Beta 3 boasts improvements in reliability, compatibility, and the user interface. Only minor changes have been made to IE 7's look and feel, however; users can now add an e-mail button to the customizable toolbar and shuffle tabs by dragging them to the left or right.
Other modifications include enhancements to the Real Simple Syndication (RSS) support within IE 7, tweaks to improve Web site compatibility, and fixes to several rendering bugs. However, users won't see any performance improvements in Beta 3; speed won't be tuned until the browser reaches Release Candidate (RC) stage later this summer or in the fall.
And as for security, Beta 3 has no new features or tools, said Gary Schare, director of product management for IE. The only news of note is that the new version sports those security fixes from June 13's MS06-021 update which apply to IE 7. "A number of them relate to IE 7, but rather than release a separate patch, we rolled them into the beta," Schare said.
IE 7 Beta 3 runs on Windows XP SP2 and Windows Server 2003 SP1, but not the still-in-development Windows Vista, which has its own version of IE, dubbed IE 7+. That browser boasts a major security feature, dubbed "protected mode," which is not found in IE 7 for Windows XP.
"Protected mode builds on new features within Vista, specifically its User Account Controls, which let users run Windows with limited permissions," said Schare. "Protected mode runs IE 7+ with even less permission. It's like a sandbox around the browsing experience."
Files, for instance, can be written only to IE 7+'s own cache, preventing spyware or malware from dropping malicious code onto the PC's hard drive. "We looked at something like this for Windows XP," Schare said, "but the underlying code doesn't exist there." It just wasn't feasible to renovate XP that dramatically, he said. The IE 7 development team didn't consider other alternatives to lock down XP's IE 7 even more, Schare admitted. Third-party developers have, for example, created virtual machine-style tools that separate IE 6 from the rest of the system to keep malware at arm's length, and if some does make its way through defenses, unable to permanently remain on the drive.
Instead, Schare touted IE 7's other security provisions, which include disabling of nearly all ActiveX controls by default (requiring the user to explicitly give permission for each to run) and rewritten code that should prevent future cross-domain scripting exploits.
Beta 3 will be the last in the IE 7 development cycle, but other not-quite-ready versions will appear -- Release Candidates -- in "a couple of months," Schare said, with RC1 appearing "no later than the end of September."
Schare refused to nail down a release date for IE 7, only saying that the company was planning to ship the final code before the end of the year. Nor would he commit to releasing IE 7 earlier than Windows Vista if that operating system slipped from its now-scheduled January 2006 date.
Until IE 7's official release, Microsoft will continue to collect feedback. "We've received more feedback on Web site compatibility than anything else, but some of that is out of our control," said Schare. "We can reach out to [those sites] and offer them help, but they're on their own schedule."
Schare acknowledged that some feedback -- complaints about the lack of interface customization compared to IE 6, for example -- has had to be ignored. "The reason why we locked down the address bar was to avoid spoofing attacks," Schare said. "And other interface changes were impossible because we wanted to make tabs work seamlessly."
IE 7 Beta 3 can be downloaded from the Microsoft Web site. Users must uninstall earlier betas of the browser before installing the new edition. To help with that process, Microsoft has posted a how-to on the IE team's blog.