CNET News.com
On Wednesday, Microsoft announced new security features in the upcoming release of Internet Explorer 8 Beta 2.
The features are designed to combat the rising tide of drive-by downloads and malicious scripts contained within carefully crafted links embedded in email and web pages. Most of the new features require systems to be running Windows Vista Service Pack 1 (SP1) or Windows XP SP3.
Perhaps the most anticipated addition is Internet Explorer's (IE's) new anti-malware protection. Opera 9.5 and Firefox 3 both recently added anti-malware protection. Safari has so far not announced plans for similar protection.
Using mostly its own anti-malware technology, Microsoft will attempt to block emerging threats by masking the entire IE8 browser screen with a warning to users.
IE8 Beta 2 will have a cross-site scripting (XSS) filter, preventing scripts within a link from executing on the browser.
Previously announced features include highlighting domain names from the rest of the URL (so users can see they are on eBay.com, for example, not some other site), and extended verification SSL.
Using Data Execution Protection (DEP) within Windows XP SP3 and Windows Vista SP1, IE8 will scan downloads and block any that it deems dangerous.
IE8 Beta 1 has already introduced several changes when handling ActiveX components.
Components will be installed per user, which eliminates the need for everyone to have administrator privileges. In addition, users must acknowledge or opt-in for the component to run, eliminating drive-by downloads. Components will be per site and will only be available from the site of origin. Finally, site developers can request 'killbits' from Microsoft which can be sent via Windows Update to terminate risky or outdated components.
For developers, Microsoft is including improvements for better communication between the client browser and web server. Cross Domain Requests (CDR) is a more secure way for the browser to pull data from other domains; and Cross Domain Messaging (XDM) is a more secure means for a browser to send a message across a domain. Microsoft said it is working with other browser vendors to standardise these.
The public Beta 2 for Internet Explorer is expected at some point in August 2008.
Topic: Internet Explorer 8 to get anti-malware protection (Read 472 times)