This section of our Internet Explorer Security Learning Guide deals with Internet Explorer 7. Microsoft touted security as one of IE7's major concerns, and several of the Web browser's newly enhanced features demonstrate exactly that. Read about these new Web browser security features like the Active-X opt-in and anti-phishing technology as well as when you might not want to use Internet Explorer 7.
Table of contents
|Securing Microsoft Internet Explorer 7|
Internet Explorer 7
Internet Explorer 7 (IE7) is Microsoft's latest version of its popular Web browser. Touted as the most secure version of the Web browser to date, it still goes without saying that IE7 is not hacker proof. Internet Explorer 7's features are designed to prevent malware infections on your Windows system. With cross-site scripting protection and all Active-X controls shut off by default, Internet Explorer 7 users are protected from attacks from other malicious Web sites. Also, IE7's rewritten URL parser reduces the possibility of buffer overflow attacks.
Internet Explorer 7's title position as the newest version of the most oft-hacked Web browser makes it an appealing target for hackers who wish to install various types of malware on your system. Check out the tips below to get a handle on the type of security IE7 provides and how to keep your Windows shops as secure as possible.
Internet Explorer 7: How it can make your life easier
Internet Explorer 7 features a litany of new security features. Being aware of the ins and outs of IE7's new security features can make any security administrator's life easer.
Rewritten URL parser reduces buffer overflow exploits
Many of the security patches for previous versions of Internet Explorer have been designed to fix unchecked buffers. The reason why these Internet Explorer patches are so important is because hackers can construct malicious Web sites in such a way that they can trick a user into clicking on a link that is associated with an extremely long or malformed URL. When Internet Explorer attempts to parse the URL, the URL's malformed nature or excessive length would cause a buffer overflow. If the malicious Web site had managed to place executable code into just the right place within the buffer prior to triggering the buffer overflow, the buffer overflow could cause the code to execute.
In Internet Explorer 7, Microsoft has completely rewritten the URL parser. As a result, buffer overflow exploits within Internet Explorer should become a thing of the past.
One of the biggest security problems in previous versions of Internet Explorer was when malicious Web sites used ActiveX controls to steal information or to wreak havoc on the victim's system. There are actually a whole group of ActiveX controls that come with Internet Explorer and that are enabled by default in previous versions of the browser. These ActiveX controls were not intended to be malicious, but some hackers have figured out how to use the controls for malicious purposes.
In Internet Explorer 7, all built-in ActiveX controls are disabled by default. When a user accesses a Web page that requires one of these controls, the user can decide for herself whether or not to allow the ActiveX control to run. This helps prevent malicious Web sites from performing automated ActiveX-based attacks against Internet Explorer.
Another caveat in IE7 is anti-phishing technology. IE7 validates Web sites against a Microsoft-maintained database of known phishing sites and notifies users when a Web site is suspected of being a phishing site. Users can disable the phishing filter if they choose.
Internet Explorer 7 also comes with other user-friendly Web browser enhancements, like RSS support, tabbed browsing and cross domain scripting protection.
Internet Explorer 7's security issues
As with all new software technologies, true security, no matter how highly regarded, is an impossible dream. The same can be said of this new Web browser, as some IE7 flaws have been revealed in recent months. Internet Explorer 7 (IE7) is light years ahead of its predecessors, but by no means does that proclamation mean that the browser is perfect. You are still going to encounter issues with IE from time to time. Our concise guide delivers some troubleshooting steps that will clear up the majority of IE security issues that may come up.
Problems with the Web browser
Given the stack of protocols and applications that have to come together in order to make Internet browsing and access function properly, it can be difficult to nail down exactly what your problem is. If you're experiencing problems browsing the Web, try the following steps:
- Use an alternate browser. If you can connect to standard Web sites, then something within Internet Explorer is most likely the source of your problems.
- Try a different Internet connection. If you have a laptop, go to a wireless hotspot and try to connect. If you have access to a dial-up connection, try that temporarily. This can eliminate whether local network connections are causing the problem.
Check for problems on particular ports. See if you can connect to a secure Web site. If you can use an SSL-enabled site, chances are port 443 works. Try a standard Web site again; if it doesn't work, port 80 is a problem. This information can be useful in tracking down a port-sharing conflict.
Diagnose IE7 conflicts with third-party software
By far, the most common problems with Internet Explorer you'll find -- lockups, inability to load pages, irritating delays in responding to clicks and other user feedback -- are a result of a clash between plug-ins and other third-party applications you've added to a default Internet Explorer installation. Of course, troubleshooting IE in this way becomes more of a challenge when you have more than one add-in installed. One particular program could cause an issue and so could the way one program interacts with another. The permutations can mount up quickly.
To diagnose whether add-ins are part of your problem, Internet Explorer 7 comes with a No Add-ons mode. You access it by going to Start, All Programs, Accessories, and System Tools. Select "Internet Explorer (No Add-ons)" and see if the problems you've been encountering are still present, without all of the add-ins running. If indeed the problem is resolved without add-ins involved, then it's time to figure out which one is causing problems. Start IE7 the normal way, and then from the Tools menu, select Internet Options and then the Programs tab, and then click the Manage Add-ons button. Select an add-on from the list, and then click Disable. Lather, rinse, repeat as necessary.
For more tips and expert advice on Internet Explorer, including news about recent patches and updates, visit our hardening Internet Explorer tips page.