Internet Explorer 7 adds security

Internet Explorer (IE) has certainly had its share of flaws and vulnerabilities. Many of the most effective viruses and worms in the past couple of years owe their success to exploiting holes in Internet Explorer. A number of vulnerabilities have been reported to Microsoft that have yet to be patched, so the clock is ticking to see if hackers can exploit the flaws before Microsoft can fix them.

The security risks inherent in using IE have led many to migrate to new Web browser platforms, mainly Mozilla's Firefox. Of course, Firefox has its own share of highly critical flaws, so users shouldn't let down their guard just because they've made the switch. Users who migrate often think they are safe simply because they are using a different browser. That mentality puts them at greater risk than using Internet Explorer and being aware of its weaknesses.

Microsoft Internet Explorer represents a more prestigious attack to hackers, and it has a much larger population of users, so it is heavily targeted. To combat criticism of IE's security and stem the tide of users switching away from IE, Microsoft accelerated the release of Internet Explorer 7 (IE7) to the end of this year from its original scheduled release as part of Windows Vista, due in late 2006.

Internet Explorer 7, currently released in its beta testing version, offers a variety of new features and components, most of which have been "borrowed" from competing products such as Firefox. However, one of the central reasons for releasing IE7 is to improve security so the product is safer and the user experience as well. Below are a few of the key security updates included in IE7:

Internet Explorer 7 is still in beta testing. Microsoft is planning a refreshed release of Beta 1 before it even moves on to releasing Beta 2. As for Beta 1, there are still a number of features that have not even been incorporated yet, and a few of the existing features are a little buggy. Microsoft will

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Microsoft Internet Explorer management Four Internet Explorer 8 group policy security settings Safe enterprise Web browsing: Five tips in five minutes Top client security tips of 2006 Phishing filter: Step 2 General security configuration: Step 1 Windows Vista and IE7: Step 5 ActiveX opt-ins, information bar and cross-domain protection: Step 4 Protection against international domain names, URL handling: Step 3 IE8 brings focus to cross-browser compatibility and Web standards Cross-site Scripting 102: How to defend against cross-site scripting Windows desktop security tips Managing multiple passwords in Windows Using System Center Essentials as a patch management tool How Windows 7 stands up to security tests Securing sensitive data on Windows-based laptops Gathering and documenting your Windows desktop security policies Windows desktop security standards documentation best practices Desktop security preparation for a new wave of Windows apps Four Internet Explorer 8 group policy security settings The state of enterprise security and emerging threats in 2009 Why should Windows shops use Microsoft Baseline Security Analyzer?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary ActiveX  (SearchEnterpriseDesktop.com) ActiveX control  (SearchEnterpriseDesktop.com) Internet Explorer  (SearchEnterpriseDesktop.com) Internet Explorer Administration Kit  (SearchEnterpriseDesktop.com) tabbed browsing  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

continue to work out the kinks until the final production release toward the end of this year.

This first beta of IE7 shows a lot of promise. Microsoft will still not commit to making IE7 conform to some Web industry standards in terms of functionality, but in terms of security, the company seems to be moving in the right direction. I'd like to see the phishing alert displayed more prominently if Microsoft wants to get the user's attention, and there are a few other cosmetic changes I would like to see in Beta 2, but we'll just have to wait and see.

About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet / Network Security, providing a broad range of information security tips, advice, reviews and information. Bradley contributes frequently to other industry publications. For a complete list of his freelance contributions, visit Essential Computer Security (http://www.tonybradley.com).

Reader Feedback

Howard M. writes:
Will the release of IE7 make IE6 more vulnerable to attacks because the security fixes in IE7 can be reverse-engineered by attackers to attack IE6?

Author's Response

The fact that Internet Explorer 7 seems to be such an integral part of the upcoming Windows Vista operating system and that Microsoft has chosen to only make it available for newer platforms, basically only Windows XP with SP2 or later, seems to suggest that the lion's share of the code is fresh and that it would be too large of an undertaking to make it backwards compatible with previous Windows operating systems.

Assuming that is true, users of Internet Explorer should be safe. As long as Internet Explorer 7 is primarily new code, and not just a patch-job of existing Internet Explorer 6 code, the threat of having IE7 reverse-engineered to identify flaws in IE6 seems minimal.