Login, change your address, subscribe to new or manage current magazines or e-newsletter subscriptions
IT World Events
Site Map - Affiliates
ComputerWorldNetwork WorldCIO CanadaCIO Canada Governments' ReviewJobUniverse Canada
Enter your  QUICKLINK number to go directly to that article.
Advanced Search
Knowledge Centres
Content Types
Featured White Papers
Unlock the potential of data with the right data warehouse solutionUnlock the potential of data with the right data warehouse solution
Provided by: IBM
read more
IBM Multiform Master Data Management: The evolution of MDM applicationsIBM Multiform Master Data Management: The evolution of MDM applications
Provided by: IBM
read more
Closing the data privacy gap: Protecting sensitive data in non-production environmentsClosing the data privacy gap: Protecting sensitive data in non-production environments
Provided by: IBM
read more
Yuk it Up
Green IT Playbook
Featured IT Quiz
IT Quiz: IT World Canada and IDC Canada want to know how your Green IT strategy is shaping up. Take this quiz to see how your company stacks up against other IT World Canada readers.
Featured White Papers
This white paper details Intel's current and future energy-saving initiatives to reduce costs and support business goals. Learn how Intel IT is extending its efforts to be a role model enterprise IT organization by supporting the Climate Savers Computing Initiative, which aims to drive a 50 percent reduction in computer-related CO2 emissions worldwide. No registration required.
Sign-Up for
Security
eNewsletter Delivered Weekly
Click here
Page 1 of 2

Microsoft trumpets security additons in IE8

By: Gregg Keizer - Computerworld (SS)  (03 Jul 2008)

The company will use multiple third-party sources to compose the blacklists for both phishing and malware-hosting sites, and will also draw on data gathered by Windows Defender, its free anti-spyware tool

Microsoft Wednesday outlined new security features it will add to Internet Explorer (IE) next month, including anti-malware protection to match tools similar to those offer by its rivals and a filter the company said would block most cross-site scripting attacks.

Internet Explorer 8 Beta 2, which Microsoft has slated for release sometime in August, will include two new security tools, said Austin Wilson , the director of Windows client product management.

One, dubbed "SmartScreen Filter" by Microsoft, adds malware blocking to the anti-phishing protection already embedded in IE7. The new feature, which will resemble the defenses already used by rival browsers Firefox 3.0 and Opera 9.5 , will warn users when they're about to visit a site known or suspected of spreading malicious code and then block any download from that site.

Unlike Mozilla Corp.'s Firefox, however, which retrieves a blacklist several times daily, then stores it locally to compare against URLs, IE8 will dynamically determine whether the site is potentially dangerous by pinging remote servers each time a user tries to reach a page.

Microsoft will use multiple third-party sources to compose the blacklists for both phishing and malware-hosting sites, said Wilson, and will also draw on data gathered by Windows Defender, the company's free anti-spyware tool. Wilson would not disclose the third-party information providers, however.

"We get the data feeds, and update our lists multiple times a day," he said. "And IE8 makes the call to the URL reputation service servers, and if it's a phishing or malware site, the browser navigates away from the page and displays a warning."

He denied that the process would have a noticeable impact on IE8's performance.

"Our choice was to make sure that the user has the most recent data possible," he said. "We do an asynchronous call, so the page rendering takes place while the call is made to the reputation servers."

Also to debut next month in IE8 Beta 2 is an integrated filter that Microsoft said would prevent most cross-site scripting attacks. "Today, the end user can be doing all the right things, checking the URL to make sure it's legitimate, only going to trusted sites, but because of vulnerabilities on the Web server side, they can still be compromised," said Wilson, referring to cross-site scripting attacks, which are most commonly used by identity thieves and have been on the upswing.

"When IE8 sees a cross-site scripting attack, it stops that script from being reflected to the server, and stops the attack at the client," Wilson added.

Page 1 of 2
Send to a Friend  Rate This Page  Print This PageAdd a new comment
Bookmark this article on:
del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!

Have something to say about this article? Add a new comment

If you find a comment inappropriate, You can notify the moderator by clicking the Report an innapropriate comment icon.
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields



Related Content
Articles

Special Advertising Partners
IDC Case Study: Identity And Access Management Buying Criteria.
IDC analyses IAM buying criteria and deployment at Coppin State University. Coppin State replaces "first generation" IAM solution to obtain benefits needed for today's agile enterprise: ease of integration, rapid deployment, simplified compliance, flexibility.
White Papers
Closing the data privacy gap: Protecting sensitive data in non-production environments
How can IT organizations protect sensitive data, including employee and customer information, as well as corporate confidential data and intellectual property? Industry analysts recommend "de-identifying" or masking data as a best practice for protecting privacy. This white paper explains the importance of closing the data privacy gap in non-production environments, and provides guidance on effective data masking. Complimentary with registration. Sponsored by IBM.
Unlock the potential of data with the right data warehouse solution
Once you've made the decision to implement a new data warehouse, you want to make sure you choose the one that's right for your organization. This buyer's guide provides checklists for starting points that you can use when evaluating vendors and their products. Complimentary with registration. Sponsored by IBM.
Prepare for a more efficient SAP implementation: Take data issues off the critical path
This white paper outlines how the Preliminary Data Assessment Appliance (PDAA) from IBM can help address the challenges of integrating data from different operational applications across the enterprise to an SAP platform. Complimentary with registration. Sponsored by IBM.
Copyright InformationPrivacy Policy Site MapAbout UsMedia CentreReprint ServicesMobileFeedbackContact Us
PC World CanadaIntergovworld.comIT Vendors DirectoryBio-IT WorldCIO TitlesCMOComputerWorld TitlesCSO
GlossaryDarwinGameProInfoworldGames.netITJobUniverseJavaWorldMacCentral
MacWorldNetwork World TitlesPCWorldPlaylistIDG WorldWide Network
©2008 ITworldcanada.com All rights reserved.