Internet Explorer 8 Security Features

Internet Explorer 8 comes with Windows 7 and includes a vast number of security improvements that make this the safest version of IE yet. This section examines the security features Microsoft added to Internet Explorer 8. These features were absolutely necessary: ever since Microsoft integrated Internet Explorer with the Windows shell beginning in the mid 1990s, Internet Explorer has been a major avenue of attack against Windows.



InPrivate Browsing
Internet Explorer 8 can optionally run in a new InPrivate Browsing mode, effectively hiding your tracks as you travel around to the more nefarious parts of the Web or, what the heck, secretly shop for a spouse’s birthday present online. More specifically, InPrivate Browsing turns off IE’s ability to locally store or retain browser history, temporary Internet files, form data, cookies and user names, and passwords. It does allow you to download files and add sites to your Favorites. By default, IE add-ons like toolbars are disabled in InPrivate Browsing mode, but you can change that from Internet Settings if desired.

A related feature, InPrivate Filtering, is a first step in addressing the way in which many Web sites share data with each other. Consider a mainstream Web site like wsj.com, for The Wall Street Journal. This site is certainly reputable, but it utilizes advertising services that work across multiple non-WSJ Web sites. Once these services have collected information about you on wsj.com, they can track you across other sites that utilize the same services. This is usually innocuous, but it’s possible that a malicious site could take advantage of this capability and deliver dangerous content via other sites.

InPrivate Filtering provides basic protection against this potential kind of attack by preventing, by default, more than 10 cross-site calls. It’s not enabled by default, however, but once you enable it you have decent control over how it works. For example, you could lower the threshold for cross-site content (down to a minimum of three), choose to allow or block specific sites, and so on. It’s interesting to look at just to see what the sites you visit are up to. You might be surprised.



SmartScreen Filter
IE8’s SmartScreen Filter is the new version of the anti-phishing filter that debuted in IE7.
It’s been renamed to reflect the fact that it now performs both anti-phishing and antimalware functions, protecting you and your PC from electronic attacks. So if you attempt to browse to a site that is known to deliver malware, or you attempt to download a known bad file, IE8 will prompt you with a warning.

You can manually check the current Web site if you’re unsure of something. When you do so, the SmartScreen Filter tells you what it knows about the site. You can also report a Web site that you think might be fraudulent. Microsoft says that almost 50 percent of the data in its SmartScreen database comes from users.



Address Bar Domain Name Highlighting
It seems like a small thing, but IE8 also highlights (bolds) the domain name in the URL, helping to ensure you’re visiting a legitimate Web site. Consider the following complex (but imaginary) URLs to see why this is important:

https://secure.winsupersite.com?key=10923
https://secure.winsupersite.com.h4x.com?key=10923

If you weren’t paying attention—and who is, really?—you might miss the fact that the second address points to a malicious Web site. But when you highlight the domain name as follows, the difference is a bit more apparent. It’s like the third brake light on automobiles:

https://secure.winsupersite.com?key=10923
https://secure.winsupersite.com.h4x.com?key=10923



Other Internet Explorer Security Features
The list of Internet Explorer security features is vast, although you won’t likely run into most of them unless you’re truly unlucky. IE8 integrates with Windows Defender to provide live scanning of Web downloads to ensure that you’re not infecting your system with spyware, and it integrates with Windows 7’s parental controls as well as Windows Live Family Safety to ensure that your children are accessing only those parts of the Web you deem safe. In addition, various low-level changes prevent increasingly common cross-domain or cross-window scripting attacks and blocks malicious malware installation attempts.



Should Internet Explorer 8 somehow be compromised, there’s a way out. An
Internet Explorer mode called Add-ons Disabled Mode loads IE with only a minimal set of add-ons so you can scrub the system of any malicious code. You can access this mode by navigating to All Programs -> Accessories -> System Tools -> Internet Explorer (No Add-ons) in the Start menu. Alternately, you can use Start Menu Search to find Internet Explorer (No Add-ons).


Source of Information : Wiley Windows 7 Secrets (2009)

No comments:

Cloud storage is for blocks too, not just files

One of the misconceptions about cloud storage is that it is only useful for storing files. This assumption comes from the popularity of file...