IE 10 is more secure, so here’s a Microsoft tool to prevent you updating by mistake

An alert writer over at the The Register has spotted a funny thing.

Microsoft just released a free tool to stop you upgrading to Internet Explorer 10 on Windows 7 and Server 2008 R2:

“Big deal,” you say. “There is no IE 10 for Windows 7, so it doesn’t sound like much of a tool to me.”

Except, as The Reg points out, the availability of the tool is a sort of omen: it surely means that IE 10 for Windows 7 must be nearly ready to drop for real.

Ironically, then, Microsoft is making sure that as soon as IE 10 is ready, you’re already ready to avoid it.

Sounds rather odd, but sysadmins in any but the smallest organisations tend towards trepidation over Internet Explorer updates, in case some legacy business application should go pear-shaped.

And there’s the real irony: that Microsoft should need to produce a one-off anti-update tool to help you sidestep a forthcoming automatic update, as a way of discouraging you from turning off automatic updates altogether.

A sort-of “lesser of two evils” solution for change control conservatives.

Microsoft has been there before, with IE 6 staying on the shelves so far past its use-by data that the company came up with, an entire website devoted to weaning people off from IE6 with an unrepentant clarion call of, “Friends don’t let friends use Internet Explorer 6.”

The technique for suppressing IE 10 is pretty straightforward. Here’s an excerpt from the batch-language version:

set REGBlockKey=HKLM\SOFTWARE\Microsoft\Internet Explorer\Setup\10.0
set REGBlockValue=DoNotAllowIE10

REG ADD "%REGBlockKey%" /v %REGBlockValue% /t REG_DWORD /d 1 /f

Even with this magic registry value set, you can manually install IE 10 (or manually force an update with WSUS) if you want to override the block.

When you’re ready to let Windows Update push out IE 10 entirely automatically, you just remove the DoNotAllowIE10 registry value:

set REGBlockKey=HKLM\SOFTWARE\Microsoft\Internet Explorer\Setup\10.0
set REGBlockValue=DoNotAllowIE10

REG DELETE "%REGBlockKey%" /v %REGBlockValue% /f

If you want someone’s word other than Redmond’s that IE 10 is more secure that earlier browsers, consider the prizes on offer at this year’s PWN2OWN competition for browser hacking.

IE 10 is worth $100,000 for a successful exploit; IE 9 will only fetch you $75,000:

So when will IE 10 drop onto unblocked Windows 7 PCs?

Sadly, we can’t tell you that. For users not afraid of upgrading their browser, the sooner the better!