IE 8 to have antimalware protection

On Wednesday, Microsoft announced new security features within the upcoming release of Internet Explorer 8 Beta 2. The features are designed to combat the rising tide of drive-by downloads and malicious scripts contained within carefully crafted links embedded in e-mail and Web pages. Most of the new features require systems to be running Windows Vista SP1 or Windows XP SP3.

Perhaps the most anticipated addition is Internet Explorer's new antimalware protection. Opera 9.5 and Firefox 3 both recently added antimalware protection. Safari has so far not announced plans for similar protection. Using mostly its own antimalware technology, Microsoft will block emerging threats by masking the entire IE 8 browser screen with a warning to users. The addition of malware protection to the existing antiphishing protection will be re-branded as the Microsoft SmartScreen filter.

IE 8 Beta 2 will have a Cross Site Scripting (XSS) filter, preventing scripts within a link from executing on the browser.

Previously announced features include highlighting domain names from the rest of the URL (so you can visually see that you are on eBay.com, not some other site), and extended verification SSL.

Using Data Execution Protection (DEP) within Windows XP SP3 and Windows Vista SP1, IE 8 will scan downloads and block any that it deems dangerous.

(Credit: Microsoft)

IE 8 Beta 1 has already introduced several changes when handling ActiveX components. Components will be installed per user, which eliminates the need for everyone to have administrator privileges. In addition, you must acknowledge or opt-in for the component to run, eliminating drive-by downloads. Components will be per site and will only be available from site of origin. Finally, site developers can request killbits from Microsoft which can be sent via Windows Update to terminate risky or outdated components.

For developers, Microsoft is including improvements for better communication between the client browser and Web server. Cross Domain Requests (CDR) is a more secure way for the browser to pull data from other domains; and Cross Domain Messaging (XDM) is a more secure means for a browser to send a message across a domain. Microsoft says it is working with other browser vendors to standardize these.

The public Beta 2 for Internet Explorer is expected sometime in August 2008.

[CmdrRickHunter]

How about fixing the malware instead of covering it up as you see it.

[Lerianis]

How can they do that? Honestly, how can they do that when most of these 'malwares' take advantage of the same things that LEGITIMATE programs needs to run!
You are asking for something that is IMPOSSIBLE, period and done with, to do!

[Dalkorian]

CmdrRickHunter is right here, this pig is wearing to much lipstick now and really doesn't need anymore. They need to slaughter the pig outright. A web browser has NO PURPOSE WHATSOEVER in being tied into the OS the way internet EXPLODER is. It's a failed design right from the gate and simply can not be fixed. There are other and better options out there.

[make_or_break]

Dalkorian...get a life. Who are you to say what the "OS model" should or should not be? If you don't like it, write your own operating system. Or install the Linux distro of your choice and leave the rest of us alone.

[rmva]

CmdrRick, What does that mean?

[Lerianis]

How can they do that? Honestly, how can they do that when most of these 'malwares' take advantage of the same things that LEGITIMATE programs needs to run, CmdrRickHunter?
It's just IMPOSSIBLE for them to do that. The only thing Microsoft can legitimately do is warn you that a piece of software might be malware because it is coming from an 'unsafe' site, and keep you from downloading it.

[Penguinisto]

It appears that the mechanism is either a blacklist or some other "reporting" mechanism (similar to PhishTank.com, which has been around for roughly two years). Fair enough, but what on Earth insures that a "reported" website is really malware? The problem with blacklists is that it tends to trap false positives. PhishTank relies on human voting mechanisms to confirm or deny a bad site, which at least gives the process some transparency. What does MSFT have as an equivalent, so as to prevent false positives and/or allow a mechanism for site owners to remove themselves from the list if they accidentally get caught up in the blacklist?

[Lerianis]

How do they ensure that a reported website has malware on it? Simple: they go to that site, download the thing in question that was reported as malware, and see if it is actually malware.
Google does that as well with their phishing blacklist and 'unsafe site' blacklist: they go to the site, search the site for malware with a computer that is totally unsecured, and see if malware installs.
If it doesn't, they don't mark it as a malware or unsafe site anymore.

[Penguinisto]

It's not that easy. An otherwise honest-but-hijacked site may have malware one day, then have it cleaned up hours later - but still be on the blacklist forever, with no mechanism to get removed. Faulty PHP code can be easily mistaken for malware. There is no possible way to reliably test against the thousands of new sites daily for malware. Work in the biz for awhile before you pronounce so easily. ;)

[Tergon]

As well as the issues voiced above by Lerianis and Penguinisto, I wonder about the effect on enterprise customers for the "feature" "Components will be installed per user" so does that mean each and every one of my employees must redownload flash or silverlight or acrobat or java or or or . . .

[i_made_this]

They advertised IE7 as the *great security upgrade* in 2006 - by 2008, most us have uninstalled or disabled all of these useless, cumbersome and hugely time-consuming crappy components which slowed surfing down to a crawl - and we're even getting tired of, if not mad as hell at that damn twirling circle that seems to take forever to find that report our boss needed an hour ago.

Microsoft knows they're in trouble with this browser business and and the proof is their starting to develop for FF as well as IE (just like Apple did before them for FF / Safari).

There is a simple and practical security solution Microsoft can deploy for securing IE8 and the O/S that'll come with it. Microsoft should pre-install their retail security suite/tune-up product - *Windows Live OneCare.* They're not selling terribly well and this is where that program truly belongs. For enterprise customers, I guess that'd be the corporate suite *Windows Forefront.*

So long as ActiveX remains a required program component within IE, WLOC (and WF) should be required without Microsoft's even asking us if we want it, as well. If we
prefer AVIRA or CHECK POINT or SYMANTEC etc, we can opt to disable WLOC.

[Lerianis]

The reason that they are not including Windows Live OneCare by default is that if they did, they would be hearing a bunch of complaints from Symantec, McAfee, etc. - basically, all the discrete antivirus and firewall makers would be up their butts because they included that product.

[dja1701]

This "solution" sounds like it could cause problems. (like most microsoft solutions). I use a javascript to obscure my email address from crawlers. Clicking on an email link runs the script. From this description, it sounds like IE 8 would block that script.

[magusat999]

Why does IE8 or any Windows product need "malware protection"? That's what Anti-Trojan, Anti-Virus, and Firewall Software is for. We don't need you (Microsoft) adding and "extra layer" onto our already protected systems. And besides, the specialists, such as Symantec, Eset, Comodo, etcetera don't have a million other eggs in their basket. They are doing just fine and the last thing we need is more junk added so you can justify higher prices and add another layer of conflicts with existing software... please, IE8 is fine - but stop with the silly "security features".

[blabtech]

It seems like they are trying to compete with Firefox

http://blabtech.blogspot.com

[AppleSuxLeo]

Safari IS malware ! Bwahahahaha !