informa
/
News

Microsoft Internet Explorer 8 RC1 Improves Security

Updates include architectural changes that mirror features found in Google's Chrome, Apple's Safari, and Mozilla's Firefox.
IE8 supports Data Execution Prevention, a technology that aims to reduce the exploitability of buffer overflows, which are commonly exploited for injecting malicious code. If programmers write their code with DEP in mind, many potential vulnerabilities could be eliminated.

IE8 also offers a private browsing mode called InPrivate, which allows the user to "launch a new browser session that won't record any information, including searches or Web page visits," as Microsoft puts it. This means that during InPrivate browsing sessions, which must initiated by the user, cookies, searches, Web history, and other information aren't stored where they usually are on the user's computer. Apple's Safari and Google's Chrome both offer similar technology, as does the current Mozilla Firefox 3.1 Beta 2.

Local privacy settings like this may be useful for hiding online activities from members of one's household, but they don't prevent your ISP or visited Web sites from recording the IP address or other transactional information.

InPrivate Browsing protections are disabled if Parental Controls are used.

IE8 also includes malware protection in the form of the SmartScreen Filter, the Cross Site Scripting (XSS) Filter, and Domain Highlighting. The SmartScreen Filter is a warning page that loads when the browser detects an attempt to visit an unsafe site. The XSS Filter attempts to detect malicious code on compromised Web sites. And Domain Highlighting highlights the domain name of a URL in black to reduce the effectiveness of deceptive URLs, which are often used for phishing.

In all, IE8 delivers significant security improvements over its predecessors. But given the extent to which cybercrime relies on social engineering, users of IE8, like other modern browsers, would be well advised to remain cautious in the sites that they visit and the information that they disclose online. It's only a matter of time before someone figures out a way around IE8's new defenses.