Transcript Introduct Internet Explorer 7 - Microsoft Corporation

Internet Explorer 7
Security Features
Steve Lamb
Technical Security Evangelist @ Microsoft Ltd
[email protected]
http://blogs.technet.com/steve_lamb
Agenda
Lessons learned from IE in Windows XP SP2
Overview of Internet Explorer 7
Detailed features and demo
Timeline
More information
First, Let me ask…
How many of you are using IE7 now?
What build?
How can we help you?
Post Windows XP SP2
Strengths
Big security investments were worthwhile
Right balance of application compatibility and security
Opportunities to improve
Social attacks (phishing) as important as code execution
Bad trust decisions don’t have an “undo” option
Make life better for Web developers
Everyone wants new features
Internet Explorer 7
Major innovations in IE7 for Windows
XP SP2
Enhanced functionality in IE7 in
Windows Vista includes:
Protected Mode
Parental Controls integration
Key areas of focus:
Makes everyday tasks easier
Dynamic security protection
Improved platform and manageability
IE7 – New Look
Tabbed Browsing
Quick Tabs
Page Zoom
Before
After
Shrink-To-Fit Printing
Web Pages Automatically Formatted To Print Properly
Inline Search
RSS Feed Reader
Enhanced Validation Certificates
Clearer information about trusted sites
Trust Badge rotates to show Certificate Authority
Dynamic Security Protection
Internet Explorer 7
Technology to protect
against technology attacks
Limit programmatic access
Reduce attack surface
Warn if settings insecure
Simplified architecture
Technology to protect
against social attacks
Anti-phishing service
Secure site visuals and info
Address bar anti-spoofing
“One-click cleanup”
Security Features
Protecting the machine from technology attacks
Unified URL parsing
Cross-domain security enhancements
Code quality improvements to reduce buffer overruns
ActiveX Opt-in
Protected Mode (Microsoft Windows Vista only)
Protecting the user from social attacks
Download scanning with Windows Defender
Phishing Filter
High-assurance SSL and address bar
Dangerous settings notification
Secure defaults for International Domain Names
Parental controls (Windows Vista only)
ActiveX Opt-in & Protected Mode
Defending systems from malicious attack
ActiveX Opt-in: puts users in control
Disabled
User Controls
Enabled
Controls Action
Most controls disabled
Windows
Reduces attack surface
ActiveX Opt-in
Retain ActiveX benefits, increase user security
Protected Mode*: reduces severity of threats
IE process ‘sandboxed’ to protect OS
Eliminates silent malware install
Designed for security and compatibility
Low Rights
User
Action
IE
Cache
Broker
Process
My Computer (C:)
Protected Mode
* Windows Vista only
Internet Explorer Running
with Full Privileges
Admin Rights Access
Install an ActiveX
control
Exploit can install
MALWARE
IExplore.exe
HKLM
Program Files
User Rights Access
Change Settings,
HKCU
Download a Picture
Exploit can install
MALWARE
My Documents
Startup Folder
Temp Internet Files
Cache Web content
Untrusted files and settings
Broker Process
Broker Process
Integrity Control
Protected
Mode
Internet
Explorer
Compat Redirector
Protected Mode Runs with
Lowest Privilege
Admin Rights Access
Install an
ActiveX
control
HKLM
HKCR
Program Files
Change
settings,
User Rights Access
HKCU
My Documents
Save a
picture
Cache Web content
Startup Folder
Temp Internet Files
Untrusted files and settings
Redirected settings
and files
Security Status Bar
Makes users aware of online security and privacy
Enhanced Validation
Trusted party has provided extensive verification
for the authenticity of certificate holder
Standard Security
Website provided a certificate matching the
server and appears trustworthy
Incorrect Data
There are errors in the certificate provided and the
website should not be trusted
Phishing Filter (Warn)
The website contains characteristics found in
phishing websites … proceed cautiously
Phishing Filter (Block)
A warning is displayed and users are
navigated away from the website
Phishing Filter
Client-side heuristics, allow-list, and
Web service
URL Reputation Service
URL Reputation Service
https://urs.microsoft.com
Known Good URLs
IEAPFLTR.DAT
Phishing Filter
Populating the URL reputation service
URL Reputation Service
URL Reputation Service
Grader
Confirmed
Sites
Cyota
Graders
Mark
Monitor
Internet
Identity
Third Party Phishing databases
End User
Report
Site Owner
Report
https://urs.microsoft.com
Address Bar Everywhere
Fix My Settings
IDN Display
Phishing Filter – Suspicious Site
Phishing Filter - Blocked Site
Fix My Settings
Customer Call To Action
Read the technology overview
Upgrade to IE7 RTM
Test LOB applications and public websites
Provide feedback to Microsoft
(mailto:[email protected])
More IE7 Information
Download the IE7 RC1 at
http://www.microsoft.com/ie
Technical docs on IE Developer Center
http://msdn.microsoft.com/ie
IT Administrator information on Technet
http://www.microsoft.com/technet/prodtechno
l/IE/ieak7
More technical information on TechNet
http://www.microsoft.com/technet/prodtechno
l/IE
Follow the IE Team Blog at
http://blogs.msdn.com/ie
Resources 1
Internet Explorer Blog
http://blogs.msdn.com/ie/
Internet Explorer Feedback Alias
[email protected]
Internet Explorer Developer Center
http://msdn.microsoft.com/ie/
Internet Explorer 7 Readiness Toolkit
http://go.microsoft.com/fwlink/?LinkId=64421
Internet Explorer 7 App Compat Toolkit
http://blogs.technet.com/all_things_appcompat/default.aspx
Internet Explorer 7 External Bug Database
https://connect.microsoft.com/site/sitehome.aspx?SiteID=136
Internet Explorer Administration Kit (IEAK) 7 Beta 2
http://www.microsoft.com/technet/prodtechnol/ie/ieak7/default.mspx
Resources 2
Technical Chats and Webcasts
http://www.microsoft.com/communities/chats/default.mspx
http://www.microsoft.com/usa/webcasts/default.asp
Microsoft Learning and Certification
http://www.microsoft.com/learning/default.mspx
MSDN & TechNet
http://microsoft.com/msdn
http://microsoft.com/technet
Virtual Labs
http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx
Newsgroups
http://communities2.microsoft.com/
communities/newsgroups/en-us/default.aspx
Technical Community Sites
http://www.microsoft.com/communities/default.mspx
User Groups
http://www.microsoft.com/communities/usergroups/default.mspx
Steve Lamb
Technical Security Evangelist @ Microsoft Ltd
[email protected]
http://blogs.technet.com/steve_lamb
© 2006 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.