There is a game played by CEOs with the corporate issuance of lottery tickets. Otherwise known as stock. Stock can be issued in any number of ways, shapes or forms. Warrants, options, restricted or unrestricted stock. No matter what you call it, every CEO hired, is asking for equity knowing that their only goal is to hit the jackpot and create a pool of wealth that puts them in the "fuck you" wealth category. Thats enough money to buy or rent just about anything you can think of and put you in position to never have to work again. You just live off the cash in the bank.

Put another way, every hired CEO is looking to be in a position to look in the mirror , smile and tell themselves they have made it. They are living the American dream. The only way to do that is to grab as much equity equivalents as you can and do everything you can to get that stock price up as high as you can while periodically liquidating the stock and stuffing the cash in your bank account.

There is absolutely nothing wrong with doing so. Any CEO who doesnt take advantage of this golden ticket opportunity is an idiot. In fact, although I don't have actual numbers, I would hazard a guess that more than 95pct of CEOs hired to run companies with a billion dollar plus public market caps probably do get themselves to the position of having more than 10mm dollars in equity very quickly. While those who manage to hold on to their jobs a while and not screw up too bad, can relatively quickly get past the 25mm dollar in equity mark and reach the 50mm dollar mark with in 10 years. Its actually pretty tough to screw up and not get there if you have any brains at all.

Why ?

Because you have the entire Mutual Fund, Hedge Fun and Brokerage industry doing everything they can to get you there. Think about it.

You can't turn on CNBC or Fox Business without them cheerleading the market to go up. Every man, woman, child, fund, index or interested party who buys the stock is doing everything they can to get the stock of the company to go higher. They don't really care how you run the company and they care less about the results of the company than they do about the performance of the stock. Heck, even if they did care, shareholders dont really own anything and have zero say in the company. If you really dig into it, its the ultimate in social networking. Everyone who owns the stock belongs to the fan page or group for the stock and they are telling everyone they can how wonderful the company is and why the stock will go up, all while praying it does so.

Its the American way and it works ! Hundreds of millions of dollars are spent every year by brokerages telling every American that the stock market over time will go up 7pct per year. All you have to do is diversify and hold onto your stock long enough. For better or worse, everyone believes it.

With all of that social networking power, call it stocksourcing behind stocks, how can CEOs not get rich ?

The problem with all of this is that there is a huge disconnect between the CEO and shareholders doing well and those who work for the company doing well

Yes, its true, particularly in markets like we are experiencing now, stocks can hit 52 week, or even multi-year lows.(although more often than not, in spite of low stock prices, market caps have increased).

Yes, its true that CEOs see the value of their holdings shrink. However, unlike lottery tickets whose value goes to zero when you dont hit the number, the CEO equity positions retain their upside and history has shown us that if they go far enough underwater, they will get repriced and /or reissued. All in the name of keeping the CEO happy. So while CEOs may get "less rich" for awhile, the game is stacked so that a downturn gets them happy real fast when the upturn comes.

The disconnect is that there is a big difference between not making Wall Street happy and not making money.

The pressure from Wall Street is to grow earnings forever. Not matter what it takes. This isnt a problem when a company is doing well. EVeryone is happy. But when the economy hits a bump like it has now, when the market is hitting a bump and stock prices are declining, like it is now, the pressure comes. Everyone owning the stock reacts and whats to know what the CEO will do to get the price back up. This, as they say "is where the CEO earns their pay" Unfortunately, what this really means is that everyone who works for that company is at risk. At risk of losing their jobs, benefits, raises, you name it. Its at risk.

All of which is a long winded way of saying that employees live in the corporate cash zone, CEOs and the top few in management live in the equity/lottery ticket zone.

Those in the cash zone always take the first hit. People,places and things that consume cash are the first things to go because cash expenses immediately reduce earnings. If you or anyone like you consumes cash, unless someone upstairs thinks you generate a straight to the bottom line return on the cash expenditure, you are about to become a corporate ghost. Your person, place and thing will be memorialized as a cut to increase earnings mentioned in a press release that wall street will cheer and use to push up the stock price.

What makes me sad about all of this is that I really think that in this country if there truly was a connection between shareholders and management, that if given a choice by profitable companies, most of us would choose to hold on to our shares and accept an expanded PE for some period of time in exchange for people keeping their jobs.

I would love to receive an email from a company I own saying something to the effect of:

Dear Shareholder,
We are facing a very difficult decision that we would like your feedback on . Our earnings per share last quarter were 20 cents, and for the entire last year, 80 cents. Because of a downturn in business caused by XYZ factors, we face the choice of making 10 pct less, or cutting headcount and related expenses in order to maintain our earnings and possibly even grow our earnings a couple cents this year.

As a shareholder, we would like to ask you whether you would consider allowing us to retain these valued employees. We recognize that it would require you accepting a PE multiple 10 pct higher than the current market. We hope you would be willing to make this concession. We think that the jobs this will save will return far greater value to shareholders over the long run.

We look forward to your vote.

Personally, Im willing to give a higher multiple in exchange for saving people's jobs. At least once.

Unfortunately, this of course is a fantasy that can't happen in this country.

Which brings us back to CEO Pay.

As long as CEOs live in the equity/lottery ticket zone and employees in the cash zone, CEO pay is going to be outrageous relative to everyone else.

The only possible way to change this is to put CEOs in the cash zone. Make companies generate 100pct of their compensation in cash that is 100pct expensable in the quarter paid. Thats not to say they cant own stock. Hell yes they can own stock. But make them buy it either on the open market, or as part of the programs that make stock available to every company employee, on the same terms. They are getting paid enough in cash and if they believe in their ability to run the company, they can put their money where their mouth is. Eliminate all the free lottery tickets. Make them buy stock, options, warrants, whatever, on the same terms as everyone else can.


Shareholders tend to ignore how much stock is given to management, they don't ignore cash. Companies will always be a lot more stringent with their cash, whether its paid to the CEO or anyone else. CEO cash compensation will go way up, but total compensation will come way down. More importantly , CEOs getting paid huge sums in cash will stand out like a sore thumb when things arent going so well. They will be treated like everyone else in the cash zone and held far more accountable for their work.

Of course this is all just my opinion, but to me its a good thing for all involved. The rich can still get richer, but everyone shares in the risk.

Permalink | Email this | Linking Blogs | Comments

Join members of the Internet Explorer team for an Expert Zone chat this Thursday, April 17^th  at 10.00 PDT/17.00 UTC. These chats are a great opportunity to have your questions answered by members of the IE product team.

If you can’t join us online, all chat transcripts are published here. Allow approximately 7-10 days following a chat for the transcript to go live.

Hope you can join us on Thursday!

Kristen Kibble
Program Manager

Editor’s Note: I’d like to share a guest post from Ronaldo Lemos and Bruno Magrani of the Center for Technology & Society at FGV Law School, Rio de Janeiro, Brazil. 

Bruno Magrani

Next week, Mozilla will participate in the 9th Fórum Internacional do Software Livre (International Free Software Forum - FISL) in Porto Alegre, Brazil. This is the second time that Mozilla will be in Brazil on an “official” visit. This time, the group includes Mitchell Baker (Mozilla’s Chairperson), Chris Blizzard, Marcio Galli, Mary Colvig, Taras Glek and Chris Hofmann. In their visit, they will be in touch with a vibrant and growing community of free software users, developers and enthusiasts. This is a great opportunity both for Mozilla and for the Brazilian community to get together and work with Firefox and other initiatives that promote the core values of the net, including openness and freedom.

Ronaldo Lemos and I have been helping support Mozilla’s presence here in Brazil and at FISL.  This is not the first time that our institution, the Center for Technology & Society at the FGV Law School in Rio de Janeiro has participated in the Forum. We’ve worked closely with FISL in the past few years and we launched the Brazilian branch of the Creative Commons project at the Forum in March 2004. This was an unforgettable event, I believe both for us, and for the more than 1,500 participants attending the launch, anxious to hear Minister Gilberto Gil, Marcelo Tas, Terry Fisher, Lawrence Lessig, Luis Nassif, André Midani, Claudio Prado, Joaquim Falcão, and so many others who care a lot about the future of the internet. A video of the launch can be watched here.

This year we are very happy to be back again at the Free Software Forum (this will be our 4th year at the event). Besides organizing/participating in a few panels, we will be there to support Mozilla´s visit the best way we can, including their workshop. We are very honored to do this, especially because we believe Mozilla will find in Brazil a place where not only we share common values, but also, put them into practice, thanks to our natural “tropicalist” mindset, and to the fact that the meaning of “openness” is very strong for us. One symbol of that is the fact that President Lula is expected at the Forum this year, and Brazil is well-known worldwide for its support of free software and free culture. Without further ado, we look forward to a great conference and Mozilla visit!

Share This

With the release of IE8 Beta 1, I'm pleased to be able to talk about the first round of improved standards compliance and bug fixes in IE's HTML and DOM support for the new IE8 standards mode. Doug hinted at some of these improvements, and I wrote a little bit about them in the IE8 Beta 1 whitepapers here and here. In this post, I'd like to enumerate the 'change list' (of sorts) here on the blog in response to requests for such a list that I received at MIX08. Personally, I've been long-awaiting this release because of what I know it means to web developers (like myself) that have had to code around a lot of IE's DOM quirks for many years.

For IE8, I have really focused on the HTML and DOM Core standards and concentrated on building a solid cross-browser compatible foundation for many of the APIs that are already supported by Trident. This effort to fix some of the cracks in IE's foundation has been a long time in coming, and I believe it's a critical and necessary first step before adding on additional standards support.

For IE8 Beta1, we looked at many community-provided bug reports and found that the top pain-points were related to IE's attribute handling (with a few prominent exceptions like getElementById). Therefore, attribute-handling has served as the 'theme' for the set of issues to tackle in IE8. We probably won't be able to fix all of the community-reported bugs in the DOM in this release (there are many), but we want to make sure that we get to the worst offenders first. Help us out by submitting or voting on the bugs that you feel are most impactful to your business.

HTML/DOM Standards Compliance in IE8 Beta 1

Note: I use HTML5 nomenclature for DOM attribute/content attribute.

Big-impact improvements in Beta 1

Within the scope of attribute-related fixes, the following address some of the well-known, oft-cited, compliance issues in IE's HTML and DOM support.

1. <BUTTON> type attribute defaults to 'submit' rather than 'button' in IE8 standards mode.
   
2. setAttribute now uses the content attribute name (rather than the DOM attribute name) for applying an attribute value (also camelCase no longer required).
   • This fixes the commonly reported issues regarding the 'style', 'class', and 'for' attributes not working.
     
3. getElementById finds only elements with matching id (not name) and performs case-sensitive matching.
   
4. <BUTTON> value attribute text now submitted iin form submit in IE8 standards mode. IE7 standards mode continues to submit the innerText.
   
5. <OBJECT> now supports native image loading (see the whitepaper for more details).
   
6. <OBJECT> now supports fallback for two additional scenarios: HTML embedding and native image loading (where the HTML/image resource cannot be loaded, i.e., 4xx-5xx HTTP response codes. ActiveX controls still do not support fallback (see the whitepaper for more details).
   
7. URL-type DOM attributes separated from content attributes. For example: <A>.href (DOM attribute) != <A>.getAttribute('href') (content attribute). You will find that all URL-type DOM attributes return an absolute URL, while the content attribute returns the string that was provided in the source. These changes apply to the Attr.value and getAttributeNode as well. Specifically:
   • The following element's DOM attributes now return absolute URLs: applet [codebase], base [href], body [background], del [cite], form [action], frame [src, longdesc], head [profile], iframe [src, longdesc], img [longdesc], ins [cite], link [href], object [codebase, data], q [cite], script [src].
   • The following element's content attributes now return relative URLs: a [href], area [href], img [src], input [src].

Consistency and reliability with Standards and other browsers (attribute-related) in Beta 1

Many reported (and some not-reported) issues with IE's attribute handling involve the NamedNodeMap interface object (object.attributes), correct DOM attribute reflection of content attributes, and case-sensitivity. In principle, the standards indicate that HTML documents are case-insensitive, while DOM Core-related APIs are case-sensing--they depend on the underlying document rules to determine their sensitivity. To resolve ambiguities, I appealed to the most common behavior of other browsers.

1. <element>.attributes.getNamedItem no longer creates Attr objects that don't exist in the collection (returns null when an attribute is not found).
   
2. Radio button fixes:
   • Dynamically setting the 'name' attribute on a radio button now correctly applies that radio to same named group (old known-issue fixed in Quirks, IE7, and IE8 standards modes).
   • Radio buttons without a name attribute can now be selected by the user in IE8 standards mode (I found it interesting that the code revealed this to be an old Netscape compatibility issue).
     
3. <FORM> enctype DOM attribute now supported. Reflects the enctype content attribute.
   
4. Checkbox fixes:
   • Inserting checkboxes into the tree (and moving them around the document) no longer resets the 'checked' state with the 'defaultChecked' state.
   • The 'defaultChecked' DOM attribute now reflects the 'checked' content attribute. The 'checked' DOM attribute affects both the intrinsic behavior on screen and the form's submitted value.
   • Parsing operations on the 'checked' content attribute always affect both the 'checked' and 'defaultChecked' DOM attributes. (For example, removeAttribute('checked') sets 'checked' and 'defaultChecked' to false, setAttribute('checked', 'checked') sets both DOM attributes to true (as if the element were being re-parsed).
     
5. getAttributeNode now correctly populates the .value property of the returned Attr object for all attributes (whether .specified=true or not).
   
6. removeAttribute now uses case-insensitive comparisons.
   
7. <P> element now closes when <TABLE> is encountered (ACID 2 compliance).
   
8. <LINK> rel content attribute now finds 'alternate' token in any location in the string (ACID 2 compliance).

Additional compliance and feature completion in Beta 1

1. <BASE> href no longer applies a 'new' document base if the supplied URL is a relative URL (relative URL being defined as not having a schema ['http:'] and a hostname ['/' or 'domain']).
   
2. Title attribute now preferred (over alt) when specified as the popup tooltip for images and maps (img, input, object, and area elements).
   
3. When retrieving Boolean attributes by name, the value is now correctly reported as the canonical attribute name (e.g., checked='checked').
   
4. Implemented hasAttribute (case insensitive matching) which is the suggested workaround while the NamedNodeMap is under construction.
   
5. Completed the Attr interface (of DOM L2 Core) by implementing ownerElement.
   
6. Completed the interfaces for object, iframe, and frame (DOM L2 HTML), by implementing contentDocument. Note: like contentWindow, this property will not allow cross-domain access to the inner content.
   
7. HTMLCollection fixes:
   • 'item' API is no longer overloaded to accept strings and act like 'namedItem'. 'item' now only accepts numerical indexes (or tries to convert a string to a numerical index as is JavaScript behavior).
   • 'namedItem' no longer returns collections if more than one named item is found. Instead, the first matching (case-insensitive) element is returned.
   • As IE8 does not implement all collections using the HTMLCollection interface, the following exceptions currently exist: elements [HTMLFormElement], rows/tbodies [HTMLTableElement], rows [HTMLTableSectionElement], and cells [HTMLTableRowElement].

Known Issues

A significant bug in our JavaScript invoke code path in IE8 Beta 1, causes some JavaScript calls to inadvertently revert to IE7 compatibility mode and therefore make it appear as if some of the aforementioned bugs are not actually fixed. :( This has personally affected some of my tests that pass DOM objects (like HTMLCollections) through a function parameter for testing--I mention this only by way of example. While you will see this bug fixed in Beta2, it may indirectly impact your own testing--I recommend checking for the existence of document.querySelector to see if your script execution has reverted to IE7 compatibility mode before concluding that IE8 Beta1 has not fixed a particular bug (the Selectors API is only visible to IE8 standards mode).

Known issues we are planning to address in Beta 2

At a minimum, all previously available functionality in the DOM will be restored in Beta 2.

1. setAttribute still does not work with event handlers.
   
2. <element>.attributes.length fails. The IE8 NamedNodeMap object is in the middle of an overhaul.
   
3. Many TABLE-related API are 'not implemented' as of Beta1. As critical pieces of the IE8 layout engine come online, these APIs are being re-enabled:
   • rows/tbodies [HTMLTableElement], rows [HTMLTableSectionElement], cells [HTMLTableRowElement].
     
4. <OBJECT> elements don't fall back on cross-domain security failures.

Known issues we are not planning to change in IE8

1. <OBJECT> is not parsed in a cross-browser compatible way (parsing stops at the OBJECT, whereas other browsers continue parsing all the fallback content and make it available. No support for this parsing behavior is planned for IE8; I'll take this opportunity to ask for real-world scenarios that can help me prioritize this feature.
   
2. <OBJECT> elements cannot be 'reactivated' by dynamically correcting the attributes that caused the original fallback. Again, your feedback on the potential benefits/use-cases for this feature appreciated.

Acknowledgements

I'd like to acknowledge the amazing work done by all the IE developers and testers that make it possible to push a button and get IE7 compatible behavior for each of these significant changes.

Also, special thanks to PPK for updating his compatibility tables to showcase some of the work that we've done.

And there's more to come.

Regards,

Travis Leithead
Program Manager
IE8 Object Model

There is a dirty little secret in the cable industry. Its being kept secret not by the cable distributors, but by the big cable networks. End this practice and the United States goes from being 3rd world by international broadband standards, to top of the charts and exemplary.

Make this change and Net Neutrality becomes a non issue. There is plenty of bandwidth for everyone.

What is the dirty little secret ?

That your cable company still delivers basic cable networks in analog. Why is this such an important issue ? Because each of those cable networks takes up 6mhz. That translates into about 38mbs per second. Thats 38mbs PER NETWORK.

USA Network, 38mbs. ESPN, 38mbs. MTV 38mbs. VH1 38mbs.etc, etc, etc.

If we want to truly change the course of broadband in this country, the solution is simple. Just as we had an analog shutdown date for over the air TV signals, we need the same resolution for analog delivered cable networks.

Transition basic cable networks from analog to digital over the next 3 years and all of the sudden there will be hundreds of megabits available on the smallest cable systems and more than a gigabit of bandwidth available on the largest.

Of course the cable networks themselves would fight this. It could reduce their subscriber counts. God forbid that USA Network and other basic cable nets do not reach every household that doesn't have a digital set top box. That is of course far more important than the upside to our entire country that plentiful bandwidth creates. Right ?

So for all of you netizens out there, drop all the Net Neutrality efforts and focus on pushing analog cable networks to digital and you kill two birds with one stone. You eliminate any issue of Net Neutrality with bandwidth a plenty, and you immediately make our nation bandwidth competitive with every nation in the world. In fact, done right, we become the envy of every nation in the world. All without a single backhoe or blade of grass in a yard harmed.

I might even have to change my stance on internet video reaching broadcast quality !

Permalink | Email this | Linking Blogs | Comments

First of all, I speak for myself and not the NBA. My opinion really doesn't matter on this issue because it is governed by the Collective Bargaining Agreement and I can assure you that I have minimal influence on what is included in that document.

If it were up to me, I would raise the age limit to 22 or when your class graduates from college. Why ?

It's not because there are not 18 or 19 year olds who can't play in the NBA. There always have been, and there always will be. Doing what is right for the NBA is about far more than basketball talent.

My logic is simple.

If a kid is NBA ready to play at 18 or 19, he will be NBA ready at 22. They don't forget how to play basketball and they don't get worse. What does change considerably between the ages of 18 and 22 is the maturity level of the kids. Ask any 22 year old in college if they are more "worldly" and better prepared to deal with life post college than they were when they were 18 or 19.

The ability to better deal with the real world is of huge importance for anyone entering a profession. I'm not saying every college graduate is automatically mature. They aren't, but again, those who are immature at 22, were probably far less mature at 18 or 19.

From the perspective of an NBA owner, maturity is far harder to qualify than talent. Can he manage the personal side of his life ?When friends, relatives and hangers on are coming out of the woodwork asking for something. I know that when I first started making great money, it was difficult for me, in my late 20s to deal with who to say no to. How is a 19 year old going to say no to people who he has grown up around and are still his close friends ? How is he going to deal with the gold diggers ? A 1 or 2 week "Scared Straight" class by the NBA isn't going to do the job.

Can he deal with all the obligations that come with living on your own, and being in a job that requires you traveling more often than not ?

Does he have an understanding of financial principals ? To a 19 year old kid without financial training, a million dollar contract makes him a millionaire. There is no concept that 50pct goes to taxes and that by the time he pays his bills, he has a great job, that pays great money, but he isn't at a level that allows him to spend without limit. Unfortunately, there are far too many agents that won't have the tough love conversations with their clients until its too late.

Which means that all the emotional strain that comes along with being 19 and entering a new profession is introduced to the team. It becomes our obligation to help the player deal with all of this. We get the questions about whether or not he should buy a gun because his buddy tells him he needs one. How to set up a checking account or to get a new drivers license or get a passport. How to deal with breaking up with a girlfriend who now wants money. And that's not the worst of it.

Raising the minimum age is not about talent, its about maturity. Maturity matters to this league. Mature players are marketable players. Mature players generate far less strain on the league. Mature players can take care of themselves. Mature players understand the business of the NBA and how they can positively impact it to their own benefit.

Look at the two big black eye events that NBA has suffered the past several years. How many of those players are "early entrants" ? Maturity matters.

When people would talk about NBA image problems, and you ask for specific players, its not about black vs white, tattoos vs non, its about mature vs immature. Its that simple.

The younger the player the greater the maturity risk. The greater the maturity risk, the greater the risk to the entire future of the NBA.

I don't know how we can measure maturity and make it a covenant of the Collective Bargaining Agreement. The closest definable measure we have is age. Which is exactly why I'm all for a 22 year old age minimum.

Given all the comments, I wanted to add an update here:

Permalink | Email this | Linking Blogs | Comments

The Firefox Support team (support.mozilla.com, or SUMO for short) would like to invite you to our first SUMO day! This Friday, starting at 7 AM PDT, we’ll be hosting a day all about getting to know SUMO and learning how to use our site to help other Firefox users enjoy their favorite browser.

If you haven’t already, this is a great opportunity for you to get involved with Mozilla, regardless of your interests or expertise. We need people to write articles, create screenshots, correct spelling and grammar, answer people’s questions in the forum, or interact directly with Firefox users in live chat — just to name a few of the many ways you could help us out. Even if you’re just curious to learn more about the project and don’t really plan on participating, we’d be really excited to have you joining us on Friday.

Of course, we’d be even more thrilled if you stayed with us throughout the Firefox 3 launch, which is going to be an exciting event for the SUMO project. Have a look at the SUMO Day home page for more information and please pop by on Friday!

Share This

Hi, I’m Eric Lawrence from the Internet Explorer Security Team. With the RSA security conference kicking off this week, I wanted to start sharing more information about the security features and benefits of Internet Explorer 8 Beta 1. Over the next several weeks, we’ll blog in greater detail about some of the security improvements in Beta 1, such as the new Safety Filter, greater control over ActiveX controls, and new AJAX features for safer mashups (XDomainRequest and XDM). This is not a complete list of our security investments for the release; we will have more to talk about during future milestones.

Internet Explorer 8 security features target three major sources of security exploits: social engineering, Web server, and browser-based vulnerabilities. This post will cover IE8 Data Execution Prevention (DEP), a feature that mitigates browser-based vulnerabilities.

DEP/NX Memory Protection in Internet Explorer 8
Internet Explorer 7 on Windows Vista introduced an off-by-default Internet Control Panel option to “Enable memory protection to help mitigate online attacks.”  This option is also referred to as Data Execution Prevention (DEP) or No-Execute (NX). 

We have enabled this option by default for Internet Explorer 8 on Windows Server 2008 and Windows Vista SP1 and later.

DEP/NX helps to foil attacks by preventing code from running in memory that is marked non-executable.  DEP/NX, combined with other technologies like Address Space Layout Randomization (ASLR), make it harder for attackers to exploit certain types of memory-related vulnerabilities like buffer overruns. Best of all, the protection applies to both Internet Explorer and the add-ons it loads. No additional user interaction is required to provide this protection, and no new prompts are introduced.

DEP/NX Compatibility
For Internet Explorer 7, DEP/NX was disabled by default for compatibility reasons.  Several popular add-ons were not compatible with DEP/NX and would crash when Internet Explorer loaded them with DEP/NX enabled.  The most common problem was that these add-ons were built using an older version of the ATL library.  Before version 7.1 SP1, ATL relied upon dynamically generated code in a way not compatible with DEP/NX.  While developers of many popular add-ons have since released updated extensions compatible with DEP/NX, some add-ons may not be updated before Internet Explorer 8 becomes available.

Fortunately, new DEP/NX APIs have been added to Windows Server 2008 and recent Windows Service Packs to enable use of DEP/NX while retaining compatibility with older ATL versions.  These new APIs allow Internet Explorer to opt-in to DEP/NX without causing add-ons built with older versions of ATL to crash. 

In rare cases where an add-on is not DEP/NX compatible for reasons other than outdated ATL usage, a group policy option will be available to allow an organization to opt-out of DEP/NX for Internet Explorer until an updated version of the broken add-on can be deployed.  Local Administrators can control DEP/NX by running Internet Explorer as an Administrator and unchecking the Tools > Internet Options > Advanced > “Enable memory protection to help mitigate online attacks” option.

Checking Your Protection
You can see which processes are protected by DEP/NX on Windows Vista Task Manager’s Process tab; on earlier versions of Windows, you can use Process Explorer.  In either case, ensure that the “Data Execution Prevention box” is checked in the View > Select Columns menu.

Developer Call to Action
If you build Internet Explorer add-ons, you can help ensure users enjoy a smooth upgrade to IE8 by taking the following steps today:

1. If your code depends on older versions of ATL, please rebuild it with ATL v7.1 SP1 or later (Visual Studio 2005 includes ATL 8.0)
   
2. Set the /NXCompat linker option to indicate that your extension is compatible with DEP/NX
   
3. Test your code with DEP/NX enabled using IE8 Beta 1 on Windows Vista SP1. (Alternatively, test with IE7 on Windows Vista after enabling the DEP/NX option. To enable DEP/NX for IE7: Run IE as an administrator, then set the appropriate checkbox in the Tools > Internet Options > Advanced tab)
   
4. Opt your code into other available defenses like stack defense (/GS), safe exception handling (/SafeSEH), and ASLR (/DynamicBase)

Thanks for your help in securing the web!

Eric Lawrence
Program Manager

The IE Automatic Component Activation (IE ACA) update is now available as part of the April 2008 Internet Explorer Cumulative Update. The "click to activate" behavior, formerly required for ActiveX controls embedded in some webpages, is now permanently removed from Internet Explorer.  For detailed information on IE ACA, see our blog post from last November announcing this update.

This update replaces the IE ACA previews released in December 2007 and February 2008.

Thanks,

Jefferson Fletcher
Product Manager

The IE Cumulative Security Update for April 2008 is now available via Windows Update. Alternatively, you can receive this and all other Microsoft updates via the new Microsoft Update. I encourage you to upgrade to Microsoft Update if you haven’t already to ensure that you receive the latest updates for all Microsoft products.

This update addresses 1 remote code execution vulnerabilities. This security update addresses this vulnerability by modifying the way Internet Explorer handles HTML and validates data. For detailed information on the contents of this update, please see the following documentation:

• Microsoft Security Bulletin MS08-024
• Microsoft Knowledge Base Article 947864

This update is rated “Critical” for IE5.01, IE6 Service Pack 1 on Windows 2000, IE6 on Windows XP, IE7 on Windows XPSP2 and IE7 in Windows Vista, IE6 on Windows Server 2003, and IE7 on Windows Server 2003.

As a reminder, IE security updates are cumulative and contain all previously released updates for each version of Internet Explorer.

I encourage everybody to download this security update and other non-IE security updates via Windows Update or Microsoft Update. Windows users are also strongly encouraged to configure their systems for automatic updates to keep their systems current with the latest updates from Microsoft.

Terry McCoy
Program Manager
Internet Explorer Security