Microsoft outlines IE7 security plans

Microsoft outlines IE7 security plans

Summary: The next version of Internet Explorer will handle encryption better then IE6, as part of the mission to become 'secure by default'


Microsoft is tightening up the way its Internet Explorer browser (IE) handles HTTPS for version 7, which is used to secure online transactions, in an attempt to give users more protection online.

In a posting on The Microsoft Internet Explorer blog, IE programme manager Eric Lawrence said that IE7 would support the Transport Layer Security protocol (TLS) by default.

Existing versions of IE automatically use the SSL 2.0 protocol, which is weaker than TLS, to encrypt user data, although it is possible to manually switch to TLS.

Microsoft's decision to ditch support for SSL 2.0 means that any site that still requires this protocol should upgrade, but Lawrence claimed there are "only a handful" of such sites.

Lawrence also explained how IE7 will behave differently from earlier versions when it encounters potential security problems.

"Whenever IE6 encountered a problem with a HTTPS-delivered webpage, the user was informed via a modal dialog box and was asked to make a security decision. IE7 follows the XPSP2 "secure by default" paradigm by defaulting to the secure behaviour," said Lawrence.

IE7 will not give users the option of seeing both secure and insecure items within an https page. With IE6, this option appears when the browser encounters an https page that includes some http content. But in IE7, only the secure content will be rendered by default, forcing the user to choose to access the rest via the information bar.

"This is an important change because very few users (or web developers) fully understand the security risks of rendering HTTP-delivered content within a HTTPS page," Lawrence claimed.

Topic: Operating Systems

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I am a FF convert, using the 1.5beta 1. I wanted to try IE7 to see its improvements and how it handled RSS, but the things impossible to download let alone install, I found this dissapointing.

    However someone introduced me to these things in FF called "extensions" and boy do they give FF a new lease of life, things I wanted to do (like download all images from a page with a sigle option) are available, what a dream.

    IE7 or no IE7 I am just not interested anymore, where as maybe, if I had of gotten the chance to try IE7 I might not be so against it.

    Still hey ho, I've got multi-coloured tabs to create!
  • You still want to maintain an IE7 friendly website or simply opt for a website that's truly industry (open) standard friendly?