February 29, 2012, 6:30 AM —
Yesterday, I stumbled upon what appears to be presentation notes from an undisclosed "IE readiness meeting" that took place between the IE leads and Eric Lawrence, Product Manager on the IE team, just weeks after the 2011 BUILD conference. The notes have been online for several months now, though no one seems to have either seen them or taken notice. They do contain mostly well-known IE features, but also at least one unknown feature of IE 10.
The notes are available here, though they are likely to be removed soon.
[ FREE DOWNLOAD: Windows 8 Deep Dive Report | Windows 8: The 10 biggest problems so far ]
While most of this was discussed at BUILD, the notes give some hints about lesser-known or even unknown performance improvements in WinInit (Windows Internet API), JavaScript and the limitations of the Metro-style Internet Explorer 10. Here are the highlights:
Mystery of the "Enhanced Protected Mode" (EPP) in IE 10 x64
One feature that struck me immediately is the implementation of a new feature dubbed "Enhanced Protected Mode" (EPP). The note reads:
New 64bit tabs will not execute 32bit plugins (e.g., <SL5). Can be enabled without Enhanced Protected Mode (EPP) which is for 64bit isolates tabs to AppContainers which further constrains reads and writes (ideal for high-security for example governments). ASLR = Address Space Layout Randomization and ForceASLR bit is true by default for added security.
"Protected Mode" has been introduced in IE 7 as a mechanism to prevent malware from writing to the registry and file system. However, "Enhanced Protected Mode" is something new. If I interpret these notes correctly, it simply uses the x64 version of IE 10 and isolates tabs in app containers, giving them the same restrictions that Metro-style apps have. Digging a bit further and checking back with friends from the IE team, I got an excerpt from the group policy which reveals:
Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running Windows 8 and above, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system.
So, x64 IE 10.0 processes + AppContainer + ASLR + Protected Mode (which limits system access) = Enhanced Protected Mode? If so, this would mean an absolute locked-down browsing experience that would also lead to NO plug-ins, but maximum security. I'd enable that mode in a heartbeat.
IE 10 "MoBro" aka "Modern Immersive Browser" aka "MIB" limitations
As we know, Windows 8 ships with two separate versions of IE 10. The traditional, "classic" IE 10 and the Metro-style Internet Explorer app that the IE team refers to (mostly) internally as "MoBro/Modern Immersive Browser/MIB". The notes mention how the two browsers share settings and configurations, but operate "contextually" -- meaning that if you click on a URL in Outlook, the desktop IE 10 opens, while clicking on a URL in a Metro-style app causes MoBro to open.
