A closer look at Internet Explorer 8 security features

Tony Bradley explains why the security features in IE 8 may convince midmarket organizations to make the browser upgrade.

In recent years Microsoft has lost some ground in its dominance of the Web browser market. Driven primarily by

security concerns, browsers like Mozilla Firefox and Google Chrome have cracked the armor of Internet Explorer.

Internet Explorer is still the clear front runner, and the introduction of Internet Explorer 8 may restore some of that lost market share. Internet Explorer 8 includes a number of improvements and innovations that raise the bar for Web browsers and help make the Web surfing experience more productive and efficient, as well as more secure.

There are "bell and whistle" features that add functionality. Accelerators, for example, provide one-click access to common functions like mapping or searching from within a webpage. A Suggested Sites feature offers site recommendations based on your Web surfing history and habits. Web Slices enable you to view frequently accessed or updated information, like weather conditions, or an eBay bidding status, without having to visit the site or constantly refresh the browser.
With security being the primary reason that users switch to alternate browsers, Internet Explorer 8 also raises the bar for protecting you and your data while you surf the Web.

Should you disable IE ESC, or manage it in Windows servers?

Internet Explorer Enhanced Security Configuration (IE ESC) locks down IE on Windows servers, but admins often disable it.
SmartScreen
Phishing is a large and growing security threat. Recent events in China illustrate how a precision phishing attack targeted at specific individuals --also known as " spear phishing"-- can catch users off guard and convince them to visit malicious websites that can infect or compromise their computer.

Small- and medium-sized businesses have confidential and sensitive data, and compliance requirements to protect that data, but they often have network security and data protection controls similar to consumers. SMBs don't have dedicated IT and information security professionals or the layers of security found in enterprise networks.

Internet Explorer 8 security features include phishing protection built-in to help midmarket businesses. First, IE 8 highlights the actual domain of the URL in the address bar, which provides a visual cue to alert users when they might be on a malicious or phishing-related site.

In addition, Internet Explorer 8 adds SmartScreen for improved security while surfing. The SmartScreen filter includes a handful of different tools to protect you from Web-based threats and social engineering or phishing scam tactics. SmartScreen blocks sites that are identified as malicious, either through IE8's heuristic detection, or by comparing against an accumulated database of known malicious sites. The filter also may allow you to access the site while surgically blocking only the content deemed malicious. SmartScreen will also provide warnings when someone attempts to download a file from a suspicious or malicious website.

InPrivate browsing
There are many features of Web browsers which enhance your Web browsing experience and help speed things up, but after a browser session, you may not want sensitive data retained on the computer, particularly if you are using a shared PC like in an Internet café or public library.

InPrivate browsing allows you to surf the Web and visit sites without storing any browsing history, temporary Internet files, form data, cookies, usernames or passwords. In a nutshell, no trace or evidence of the InPrivate browsing session will be left on the computer.

Within an SMB office environment there is little value to InPrivate Browsing. However, employees that access company resources from their home computer, roaming road warriors who may use hotel computers or other public kiosks can help protect sensitive company information by using InPrivate Browsing.
To initiate an InPrivate browsing session, open a new tab in Internet Explorer 8 and click on Browse with InPrivate. You can also find it on the Safety dropdown menu in the Command Bar at the upper right of the Internet Explorer 8 browser window.

Is it time to upgrade to IE 8?
If your organization is still using Internet Explorer 6, there is no question that you should upgrade as soon as possible. Internet Explorer 6 has many flaws and compatibility issues, and is significantly more vulnerable to attack than Internet Explorer 7 or Internet Explorer 8.

Organizations that have already adopted Internet Explorer 7 have more to consider but less incentive to upgrade. There are a variety of security improvements in Internet Explorer 8, but none of them are really a quantum leap from what is already available in Internet Explorer 7. Much of the decision depends on the size of the company, and hence the scope of the undertaking.

It is easy to have 10, 25, or even 50 people simply allow Windows Update to automatically download and install the latest version of the Internet Explorer Web browser. Larger organizations need to consider how best to deploy the new browser, and also prepare for the inevitable spike in support calls as users work through the learning curve of adapting to the new browser.

About the author:
Tony Bradley, 'chief' technical evangelist for Zecurion, is a CISSP and 4-time Microsoft MVP. He tweets as @PCSecurityNews and provides tips, advice, and reviews on information security and unified communications technologies on his site at tonybradley.com.

Send comments on this technical tip editor@searchmidmarketsecurity.com.

Join our IT Knowledge Exchange discussion forum; please use the midmarket security tag.

This was first published in January 2010

Dig deeper on Microsoft security threat management

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchSecurity

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

ComputerWeekly

Close