Microsoft announces host of new Internet Explorer 8 security features
Please support our Web Development advertiser: Programming Forums
Jul 2nd, 2008, 8:20 pm
According to the official Microsoft Developer Network IEBlog Internet Explorer 8 will come packed with a whole host of new security features. These will include the SmartScreen Filter which replaces the Phishing Filter in current versions of the browser. Eric Lawrence, Program Manager for Internet Explorer Security says that this will be "a replacement that improves upon the Phishing Filter in a number of important ways" which include:
There is also going to be better cross-site scripting (XSS) defenses courtesy of IE8 blocking the most common form of XSS attack, the reflection attacks. The IE8 XSS Filter is a heuristic-based mitigation that sanitizes injected scripts, preventing execution. Lawrence says "XSS Filter provides good protection against exploits, but because this feature is only available in IE8, it’s important that web developers provide additional defense-in-depth and work to eliminate XSS vulnerabilities in their sites."
David Ross, a security software engineer working on IE8 adds that "The XSS Filter operates as an IE8 component with visibility into all requests / responses flowing through the browser. When the filter discovers likely XSS in a cross-site request, it identifies and neuters the attack if it is replayed in the server’s response. Users are not presented with questions they are unable to answer – IE simply blocks the malicious script from executing."
- Improved user interface
- Faster performance
- New heuristics & enhanced telemetry
- Anti-Malware support
- Improved Group Policy support
There is also going to be better cross-site scripting (XSS) defenses courtesy of IE8 blocking the most common form of XSS attack, the reflection attacks. The IE8 XSS Filter is a heuristic-based mitigation that sanitizes injected scripts, preventing execution. Lawrence says "XSS Filter provides good protection against exploits, but because this feature is only available in IE8, it’s important that web developers provide additional defense-in-depth and work to eliminate XSS vulnerabilities in their sites."
David Ross, a security software engineer working on IE8 adds that "The XSS Filter operates as an IE8 component with visibility into all requests / responses flowing through the browser. When the filter discovers likely XSS in a cross-site request, it identifies and neuters the attack if it is replayed in the server’s response. Users are not presented with questions they are unable to answer – IE simply blocks the malicious script from executing."
Tags: ie8 internet explorer microsoft news
•
•
•
•
This blog entry was written by Bill Andad, staff writer aka newsguy. It has been filed under the Web Development category. It has received 3,029 views, 0 comment(s), and 11 linkbacks. It was promoted to featured news status Jul 2nd, 2008.
Related Blog Entries
- Hotz does it again, iPhone 3GS is jailbroken!!! (2 Days Ago)
- Michael Jackson sparks celebrity death hoax epidemic (5 Days Ago)
- Reading a 200 year old newspaper in the hot tub (6 Days Ago)
- Michael Jackson and web events (9 Days Ago)
- Find or dump a lover by email (9 Days Ago)
Related Forum Threads
- Microsoft Internet Explorer problem when logging on (Web Browsers)
- Microsoft Internet Explorer Wont Allow to Close (Web Browsers)
- Internet Explorer & Windows Explorer (desktop shortcuts) Won't Load! (Viruses, Spyware and other Nasties)
- new window in Internet Explorer is always blank (Web Browsers)
- Internet Explorer & Windows Explorer (desktop shortcuts) Won't Load! (Viruses, Spyware and other Nasties)
- Microsoft Internet Explorer Two Vulnerabilities (Web Browsers)
- Unknown Internet Explorer Issue (Viruses, Spyware and other Nasties)
- Internet Explorer Fails After Registry Removal (Viruses, Spyware and other Nasties)