IE8 to get security boost
By Barry Collins,
Microsoft is looking to shed Internet Explorer's reputation for slipshod security in its latest edition of the browser.
Firefox has long been regarded as the browser of choice for the security-conscious - not least because it's far less widespread than Internet Explorer - but Microsoft seems keen to redress the balance.
The company has announced a number of new security measures for Internet Explorer 8, which is due to hit its second beta phase next month.
One new measure includes protection against cross-site scripting (XXS) attacks. "Over the past few years, cross-site scripting (XSS) attacks have surpassed buffer overflows to become the most common class of software vulnerability," Microsoft claimed on the Internet Explorer blog. "XSS attacks exploit vulnerabilities in web applications in order to steal cookies or other data, deface pages, steal credentials, or launch more exotic attacks."
IE8 will automatically block "the most common form" of XSS attack, using an heurisitc filter to identify and prevent the malicious code from running.
Another newcomer is the so-called SmartScreen Filter. This builds on the phishing filter introduced in IE7 to include sites known to be distributing malware or stealing personal data.
"The SmartScreen anti-malware feature is URL-reputation-based, which means that it evaluates the servers hosting downloads to determine if those servers are known to distribute unsafe content," Microsoft claimed. A new group policy setting will allow system administrators to prevent users from overriding SmartScreen warnings, potentially preventing employees from inadvertently, or even deliberately, infecting the network.
Microsoft claimed malware writers are increasingly targeting add-ons, rather than the core browser. As a result, it's beefing up its add-on protection, by turning DEP/NX memory protection on by default in IE8. "DEP/NX helps to foil attacks by preventing code from running in memory that is marked non-executable," Microsoft said, although the technology will only work on systems running XP SP3, Vista SP1 or Windows Server 2008.
Other improvements include a revamp of the Protected Mode introduced in IE7, measures to guard against exploits in web mashups and a new prompt to stop applications such as VoIP software running automatically from the browser.
Many of the new features will be implemented in the Beta 2 release at the end of August.
Related Tags
advertisement
Latest Internet Features
The saga of Scrabulous
The popular scrabble imitation is no more, the third-party web app being forced off Facebook by legal action. We chart how a simple word game became one of the biggest IT stories of the year…
- Q&A: Motorola's enterprise VP John Coon
- IT around the world: Russia
- Q&A: Orange's devices chief Francois Mahieu
- Q&A: Plusnet's Neil Armstrong
- Chinese web control an Olympic challenge for tech firms
- Hitting a home run with IM
- Q&A: Mozilla's Tristan Nitot
- Where will IT be in 2015?
- Keynote's Umang Gupta on the health of the Net
Latest Internet Reviews
EXCLUSIVE - Astaro Web Gateway AWG3000
Rating: 
advertisement
Latest News Videos in Internet
Video: Q&A with Easynet Connect's Chris Stening
PlayIT PRO spoke to Chris Stening, managing director of Easynet’s SME division, about whether ISPs are giving businesses the service they deserve.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Sponsored results
- BBC NEWS | dot.life | A blog about technology from BBC News
shareholders a tangible alternative to Microsoft’s cash. Permalinkthe BBC News website is now accessible to people in China. BBC newspeople...
http://www.bbc.co.uk/blogs/technology/2008/03/
Social Bookmark this article: What is this?