vaughan, and I’m the Director of Systems Engineering here at Browsium. The goal of this series of technical blog postings is to share some insight into the variety, purpose for and usage of some of the advanced options available to you through UniBrows.
Since our initial release of UniBrows 1.0 back in March of this year, we’ve been updating the product every few weeks to incorporate changes to help make our customers web-based applications work better. This often includes the introduction of new options to toggle on or off in a UniBrows Profile, allowing applications that need certain behaviors to take advantage of them, while not interfering with those that don’t.
Since our 1.0 release, we’ve offered an option in our Profiles to turn Windows’ DEP/NX security feature on or off per Profile. In order to go in depth as to why you might do this, it’s appropriate to start with the question: just what is DEP/NX?
What is DEP/NX?
At a high level, DEP and NX are hardware-level security improvements created out of the security crisis of the early 2000’s, the same crisis that produced Windows XP Service Pack 2 (I remember this time well; I worked at Microsoft during those years). Essentially, DEP & NX help prevent rogue/malicious/hacked software from running data in memory as an executable. It’s a standard hacker attack vector: load data into memory on the machine, and then trick Windows to ‘run’ the memory they’ve loaded instead of a real program. With DEP/NX, anything loaded into memory is marked as either an executable or data, and if an attempt is made to run memory marked as data, the DEP/NX functionality forces the app to crash – better to crash and close than to allow a rogue program access to your system! DEP/NX are enabled at the hardware level (although Windows makes an attempt to emulate DEP/NX in software if you’re running on old hardware that doesn’t support DEP/NX). Other modern operating systems like Linux and Mac OS also support DEP/NX.
DEP/NX support is a good thing: it helps limit hacker attack vectors and reduces the risk that the bad guys can get arbitrary software to run on your computer. DEP/NX is part of Microsoft’s broad defense-in-depth strategy to mitigate the threat of attack (alongside technologies such as ASLR, SafeSEH and Enhanced GS).
DEP and NX are useful tools in the fight for security, but there’s a problem: benign applications (or browser add-ons including toolbars and ActiveX controls) written before the introduction of DEP/NX (essentially, written prior to 2004) can inadvertently trip the security feature despite not having any malicious intent. In fact, DEP/NX was first included in Windows XP Service Pack 2 (released in 2004) and Internet Explorer 7 (released in 2006), but was disabled in IE primarily due to incompatibility with older add-ons. Here’s a quote from Microsoft:
Internet Explorer 7 had DEP/NX disabled by default because Microsoft had identified compatibility problems. Essentially, IE7 with DEP/NX enabled failed to play well with browser add-ons that were put together using an outdated variant of the ATL library. (link)
Compatibility or security?
In essence, old add-ons built with a common code library often caused the DEP/NX feature to close legitimate add-ons, which as a result crashed the browser! This left IT with the choice: compatibility or security, which as many of us know is no choice at all. IT could either enable DEP/NX for maximum security, or leave it disabled for maximum compatibility.
It is of course these older versions of web pages and add-ons that UniBrows is designed to help! Many of the appliations and add-ons we see our customers using were written and designed around 10 years ago, well prior to the introduction of DEP/NX.
What’s DEP/NX got to do with UniBrows?
Enter the UniBrows solution: we work with the Windows architecture and allow you to turn DEP/NX off only for the older web applications that don’t play well with this useful security feature. Turn DEP/NX off via the UniBrows Profile, and keep DEP/NX enabled for IE everywhere else! It’s the best of both worlds: maximum compatibility with the old apps you want to run, and maximum security with the open Internet.
For any Profile loaded with UniBrows, there’s a checkbox (circled in red below):
Simply tick this box for any Profile, and DEP/NX will be disabled for that Profile alone, which grants you maximum compatibility with your old applications and add-ons. Corporations running Windows XP SP3, Windows Vista or Windows 7 or later can all take advantage of this option (Windows XP SP2, while it supports DEP/NX in the OS, does not support 3rd party applications such as UniBrows enabling or disabling the functionality programmatically).
Checking this box does not affect add-ons running in your installed browser, meaning you can keep DEP/NX enabled for your users while they browse the Internet at large (keeping them more secure), but when UniBrows loads this custom Profile for your internal web application, DEP/NX is disabled for that site only.
The bottom line: you can keep your organization safer with DEP/NX and UniBrows working together
Remember, UniBrows Profiles are only loaded when your users visit the web sites you direct them to, meaning that your users won’t visit a web site with DEP/NX disabled unless you configure things that way.
Before UniBrows: DEP/NX disabled everywhere
With UniBrows: DEP/NX enabled everywhere except the sites you require it to be disabled for
Feature availability: UniBrows version 1.0.0 and later
Read more about DEP/NX
MSDN on DEP/NX: http://msdn.microsoft.com/en-us/library/dd565649(VS.85).aspx
The IE team blogs about DEP/NX crashes: http://blogs.msdn.com/b/ieinternals/archive/2009/10/10/understanding-data-execution-prevention-crashes-in-ie8.aspx
The IE team discusses DEP/NX in IE8: http://blogs.msdn.com/b/ie/archive/2008/04/08/ie8-security-part-i_3a00_-dep-nx-memory-protection.aspx