IE’s Extreme Security Makeover

So far, I like what I have seen in the new Internet Explorer - particularly tabbed browsing. I still can not help, but do not know why there are so, so Microsoft long-term implementation of such a simple function, but at least its final.

Last month, I touched on a number of on the new security features and architectural enhancements in Internet Explorer 7 (IE 7). Because the previous versions of IE, have no such pain in the neck, from a security perspective, I hope that more in-depth look at the IE 7, so that the table in the area of security.

"too many commercial CAs SSL certificates hands Like candy, not fully verify the identity the requirements. " Microsoft has rewritten a good point of IE 7 core code to help combat attacks on the malformations URL (ie, often resulting in a buffer overflow). Now funnel all the URL address, through a single function (thus reducing the amount of code "reliable" when the URL).

Idea here is the URL to see less Code equivalent to the possibility of wrong. This is not a bad approach. New behaviour is similar to the way illegal immigrants 6 funnel, in all HTTP requests through a system-level HTTP for listeners basic checks before passing the data along. This type of hardening is a very good building strategy, because it can help reduce the risk of certain types of attack.

Situational awareness area, some interesting is happening is in the area of end-user situational awareness. And IE 7, Microsoft has enhanced the visual signs help you understand them, which places what they are here production is connected to them .

Internet Explorer 7 # 160 version Review: ¦Â on the 1st Status: ¦Â on the 1st the expected release date: mid - to late 2006 (current) For example, IE 7, requires that all browser window display address bar.

This helps defeat the attackers, a new Windows operating camouflage as a legitimate Web site, in fact the site is fraudulent website . Asked an address bar, users will be able to immediately see the real show the URL of the page, to these types of attacks more obvious. If you think you are seeking www.microsoft.com, but www.illhackyou.net browser address bar, you should be suspected.

Early November, a group of Web browser developers to sit down together and began actively drafting standards address bar coloring, it can prompt the user secured to connect. Under the proposals set out in IE 7 team membersÇÀFranco, and even Use of a standard SSL certificate will display a standard white Address bars. Use of a more powerful, but unspecified security level will be with a green to the Bar.

Conservative color planning - S SL shown in connection GM white - is a very good decision. Too many commercial certification authorities hand out SSL certificates like candy, not fully verify the identity certification requirements are. Therefore, you can not be certain your website belonging to your bank, even if it has a SSL certificate issued to you Bank name.

Franco also said that when navigating to an SSL-protected website, the address of IE 7.0 Bar will display names and the names of the certification body, In "br> address bar. This will also help users better understand how the case. You can read more thinking in http://tinyurl.com/9fqk7 Franco.

As an aside, I really would like to see Microsoft reducing the number of certification authorities (CAS), pre-approved, in the new version of Windows operating system. To a minimum, should be recognized CAS Microsoft Windows bundle in line with the more stringent requirements identity verification certificate issued in its entire process.

Shield time! People are using the Windows Vista Beta 2 will find a new feature called protected mode, to IE 7 can not be modified system files and settings . This is basically bad part of the integration of IE with Windows itself. All communications with the operating system through a broker process, the test results of all alone any communications equipment - like the script action - might try to download or modify system data.

This is a welcome and fundamental change. Basically, Protected Mode throwing a shield around IE and walls took off from the rest of Windows or any trouble that is likely to become. Unfortunately, this capacity will be unable to use In Windows XP, because it is woven directly into Windows Vista itself.

In a certain sense, protected mode, is a recognition that it may not be able to repair IEs security caused serious compatibility issues. Instead of setting browser, Microsoft chose to isolate it from the operating system.

"Microsoft position is that any browser - or any sophisticated pieces code for this matter - there will not be any security loopholes. " Another source of chronic IE security flaw has been add-ons like ActiveX control and Browser Helper Object (bhos). These have become notorious because catheter spyware, adware and malicious software. Sadly, these are often misused, scalability characteristics stay in IE 7, although they have installed more secure default settings.

IE 7.0 does provide a "no add-ons" mode disable all the add-ons. Also a special Start menu quick launch, in this mode. IE 7 Beta 2 is will continue to be A new Add-on Manager, which allows you to see more easily what the installation , and help you remove any add-ons.

That is the case, and the Chinese Academy of Sciences, some form of supervision would be welcome. Microsoft certification programs - Signed similar driver - will promote protection. Microsoft can legally analysis add-ons, such as MSN Search Toolbar or Google Toolbar compliance with safety standards. Those who abide by the will will be digitally signed by Microsoft. Unsigned add-ons will be a total ban.

Yes, this type of plan will put Microsoft in the position of testing and certification approval Add-ons, but they have This can be achieved drivers, to help ensure that the system stability. In most cases, simply does not do anything to verify additional surreptitious sufficient.

Is it really more secure? Microsofts position is that any browser - or any sophisticated pieces code for this matter - there will not be any security loopholes. This is true, but one-way other browsers to reduce the problem is to reduce the complexity of including the built-in features and less characteristics. That is, to a more complex routes.

Most notorious security flaws that stems from its all-pervasive integration and Windows. This is a feature, there is no other browser offers - and is capable of Vista This mode of protection intended to reduce losses. IE 7, it will obviously not disarm All of these are tightly integrated. Lack of deep architectural changes to focus instead sclerosis or eliminate potential security vulnerabilities. Unfortunately, this approach requires Microsoft foresee all possible disturbances and block its advance - almost no way a panacea, ensure that in a browser.

IE 7.0 is eliminating a large number of legacy code, can be traced back to that day on the 4th This is a welcome development. If there is a better look at the IE 7 made less functional in some areas and separated from Windows itself. For example, Microsoft can also eliminate ActiveX support or limit what ActiveX and related technology can do. Of course, breaking the ActiveX technology has brought significant compatibility issues.

the testing routine Disclaimer: software described here is incomplete and still under development stage expect it to change before its final publication - and hope it changes for the better to achieve.

Solution to the problem is already out there in the Windows 2003 Server, which features In "br> default Internet Explorer of the enhanced configuration. This lock flavor that is, slightly more than the HTML. If you want to add-ons for IE, you must install a cautious Windows components, in order to reach this point. In a perfect world, ActiveX and other trouble, and the technology does not at all, until you actually click "Windows installation procedures and install their own.

IE 7 offers several new security features, but it almost does not take into account situation will improve. Hong Kong already has a security update a test version of IE 7.0 released, whether in Windows Vista and Windows XP computers. Safety loopholes in product testing and should not be alarming (that is, 7, it is difficult to have any Do you think the "finished" on this point), but it may be a sign that the product architecture and design still have basic security issues.

Missing? Spate of new IE security enhancements should close the door for many to the real attack. The question is, can developers at the Microsoft stay one step ahead of the bad guys always possible the foreseeable future? Ultimately, the biggest security weaknesses in IE 7 will be used it. Most attacks now - Fishing as the best example - the use of social shortcomings than technical deficiencies. Features such as: Fishing filter is likely just the first serve in the war over social attacks. Even If IE7 browser - with all the other browser on the planet - a 100 percent safety From the point of view of the code, they still be vulnerable to those who seek to use other peoples ignorance.