Internet Explorer 7 adds security

Internet Explorer (IE) has certainly had its share of flaws and vulnerabilities. Many of the most effective viruses and worms in the past couple of years owe their success to exploiting holes in Internet Explorer. A number of vulnerabilities have been reported to Microsoft that have yet to be patched, so the clock is ticking to see if hackers can exploit the flaws before Microsoft can fix them.

The security risks inherent in using IE have led many to migrate to new Web browser platforms, mainly Mozilla's Firefox. Of course, Firefox has its own share of highly critical flaws, so users shouldn't let down their guard just because they've made the switch. Users who migrate often think they are safe simply because they are using a different browser. That mentality puts them at greater risk than using Internet Explorer and being aware of its weaknesses.

Microsoft Internet Explorer represents a more prestigious attack to hackers, and it has a much larger population of users, so it is heavily targeted. To combat criticism of IE's security and stem the tide of users switching away from IE, Microsoft accelerated the release of Internet Explorer 7 (IE7) to the end of this year from its original scheduled release as part of Windows Vista, due in late 2006.

Internet Explorer 7, currently released in its beta testing version, offers a variety of new features and components, most of which have been "borrowed" from competing products such as Firefox. However, one of the central reasons for releasing IE7 is to improve security so the product is safer and the user experience as well. Below are a few of the key security updates included in IE7:

1. Phishing filter: IE7 compares Web sites against a Microsoft-maintained database of known phishing sites and looks for clues that a domain name may be spoofed or otherwise illegitimate. It gives the user a warning or alert that the site they are on may be a phishing site.
2. Cross-domain scripting: IE7 will append the originating domain name before running scripts and restrict the ability of the browser to interact with outside content or domains. These features will help protect against Web site and domain spoofing.
3. Restricted privileges: The version of IE7 that will come bundled in Windows Vista incorporates the LUA (least-privilege user account) feature to ensure that the browser is unable to modify or execute files it should not. This feature is not available in the standalone, or Windows XP, version of IE7 though.
4. More efficient history deletion: In IE6, erasing the browser history containing various site information that the browser has previously accessed, has required delving down a few levels through the Internet Explorer menus. IE7 includes a button for one-click deletion of browser history to erase personal data and passwords and more easily protect the user.

Internet Explorer 7 is still in beta testing. Microsoft is planning a refreshed release of Beta 1 before it even moves on to releasing Beta 2. As for Beta 1, there are still a number of features that have not even been incorporated yet, and a few of the existing features are a little buggy. Microsoft will continue to work out the kinks until the final production release toward the end of this year.

This first beta of IE7 shows a lot of promise. Microsoft will still not commit to making IE7 conform to some Web industry standards in terms of functionality, but in terms of security, the company seems to be moving in the right direction. I'd like to see the phishing alert displayed more prominently if Microsoft wants to get the user's attention, and there are a few other cosmetic changes I would like to see in Beta 2, but we'll just have to wait and see.

About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information. Bradley contributes frequently to other industry publications. For a complete list of his freelance contributions, visit Essential Computer Security (http://www.tonybradley.com).

Rate this Tip To rate tips, you must be a member of SearchCIO-Midmarket.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Information security management for the midmarket Mobile device management: From business apps to device security Test your knowledge: IT quizzes for midmarket CIOs Droid does, but will IT support it? Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility Information technology management e-book downloads for midmarket CIOs 10 must-have steps for an effective SMB information security program Your IT security budget: How to get more bang for the buck Security tools for the midmarket Why CIOs need to get real about identity and access management in 2010 Free risk management tools and resources for the enterprise IT security spending a bright spot in '09, with more growth predicted Security and risk management in the midmarket Identity and access management planning guide for the midmarket A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Unified communications: Securing access to OCS Unified communications security: How safe is it? Security for the midmarket Information security program revamp adds outsourcer oversight and more Your IT security budget: How to get more bang for the buck Locking down security in the move to electronic medical records A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Stopping malware viruses from attacking Web 2.0 technology Virtual servers no escape from IT security management concerns Unified communications: Securing access to OCS Unified communications security: How safe is it? RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.