Below you will find information I received from another list regarding new features for the next version of internet explorer.
By J. Nicholas Hoover Wed Jul 2, 12:20 PM ETInternet Explorer's getting a little bit safer. Microsoft Wednesday unveiled significant new security features that will be in the next version of the company's Web browser,
Internet Explorer 8, currently in public beta testing.
From Microsoft's standpoint, any improvement in security is a plus, and the companyseems to be taking that to heart with Internet Explorer 8, which includes a slew of new or upgraded security features. In the past, Microsoft has been heavily criticized for its browser security, while its chief competitor, Mozilla Firefox, has been largely
lauded.One of the most important new features in IE8 is a set of cross-site scripting defenses to protect the browser against the most common type of these attacks, known as "reflection" attacks, wherein transmitted data is sent back to the attacker. During these attacks, hackers could be stealing and browser history, logging keystrokes, stealing credentials,
or just evading phishing filters.Internet Explorer 8 will also have what Microsoft's calling the SmartScreen Filter, which has been previously announced, but is more than Microsoft originally let on. It's an upgraded version of the phishing filter found in Internet Explorer 7 with a twist. It now includes malware protection, a feature also found in the latest versions
of Mozilla and Opera.When users visit a site that's been reported by any one of a number of third-party data providers as a phishing or malware-laden site, they'll be greeted with a big red background and a warning. That's an upgrade over the anti-phishing user in Internet Explorer 7, which Microsoft tests found looked too much like a potentially less harmful
page that just has security certificate errors.The warning has options either to go to the user's or to "disregard and continue," though the first option is in much bigger text. Businesses will be able to set policy so that "disregard and continue" doesn't show up as an option. The anti-malware protection
will also block suspicious downloads.Several third-party data feeds will provide Internet Explorer with the information needed to block phishing and malware-laden Web sites. Microsoft gets data on reported phishing sites from seven providers, though it's not yet clear where it will get
data on sites reported to contain malware.Microsoft's already announced a number of security features for Internet Explorer 8. For example, the browser has a number of anti social engineering features. It will highlight names in the URL bar to help prevent URL spoofing, like when an tells the recipient to click on a site that's represented as a site, but is really a malicious one. There's also an additional anti-phishing feature, where a dialogue that catches certain site characteristics sets off a red flag even when the site isn't in IE's
anti-phishing data feeds.There are several new browser-based security features, including improvements to ActiveX dialogues and control. There are now several levels of security for ActiveX controls. With per user control, users can and install a control and it will run whenever it wants. An opt in level allows users to decide whether the control should run each time it wants to. kill bits can stop a control from loading at all, and per site control means a control can only be invoked by one particular Web site. Data Execution Prevention helps mitigate many memory-related attacks, including overruns, by blocking code execution from running in protected memory. Several other features, including cross domain request and cross domain messaging, are aimed at preventing attacks from taking place in mash-ups or any time two Web sites have to exchange
information. -------------- next part -------------- An HTML attachment was scrubbed...URL:
Get your FREE SECURE email account from http://www.topmail.co.uk ** To leave the list, click on the immediately-following link:- ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe] ** If this link doesn't work then send a message to: ** access-uk-request@xxxxxxxxxxxxx ** and in the Subject line type ** unsubscribe ** For other list commands such as vacation mode, click on the ** immediately-following link:- ** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq] ** or send a message, to ** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq
