/>
X
Business

Anti-malware blocker, cross-site scripting protections coming in IE 8

When Microsoft's Internet Explorer 8 hits the Beta 2 milestone in August, the browser makeover will feature a full-fledged anti-malware blocker and new protections against some forms of cross-site scripting attacks.The existing phishing filter IE 7 has been renamed SmartScreen Filter and will include blacklist-based blocking of known exploit sites.
Written by Ryan Naraine, Contributor on
Anti-malware blocker, cross-site scription protections coming in IE 8
When Microsoft's Internet Explorer 8 hits the Beta 2 milestone in August, the browser makeover will feature a full-fledged anti-malware blocker and new protections against some forms of cross-site scripting attacks.

The existing phishing filter IE 7 has been renamed SmartScreen Filter and will include blacklist-based blocking of known exploit sites.

The SmartScreen anti-malware feature is URL-reputation-based, which means that it evaluates the servers hosting downloads to determine if those servers are known to distribute unsafe content. SmartScreen’s reputation-based analysis works in concert with other signature-based anti-malware technologies like the Malicious Software Removal Tool, Windows Defender, and Windows Live OneCare, in order to provide comprehensive protection against malicious software.

Data from Microsoft's existing security partners will be used to power the new SmartScreen Filter and there is a chance that new third-party providers will be included.  Google's blacklist, which now powers the anti-malware blocker in Firefox 3, is not included.

Also new in IE 8 Beta 2 is an XSS Filter to detect Type-1 (reflection) attacks that can lead to cookie theft, keystroke logging, Web site defacement and credentials theft:

The XSS Filter operates as an IE8 component with visibility into all requests / responses flowing through the browser. When the filter discovers likely XSS in a cross-site request, it identifies and neuters the attack if it is replayed in the server’s response. Users are not presented with questions they are unable to answer – IE simply blocks the malicious script from executing.

Anti-malware blocker, cross-site scripting protections coming in IE 8

The new beta refresh will also include support for safer Web 2.0-type mashups, DEP (data execution protection) turned on by default in Windows Vista SP 1, domain highlighting to help flag phishing attacks and changes to the way ActiveX controls are handled.

Editorial standards

Related

Southwest, United, and American Airlines have a new enemy -- the internet's ugliest site
Airplane wing in flight

Southwest, United, and American Airlines have a new enemy -- the internet's ugliest site

You can use an AI Time Machine to see what you'd look like in different eras throughout history
Photo renderings of a woman throughout different decades using AI Time Machine

You can use an AI Time Machine to see what you'd look like in different eras throughout history

Garmin's new Index BPM is the blood pressure monitor that I've been waiting for
garmin-index-bpm-lifestyle

Garmin's new Index BPM is the blood pressure monitor that I've been waiting for