According to the official Microsoft Developer Network IEBlog Internet Explorer 8 will come packed with a whole host of new security features. These will include the SmartScreen Filter which replaces the Phishing Filter in current versions of the browser. Eric Lawrence, Program Manager for Internet Explorer Security says that this will be "a replacement that improves upon the Phishing Filter in a number of important ways" which include:
- Improved user interface
- Faster performance
- New heuristics & enhanced telemetry
- Anti-Malware support
- Improved Group Policy support
There is also going to be better cross-site scripting (XSS) defenses courtesy of IE8 blocking the most common form of XSS attack, the reflection attacks. The IE8 XSS Filter is a heuristic-based mitigation that sanitizes injected scripts, preventing execution. Lawrence says "XSS Filter provides good protection against exploits, but because this feature is only available in IE8, it’s important that web developers provide additional defense-in-depth and work to eliminate XSS vulnerabilities in their sites."
David Ross, a security software engineer working on IE8 adds that "The XSS Filter operates as an IE8 component with visibility into all requests / responses flowing through the browser. When the filter discovers likely XSS in a cross-site request, it identifies and neuters the attack if it is replayed in the server’s response. Users are not presented with questions they are unable to answer – IE simply blocks the malicious script from executing."