Anti-malware blocker, cross-site scripting protections coming in IE 8

Anti-malware blocker, cross-site scripting protections coming in IE 8

Summary: When Microsoft's Internet Explorer 8 hits the Beta 2 milestone in August, the browser makeover will feature a full-fledged anti-malware blocker and new protections against some forms of cross-site scripting attacks.The existing phishing filter IE 7 has been renamed SmartScreen Filter and will include blacklist-based blocking of known exploit sites.

SHARE:
TOPICS: Browser, Microsoft
50

Anti-malware blocker, cross-site scription protections coming in IE 8When Microsoft's Internet Explorer 8 hits the Beta 2 milestone in August, the browser makeover will feature a full-fledged anti-malware blocker and new protections against some forms of cross-site scripting attacks.

The existing phishing filter IE 7 has been renamed SmartScreen Filter and will include blacklist-based blocking of known exploit sites.

The SmartScreen anti-malware feature is URL-reputation-based, which means that it evaluates the servers hosting downloads to determine if those servers are known to distribute unsafe content. SmartScreen’s reputation-based analysis works in concert with other signature-based anti-malware technologies like the Malicious Software Removal Tool, Windows Defender, and Windows Live OneCare, in order to provide comprehensive protection against malicious software.

Data from Microsoft's existing security partners will be used to power the new SmartScreen Filter and there is a chance that new third-party providers will be included.  Google's blacklist, which now powers the anti-malware blocker in Firefox 3, is not included.

Also new in IE 8 Beta 2 is an XSS Filter to detect Type-1 (reflection) attacks that can lead to cookie theft, keystroke logging, Web site defacement and credentials theft:

The XSS Filter operates as an IE8 component with visibility into all requests / responses flowing through the browser. When the filter discovers likely XSS in a cross-site request, it identifies and neuters the attack if it is replayed in the server’s response. Users are not presented with questions they are unable to answer – IE simply blocks the malicious script from executing.

Anti-malware blocker, cross-site scripting protections coming in IE 8

The new beta refresh will also include support for safer Web 2.0-type mashups, DEP (data execution protection) turned on by default in Windows Vista SP 1, domain highlighting to help flag phishing attacks and changes to the way ActiveX controls are handled.

Topics: Browser, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

50 comments
Log in or register to join the discussion
  • Once again...

    ...late to the game. The "alternate" browsers have had these for a while. Competition breeds improvement, apparently. ;)
    Techboy_z
    • Um...Yeah

      MOST companies will tell you that competition drives improvement.
      safesax2002
  • RE: Anti-malware blocker, cross-site scripting protections coming in IE 8

    Why would we want to block anti-malware?
    greybert-@...
    • It blocks malware

      not anti-malware, if you were confused, if you were making a joke on the other hand, I suggest a walk outside for some fresh air because it wasn't even close to funny.
      jamesrayg
      • No...

        The guys comment was true and funny. He was simply pointing out a double negative in the title of the article.

        Anti-malware software = good thing.
        Blocking anti-malware software = bad.
        ZachE84
        • Not really funny

          I saw that it was saying it was anti-malware and did so by blocking. I found it to be very discriptive in only a few words. I totally understand. Also, I got over making fun of people for such things when I grew up. Perhaps you still need to? Mindless bashing is not a becoming trait.
          ladyphoenix3
          • Professional Writing

            These guys are writing professionally. They're being paid for
            their work, it should at least parse correctly.

            Anti-malware blocker = something that blocks anti-malware.
            It's a double-negative that seems to be the result of
            someone's attempt to cram more buzzwords into the heading
            of an article. This is really shoddy work.
            grail@...
      • It Blocks Malware?

        lmao It depends on what the definition of is, is.
        El Condor
  • It will still suck

    Being a MS product, it will still suck.
    ardnivar
    • Um, yah, at least they're not convicted murderers

      Like your psychopath open source heroes.
      jackbond
      • That is just nonsense

        I guess since we have had countless numbers of teachers and Principles convicted of child molestation that makes the entire US school system nothing but pervert central.

        Hey, why not say the entire US police force is nothing but career criminals since many have been convicted of robbery, bribery, and murder.

        Both of these well respected professions have had far more murderers in their systems.
        dragosani
        • You're kidding yourself

          It is an established fact that open source programmers have a higher proclivity for murder. It should hardly come as a surprise. Those who are so angry at the world that they spend their free time to "get back at Microsoft" are little more than ticking time bombs. And we've seen time after time another open source programmer convicted of murder. So keep brining up your silly analogies, but the fact remains, open source programmers ARE murderers.
          jackbond
          • LOL

            You have [b]1[/b] convicted Open Source programmer and the entire Open Source community is compromised. Yeah right!

            I would like to see some documentation on your "established fact" that open source programmers are more likely to murder someone than say a Policeman, Teacher, Microsoft programmer, or anyone else for that matter.

            You are so full of crap with your lies and libel comments about Open Source programmers.
            dragosani
          • I'd love to see the statistics

            Established fact? Is that so? You should have no problems coming up with the statistics then. I'd love to see them. Until then, I reserve the right to be highly skeptical about your outlandish claim.
            CobraA1
          • Of course

            I mean, MS is based in America, which is just a country led by cocaine-sniffing, alcoholic, slave-owning adulterers?

            Proven facts.

            ;)

            Keep on topic.
            AndyCee
          • You Sir

            are a total idiot.
            High Plains
    • It will still suck

      GM parts work better on GM cars. Ford parts work better on Ford cars.
      IE works better with M$ os. AOL does not work well with others. Netsacape does not work.....
      El Condor
  • RE: Anti-malware blocker, cross-site scripting protections coming in IE 8

    It was undoubtably the fundamentalism and fanaticism in the open source movement that contributed to Reiser's instability, so I hope you guys are proud of what you caused to happen to his wife.
    jamesrayg
    • Truly sickening

      Yes, it is tragic how they absolve themselves of all culpability in her death. Their total depravity was demonstrated by their pathetic insistence that he was innocent despite the mountain of evidence against him. Typical of an open source programmer, they would butcher their own children to optimize the speed of a file system. Meanwhile, Bill Gates has left Microsoft to dedicate his life to charity. So tell me, who would you rather acquire software from? Open source murderers or a philanthropist?
      jackbond
  • RE: Anti-malware blocker, cross-site scripting protections coming in IE 8

    Their anti-phishing utility is unbearably slow. Anyone who has ever used Firefox knows what I mean. IE is just to slow at everything it does. It takes 10 times longer to load a web page. I say let it die.

    The only reason it has even any market share is because businesses. I am forced to use IE at work, like everyone else. However at home, like everyone else, I ONLY use Firefox.
    ZachE84