Browser

10 things you should know about Internet Explorer 7 Security

Internet Explorer 7 is designed to make browsing safer. Here's a quick rundown of some of the new security features, including Active X opt-in, the Phishing Filter, cross-domain security, enhanced privacy protection, and an international character alert.

This article is available as a PDF download. It's also part of the collection "100 things you should know about Windows Vista."

Some sensationalistic reports of a security flaw immediately followed Internet Explorer 7's final release, but the vulnerability turned out to be in Outlook Express rather than IE. In fact, Microsoft has put a great deal of effort into making IE 7 more secure. Here are some of the new IE 7 security features and what they can do for you.

#1: Default protection from potentially dangerous Active X controls

Active X controls that haven't been checked out and verified as safe no longer run automatically by default; instead they're automatically disabled by the Active X opt-in feature.

#2: Per-zone control of Active X opt-in

You can disable Active X opt-in on a per-zone basis. It's enabled by default on the Internet and Restricted Sites zones for better security and disabled on the Intranet and Trusted Sites zones.

#3: Site and zone locking for Active X controls

Developers can now make their Active X controls more secure by restricting a control to run only on a particular site (site locking) or only in a specific security zone (zone locking).

#4: Protection against phishing

IE 7 introduces the Phishing Filter, which helps protect users from being fooled into entering personal information or passwords that can be collected and used for identity theft. The Phishing Filter automatically checks the Web sites you visit against a list of known phishing sites and issues a warning if the site has been identified as a phishing site. If you prefer not to have sites checked automatically, you can check specific sites when you suspect they might be phishing sites.

#5: Cross-domain security

A attack tactic called cross-domain scripting is prevented by new IE 7 security mechanisms that force scripts to run in the their original security context even if they're redirected to a different security domain.

#6: Locked down security zones

Security zones in IE 7 are locked down tighter than before, with higher default security settings, disabling of the Intranet zone on non-domain computers, and an interface that makes it harder to select low or medium low security.

#7: Better SSL/TLS notification and digital certificate info

Users of IE 7 can more easily determine whether a Web site is secured by SSL/TLS and get information on the digital certificates issued to the site. Sites with high assurance certificates cause the address bar to turn green.

#8: Privacy protection features

Three new registry keys, called Feature Control keys, prevent HTML from getting a user's personal information. In addition, you can easily clear out information you've entered in Web pages, as well as the browser cache (Temporary Internet Files), history, cookies and other personal info, with a single click.

#9: Address bars

All browser windows in IE7 contain address bars, so it's harder for a malicious site to conceal its identity by hiding the URL of the site.

#10: International character alert

IE 7 supports international characters, but to prevent spoofing that exploits the similarity of characters in different languages, the browser warns you that the characters are in another language when international character sets are used.

About

Debra Littlejohn Shinder, MCSE, MVP is a technology consultant, trainer, and writer who has authored a number of books on computer operating systems, networking, and security. Deb is a tech editor, developmental editor, and contributor to over 20 add...

21 comments
1 1
1 1

IE7 is garbage..... IE6 was the last GOOD release in that series...

khalidkp006
khalidkp006

wen browsing with IE 7, internet is disconnecting frequently. any one knows the solution for this regards Khalid

JMIRTC
JMIRTC

and haven?t found any real problems with it. Beta 1 was a little buggy Beta 2 came up with an error every time you closed the first instance if IE7. RC1 no problems I have been using the Current Version since it was released and had no problems. It has alerted me to a few "Dodgy" sites. I don?t think it has slowed down at all with the new Security features although I have been to a few sites that take a few seconds for the Phishing filter to run through. I just wonder how long it is before the first load of security patches come out for it.. lol

GreenPirogue
GreenPirogue

I understand the advantages with using IE 7.0 - but I have seen little about incompatibilities. MS does offer a IE7 Blocker Toolkit - for those organizations who know about incompatibilities (our organization found some problems with Outlook Web Access, so that it does not run 100%. EAS (Exchange Archive Solution), for instance, has some incompatibilities, from what I have been told. I think an overhaul of IE is great - it just should be looked at with caution.

erik
erik

the phishing changes will work to improve safety for a few months, maybe longer. they are probably the best change. the SSL change will merely drive business and resources away from mom-and-pop websites, and companies without the spare thousands of dollars to invest in a high-assurance certificate. this will do little to improve security, and a lot to reduce competitiveness.

erik
erik

IE still runs in the security context of the logged-in user. So bugs in IE can give an attacker administrative (full) control over the computer. IE 7 did not add the ability to "log out" of http authenticated websites (a gaping security hole and an rfc recommended browser feature). IE 7's "new" security for active-x is really no different than the old security, you're still 1-click away from giving an unknown attacker full control over your machine.

JodyGilbert
JodyGilbert

Which (if any) of IE7's new features do you think will genuniely improve security? What kind of experiences have you had with it so far?

ajaytikoo
ajaytikoo

I agree with you that the SSL change will just boost the sales of high assurance certificate. Thos who can't afford it will be forced to buy one, or lose the race.

wmpierro
wmpierro

The Microsoft initiative to drive sales of the SBS 2003 product to small businesses is going to take a direct hit from this. The ability to install self signed web certificates on the Small Business Server is tied in directly to Sharepoint services and Remote Web Workplace. The new security in IE7 blocks the connection unless you import the self signed cert into the Trusted Root Authority. I have already run across on self signed cert that doesn't display the import button on IE7 for some reason.

darby28
darby28

I went back to Firefox. Only use IE on the few sites where Firefox is not fully supported.

NetFodder
NetFodder

Deb Shinder, do us a favor and box up your PC and ship it to someone with a brain. The only reasoning you can give that IE is more secure is that it's a complete roll back to version 1.0. They removed all functionality and customization capabilities. It breaks on more machines than not and uninstalling still leaves the machine disfunctional in one way or another. Faulty connection management and other things leave the user frustrated and the lack of control leave Big Businesses scabling to find ways of blocking the downloads.

samthetrue
samthetrue

Having had major security problems from customers using IE, i have been recomending Netscape as a better, more secure browser... my question is... is this overhaul of IE good enough to warent me calling up everyone i know and telling them to switch to it? Some other people i know tell me no... but i personaly will be giving IE another chance...

consultas
consultas

All these "improvements" could be set in IE6. And anyone stupid enough to fall for these "phishing" schemes should not be allowed on the Net. I run *WebWasher* which deals with referrers and URL redirection, it also stops most advertising, pop-ups, scripts and animations.(have used it for years). A very efficient, non-delaying filter system. Highly recommended! After running IE7 for a few days I went back to IE6 because of the idiotic address bar (full lenght, which is not adjustable), the "security warning" (I have my reasons for MY settings) which cannot be suppressed. I prefer my and buttons in the middle of the bar, not way over on the left, but that can also not be adjusted. The program is huge (80 MB in RAM), is slower and does not give me any more service than what I want. Tabbed browsing? Pffft. RSS feed? If I want it, I'll use the Google bar. If this is what Vista will be like then I will stay with XP for as long as I can.

g-lgold
g-lgold

Has anyone compared the time it takes to start of IE7 and go to a web site? With the added "security" checking and larger program, it may significantly slow the process, especially on older systems.

august
august

Isn't it cute when the little nerd boys that can't get girlfriends (Netfodder)pretend to know what they are talking about so the can look important to a bunch of strangers that DO know what they are talking about? That post is incorrect on all the points it makes. I speak from personal experience, from deploying it on networks we maintain.

rkuhn040172
rkuhn040172

Can you provide some examples? "They removed all functionality" - funny my PC is fully functional and I have IE 7.0. Customization - still customizable. Breaking Machines - I have installed it on dozens of PC's now and hasn't given me a single problem. I've uninstalled and eventually reinstalled it on my PC at least 3 times now with no issues. Please give specific examples.

Macrat
Macrat

I agree with the sentiment against IE7 wholeheartedly. I was lucky to acquire a legal copy of Vista for one of my legal copies of XPSP1 I was not using currently. I was forced to install Vista when I had to install an OS upgrade to fix a friend's Zune. I tried using IE7, and half the sites I go to looked dead, and I found out it was due to the abnormally high security settings. I use Kaspersky Internet Security, why do I need a second security layer slapped onto my browser? So I went to chane the security. That's when the nag screens popped up. My early searches for a fix came across this patent http://www.freepatentsonline.com/20070016954.html which sunk my hopes for finding a fix, since world patents block any attempt for a patch or easy workaround. So I'm currently looking for the following things: 1) A way to quickly lower ALL the security settings without recieving the about:SecurityRisk nag screen, and the pain-in-the-panel that pops down when I navigate anywhere. 2) A program that easily manages the list in the "Restricted Zone" - it comes prefilled with almost thousands of websites. My vital data is secured off the computer on an external drive. It's also protected with Kaspersky and Sandboxie. Why must I have that "idiot-proofer" list prefilled in? To accept it would also mean resigning to that I, too, am an idiot, which I am not.

Neon Samurai
Neon Samurai

Microsoft's later versions always run slower than the newer (unless I've missed an example). Even winXP has bloated and slowed over it's lifespan. They always right the app to consume hardware resources rather than each version becoming more efficient with resources. But it's pretty. It will always be Pretty. Heck, Vista requires a gaming machine just to run the OS (the normally thin layer of software between user apps and hardware). IE7 is far better than IE6 in terms of security, or at least slightly better but it's the newer prettier version so it'll run slower and idealy, in MS eyes, force a hardware upgrade keeping the licensing partners happy.

gerryrains
gerryrains

Microsoft always seems to write bloated code. Of course Norton is just as bad. If I disable NIS, the computer speeds up significantly. With both of them each new product seems to me to be more rabid for resources. (Let's hear it for Firefox 1.5 (and hopefully 2.0 when their SP1 does what they should have done before releasing FF2).

rsherrell
rsherrell

A legitimate question was asked and all you can ois throw childish insults. The last thing that you are is managment material that you list with your username. These blogs are for legitimate exchange of information to help us all keep as up to date on accurate information. let us be the judge and keep your childish ways to yourself. Grow up and just go away. We don't want you posting this way.

Tony Hopkinson
Tony Hopkinson

Security improvements are negligible. It becomes IE6 with tabs...