Microsoft trumpets security additions in upcoming IE8
Slates anti-malware, cross-site scripting defenses in August's IE8 Beta 2
Computerworld - Microsoft Corp. today outlined new security features that it plans to add to Internet Explorer (IE) next month, including anti-malware protection to match tools similar to those offered by its rivals and a filter the company said would block most cross-site scripting attacks.
Internet Explorer 8 Beta 2, which Microsoft has slated for release sometime in August, will include two new security tools, said Austin Wilson, the director of Windows client product management.
One, dubbed "SmartScreen Filter" by Microsoft, adds malware blocking to the antiphishing protection already embedded in IE7. The new feature, which will resemble the defenses already used by rival browsers Firefox 3.0 and Opera 9.5, will warn users when they're about to visit a site known or suspected of spreading malicious code and then block any download from that site.
Unlike Mozilla Corp.'s Firefox, which retrieves a blacklist several times daily, then stores it locally to compare against Web site addresses, IE8 will dynamically determine whether a site is potentially dangerous by pinging remote servers each time a user tries to reach a page.
Microsoft will use multiple third-party sources to compose the blacklists for both phishing and malware-hosting sites, said Wilson. It will also draw on data gathered by Windows Defender, the company's free antispyware tool. Wilson would not disclose the third-party information providers, however.
"We get the data feeds and update our lists multiple times a day," he said. "And IE8 makes the call to the URL reputation service servers, and if it's a phishing or malware site, the browser navigates away from the page and displays a warning."
He denied that the process would have a noticeable effect on IE8's performance. "Our choice was to make sure that the user has the most recent data possible," he said. "We do an asynchronous call, so the page rendering takes place while the call is made to the reputation servers."
Also to debut next month in IE8 Beta 2 is an integrated filter that Microsoft said would prevent most cross-site scripting attacks. "Today, the end user can be doing all the right things, checking the URL to make sure it's legitimate, only going to trusted sites, but because of vulnerabilities on the Web server side, they can still be compromised," said Wilson, referring to cross-site scripting attacks, which are most commonly used by identity thieves and have been on the upswing.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts