IE 8 to have antimalware protection
On Wednesday, Microsoft announced new security features within the upcoming release of Internet Explorer 8 Beta 2. The features are designed to combat the rising tide of drive-by downloads and malicious scripts contained within carefully crafted links embedded in e-mail and Web pages. Most of the new features require systems to be running Windows Vista SP1 or Windows XP SP3.
Perhaps the most anticipated addition is Internet Explorer's new antimalware protection. Opera 9.5 and Firefox 3 both recently added antimalware protection. Safari has so far not announced plans for similar protection. Using mostly its own antimalware technology, Microsoft will block emerging threats by masking the entire IE 8 browser screen with a warning to users. The addition of malware protection to the existing antiphishing protection will be re-branded as the Microsoft SmartScreen filter.
IE 8 Beta 2 will have a Cross Site Scripting (XSS) filter, preventing scripts within a link from executing on the browser.
Previously announced features include highlighting domain names from the rest of the URL (so you can visually see that you are on eBay.com, not some other site), and extended verification SSL.
Using Data Execution Protection (DEP) within Windows XP SP3 and Windows Vista SP1, IE 8 will scan downloads and block any that it deems dangerous.
(Credit: Microsoft)IE 8 Beta 1 has already introduced several changes when handling ActiveX components. Components will be installed per user, which eliminates the need for everyone to have administrator privileges. In addition, you must acknowledge or opt-in for the component to run, eliminating drive-by downloads. Components will be per site and will only be available from site of origin. Finally, site developers can request killbits from Microsoft which can be sent via Windows Update to terminate risky or outdated components.
For developers, Microsoft is including improvements for better communication between the client browser and Web server. Cross Domain Requests (CDR) is a more secure way for the browser to pull data from other domains; and Cross Domain Messaging (XDM) is a more secure means for a browser to send a message across a domain. Microsoft says it is working with other browser vendors to standardize these.
The public Beta 2 for Internet Explorer is expected sometime in August 2008.
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments. 






You are asking for something that is IMPOSSIBLE, period and done with, to do!
It's just IMPOSSIBLE for them to do that. The only thing Microsoft can legitimately do is warn you that a piece of software might be malware because it is coming from an 'unsafe' site, and keep you from downloading it.
Google does that as well with their phishing blacklist and 'unsafe site' blacklist: they go to the site, search the site for malware with a computer that is totally unsecured, and see if malware installs.
If it doesn't, they don't mark it as a malware or unsafe site anymore.
Microsoft knows they're in trouble with this browser business and and the proof is their starting to develop for FF as well as IE (just like Apple did before them for FF / Safari).
There is a simple and practical security solution Microsoft can deploy for securing IE8 and the O/S that'll come with it. Microsoft should pre-install their retail security suite/tune-up product - *Windows Live OneCare.* They're not selling terribly well and this is where that program truly belongs. For enterprise customers, I guess that'd be the corporate suite *Windows Forefront.*
So long as ActiveX remains a required program component within IE, WLOC (and WF) should be required without Microsoft's even asking us if we want it, as well. If we
prefer AVIRA or CHECK POINT or SYMANTEC etc, we can opt to disable WLOC.
http://blabtech.blogspot.com
- by AppleSuxLeo July 7, 2008 12:44 AM PDT
- Safari IS malware ! Bwahahahaha !
- Like this Reply to this comment
-
(16 Comments)