Microsoft tightens IE 7's security

By Derek Sooman on December 13, 2005, 8:07 PM
IE 6 is getting a pretty bad reputation for security this news site has reported many times on a wide range of security flaws effecting the browser, many of which immediately after discovery were afflicted with exploit code. Microsoft remains committed to reversing this situation with IE 7, the next incarnation of the browser, and as such is concentrating very much on security in this next version of the application.

The company has now detailed several changed in the way IE 7 will classify Web sites for security, hoping that the ultimate effect will be to reduce the likelihood that users will fall victim to malicious code. Currently, IE has four classifications for Web sites: Internet, local intranet, trusted, and restricted. The browser then uses these classifications to determine if certain functions will be allowed to execute for example if Active X controls can run or not. For IE 7, Microsoft is working on preventing the browser from running malicious code in less restrictive security zones.

The local intranet zone is not really relevant for home users, the engineers said. Instead, a change has been made to IE 7 so that, when a PC is not on a managed corporate network, IE will treat apparent intranet sites as if they were on the Internet.

"This change effectively removes the attack surface of the intranet zone for home PC users." they wrote. They credit the change to an idea from a summer intern working at the company.

However, if a machine is running on a domain, IE 7 will automatically detect the intranet sites and revert to the intranet zone settings. Network administrators will be able to set group policies to ensure the browser runs as desired, the engineers wrote.

In the future, the Internet zone will run in what the company calls protected mode. This should help prevent the kinds of attacks that IE has been vulnerable to in the past. Another new feature, dubbed ActiveX Opt-In, will reduce potential damage from malicious Active X controls in the Internet zone.




User Comments: 4

Got something to say? Post a comment
enasni said:
I rejected a sober worm virus last night.It sent an e-mail to my mother who was just simply reading her e-mail and one of them said "Your Password", So she opened it and my computer shut down.I turned it on and it was all distorted so I hacked the viruses code and deleted it which took a lot of time.The code is unrecognizable though seeing as how it kept changing.
tarun123v said:
"Active X controls" This is the Main Culprit in Internet Explorer, only IE browser Supports this Active X controls none of the rest browsers supports this type of feature.This Active X control give lot of control to a websites,using that feature they can download some software through IE and implement it into OS of Client's PC's This feature is boon to users if used in controlled way or else it will create lot of problems in clients machine
Masque said:
Internet security is an ongoing issue...M$ is fighting it as hard as anybody and is gaining ground. There's always somebody smarter that's just waiting to pounce on unprotected systems but the way to beat 'em is by constantly searching and updating against weaknesses.
mrprimo55 said:
I think that it's just as important for Microsoft to make a way to spot phishing, because this is becoming just as bad as the ActiveX problems. I work in a computer repair shop and lately I've talked to many people who don't know a whole lot and think that their passwords have been "hacked" when it turns out they opened a link asking for their eBay username and password and they obliged.
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.