Printed from www.pcpro.co.uk
Microsoft boosts IE8 security
Posted on 4 Jul 2008 at 08:03
Microsoft is making strenuous efforts to shed Internet Explorer's reputation for slipshod security in its latest browser.
Firefox has long been regarded as the browser of choice for the security-conscious - not least because it's far less widespread than Internet Explorer - but Microsoft seems keen to redress the balance.
The company has announced a number of new security measures for Internet Explorer 8, which is due to hit its second beta phase next month.
One new measure includes protection against cross-site scripting (XXS) attacks. "Over the past few years, cross-site scripting (XSS) attacks have surpassed buffer overflows to become the most common class of software vulnerability," Microsoft claims on the Internet Explorer blog. "XSS attacks exploit vulnerabilities in web applications in order to steal cookies or other data, deface pages, steal credentials, or launch more exotic attacks."
IE8 will automatically block "the most common form" of XSS attack, using an heurisitc filter to identify and prevent the malicious code from running.
Another newcomer is the so-called SmartScreen Filter. This builds on the phishing filter introduced in IE7 to include sites known to be distributing malware or stealing personal data.
"The SmartScreen anti-malware feature is URL-reputation-based, which means that it evaluates the servers hosting downloads to determine if those servers are known to distribute unsafe content," Microsoft claims. A new group policy setting will allow system administrators to prevent users from overriding SmartScreen warnings, potentially preventing employees from inadvertently, or even deliberately, infecting the network.
Add-on protection
Microsoft claims malware writers are increasingly targeting add-ons, rather than the core browser. As a result, it's beefing up its add-on protection, by turning DEP/NX memory protection on by default in IE8. "DEP/NX helps to foil attacks by preventing code from running in memory that is marked non-executable," Microsoft claims, although the technology will only work on systems running XP SP3, Vista SP1 or Windows Server 2008.
Other improvements include a revamp of the Protected Mode introduced in IE7, measures to guard against exploits in web mashups and a new prompt to stop applications such as VoIP software running automatically from the browser.
Many of the new features will be implemented in the Beta 2 release at the end of August.
Author: Barry Collins
advertisement
- Microsoft shows courage at Tech-Ed 09
- PowerPoint and Silverlight: a perfect match?
- Why all the fuss over Windows Explorer?
- Your iPhone has a virus? Well it's your fault
- Motorola pays Lucas for its Droid
- Where are the killer apps for Windows?
- Will you hit the Orange iPhone "unlimited" cap?
- USB 3 first benchmark - it's here, and it's fast
- Why Windows 7 has forced me to worry about security
- How Dixons is (under)selling Windows 7
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Eset Smart Security
- BitDefender Total Security 2009
advertisement
