News

Tougher Security Planned for Internet Explorer 8

In the wake of a report suggesting that IE was the least secure Web browser, Redmond on Wednesday touted the security features expected to appear in IE 8.

In the wake of a report suggesting that Microsoft's Internet Explorer was the least secure of all leading Web browsers, Redmond on Wednesday touted the security features expected to appear in IE 8. The company is promising nothing less than "comprehensive protection" with IE 8's new features.

IE 8's upcoming bells and whistles were described by Eric Lawrence, Microsoft's security program manager for IE, in a blog post. The browser is currently available to the public only in beta test form.

New security functions in IE 8 include the blocking of code that exploits cross-site-scripting (XSS) vulnerabilities, plus local browser defense functions and upload controls for streamed data. IE 8 will also include translation functions to help users stay safe as they input and output data on social networking sites.

The flagship feature will be the deflection of XSS vulnerabilities. Such exploits typically take advantage of holes in Web applications to siphon out search or surf history by swiping info on cookies and other data. Such stolen info can then be used to visit sites where passwords may have been saved at logon interfaces. It can also be used to vandalize, change or delete critical data on a workstation or network.

In the blog, Microsoft's Lawrence wrote that "Preventing XSS on the server-side is much easier that catching it at the browser…[you] simply never trust user input. Most web platform technologies offer one or more sanitization technologies -- developers using ASP.NET should consider using the Microsoft Anti-Cross Site Scripting Library."

Local browser defense functions in IE 8 will be able to contain threats to an application running on an individual workstation. It will stop hackers on a local machine before they branch out onto the network. This fix is crucial, considering the rise in attacks that can give a hacker network access through just one PC in an enterprise environment.

A SmartScreen Filter feature in IE 8 will serve as an upload control, tagging suspicious activity on sites known for attacks. It will display a big warning over a red background before the page even loads. The user will have the option to either "disregard" or "continue" visiting the site.

One of the more basic yet prominent features in IE 8 will be domain highlighting. The browser will automatically highlight what it considers to be the owning domain of the site visited, with the highlight appearing in the browser's address bar. Redmond contends this function will help prevent attacks where the interfaces and graphic presentation of trusted Web Sites are co-opted for fake sites.

As Redmond points out, the domain highlighting function "helps users identify the real site they're on when a website attempts to deceive them."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.