News

Tougher Security Planned for Internet Explorer 8

In the wake of a report suggesting that IE was the least secure Web browser, Redmond on Wednesday touted the security features expected to appear in IE 8.

In the wake of a report suggesting that Microsoft's Internet Explorer was the least secure of all leading Web browsers, Redmond on Wednesday touted the security features expected to appear in IE 8. The company is promising nothing less than "comprehensive protection" with IE 8's new features.

IE 8's upcoming bells and whistles were described by Eric Lawrence, Microsoft's security program manager for IE, in a blog post. The browser is currently available to the public only in beta test form.

New security functions in IE 8 include the blocking of code that exploits cross-site-scripting (XSS) vulnerabilities, plus local browser defense functions and upload controls for streamed data. IE 8 will also include translation functions to help users stay safe as they input and output data on social networking sites.

The flagship feature will be the deflection of XSS vulnerabilities. Such exploits typically take advantage of holes in Web applications to siphon out search or surf history by swiping info on cookies and other data. Such stolen info can then be used to visit sites where passwords may have been saved at logon interfaces. It can also be used to vandalize, change or delete critical data on a workstation or network.

In the blog, Microsoft's Lawrence wrote that "Preventing XSS on the server-side is much easier that catching it at the browser…[you] simply never trust user input. Most web platform technologies offer one or more sanitization technologies -- developers using ASP.NET should consider using the Microsoft Anti-Cross Site Scripting Library."

Local browser defense functions in IE 8 will be able to contain threats to an application running on an individual workstation. It will stop hackers on a local machine before they branch out onto the network. This fix is crucial, considering the rise in attacks that can give a hacker network access through just one PC in an enterprise environment.

A SmartScreen Filter feature in IE 8 will serve as an upload control, tagging suspicious activity on sites known for attacks. It will display a big warning over a red background before the page even loads. The user will have the option to either "disregard" or "continue" visiting the site.

One of the more basic yet prominent features in IE 8 will be domain highlighting. The browser will automatically highlight what it considers to be the owning domain of the site visited, with the highlight appearing in the browser's address bar. Redmond contends this function will help prevent attacks where the interfaces and graphic presentation of trusted Web Sites are co-opted for fake sites.

As Redmond points out, the domain highlighting function "helps users identify the real site they're on when a website attempts to deceive them."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.