Microsoft today announced new security features that will be present in Internet Explorer 8 Beta 2. They were created to help fight attacks through ‘drive-by downloads’ and malicious scrips contained in links present in emails and web pages. Most new features require systems to run either Windows XP SP3 or Windows Vista SP1.
Probably the most anticipated new feature is malware protection. Opera 9.5 and Firefox 3.0 recently added malware protection, while Safari has no plans for that.
Using much of its anti-malware technology, Microsoft will block emerging threats with an alert to users occupying the entire IE 8 navigation screen. Adding malware protection to the existing phishing filter will be called Microsoft SmartScreen.
IE 8 Beta 2 will also have a Cross Site Scripting (XSS) filter, which should prevent scripts embedded in a link from running in the browser. Other features already announced earlier, which were also present in the Beta 1 browser, are the highlight in the domains in the address bar to differentiate them from the rest of the URLs and extended SSL verification.
Using Data Execution Prevention (DEP) on Windows XP SP3 and
Windows Vista SP1, IE 8 will also check and block
any download classified as unsafe
ActiveX per site
Highlighting of domains
Unsecured site alert
IE 8 Beta 1 has already introduced several changes in how the browser handles ActiveX controls. The first, the components are now installed with user privileges, which eliminates the need to provide administrative privileges. The second, you must confirm whether or not to run the components by eliminating the drive-by downloads. The third, components will be "per site" and will only be available from the source site. And finally, developers can order Microsoft killbits, which can be sent by Windows Update to eliminate vulnerable or outdated components.
For developers, Microsoft is including improvements to better communication between the browser and the web server. Cross Domain Requests (CDR) is a safer way for the browser to get data from other domains; and Cross Domain Messaging (XDM) is a safer form for the browser to send a message through a domain. Microsoft reported that it is working with other browser developers to standardize these items.
Beta 2 Internet Explorer 8 audience will be available in August.
Leave a comment