Web surfers may start noticing some unusual behaviour from their Internet Explorer (IE) browser after installling Microsoft's next round of security patches, expected on April 11.

The software giant plans to changes the way its browser handles dynamic content like Flash or QuickTime in response to Microsoft's highly publicised patent dispute with Eolas Technologies.

Microsoft has already made these changes available as an optional IE patch, but now they are being rolled into IE's next security update, which will make them effectively mandatory for most PC users.

"Currently that update is in the testing phase and could be released as early as April," said Stephen Toulouse, security program manager with Microsoft's security response centre. "But of course, that isn't final," he added.

Half a billion dollar error

In August 2003, an Illinois court awarded Eolas $521 million in damages for Microsoft's patent violations. Though Microsoft is appealing this ruling, and challenging the validity of the Eolas patent with the US Patent Office, the court ruling forced Microsoft to make the changes or risk being found in contempt of court.

The ActiveX changes will gum up the way some web surfers interact with dynamic content by forcing them to click on a pop-up 'tool tip' dialog box before being able to interact with things like Flash or QuickTime.

Microsoft, Apple and Adobe have published workarounds for the changes, which means that websites that have coded these workarounds will appear as normal to IE users.

Developers face hard grind

But the IE changes will probably take some by surprise, according to Jon Galloway, a web developer with San Francisco's VelocIT Corp. "A lot of sites are not going to update their Flash right away," he said.

The changes will certainly be an annoyance, but they will not prevent users from running Flash or QuickTime files, he said. "It's the kind of thing that's going to upset a marketing department that wants everything to look perfect," Galloway said.

Most of the pain from the IE update will be felt by web developers who may find themselves scrambling to implement the workarounds. "Once this rolls out to everybody, suddenly things that used to work automatically will have to be manually done," said Richard Smith, an internet security consultant based in Boston. "The bottom line is sites are going to have a lot of work to do here."

Developer advice

Developers have had a fair bit of time to test the ActiveX changes. Microsoft released them as part of a February 28 "non-security" update to IE.

Adobe has published a page explaining how Flash developers can work around the problem.

Microsoft's workaround is available here.

Apple's QuickTime developer instructions can be found here.