Subscribe
Previous Post
Microsoft engineers Vishu Gupta, Rob Franco and Venkat Kudulur have posted some information on how the company has improved security in Internet Explorer 7.
The basis of this is that the local intranet zone setting is not really relevant for home users. So, IE7 will react when a PC is not on a managed corporate network, by treating apparent intranet sites as if they were on the Internet. “This change effectively removes the attack surface of the intranet zone for home PC users,” the engineers say.
PCWorld comments, “In Microsoft Windows Vista, the Internet zone will run in what the company calls ‘protected mode’, to help protect against attacks that IE has been victim to in the past. Another feature, ActiveX Opt-In, will reduce potential damage from malicious Active X controls in the Internet zone …. Those changes will be reflected in a new security level setting for the Internet zone, ‘medium high’.”
The three engineers say:
With the Trusted Sites zone in IE6, we find that many users don’t understand how powerful a site becomes when they make it a Trusted Site. For example, a Trusted Site in IE6 can automatically install signed ActiveX controls on the user’s machine. As a safety precaution in IE7, we have set the default for the Trusted Sites zone to Medium, the same level as the Internet zone in IE6. Customers who depend on the IE6 level of the Trusted Sites zone will be able lower settings back to IE6 levels with the slider on the “Security” tab of “Internet Options” or through policy settings.
