Web browsers are among the most commonly used software. Recently, both Internet Explorer 7 (IE7) and Firefox 2.0 trumpeted new or improved security features during their well-publicized launch campaigns. While these features are primarily aimed to attract the business user, they also are directed toward the everyday user who has started to take Internet security more seriously. But what are these new features and do they make using the Web any safer?
Internet Explorer 7 and Firefox 2.0 enhancements
Both Internet Explorer 7 and Firefox 2.0 filter and analyze the Web address, the page content and the structure of a page. And, though both make use of blacklists, only Internet Explorer 7 offers this as a default setting. Firefox 2.0 makes up for this by offering the choice of two blacklists, one of which happens to be a live database maintained by Google. Also impressive is the speed with which all lists are updated.
Both browsers' development groups have upped the ante regarding user warnings, especially warnings applicable to providing personal information. Internet Explorer 7 now uses color-coded warnings in the URL bar based on whether a site is trusted and Firefox's dialog box to warn of cross-domain scripting. Internet Explorer 7 has also enhanced their default settings: the Medium setting has been raised to Medium-high, and the Low setting has been removed altogether. Unfortunately, the much-anticipated Internet Explorer 7 Protected Mode, which stops Web sites from changing a computer's critical files or settings, will work only in Windows Vista! Nonetheless, these improvements take steps to enhance the user experience as each browser now offers enough information to enable users to make intelligent decisions about the safety of a Web site.
Both Web browsers tackle downloads with a barrage of warnings. It seems that Microsoft really learned from past problems caused by ActiveX. Now, a download dialog box only appears when you click a direct link to a download. This prevents pop ups from prompting you to download a file. In addition, if there's a need to install a software program, the prompt will only appear once. Microsoft has also reworked ActiveX prompts; they now appear in the Info bar where they don't interfere with navigation and can be ignored. And, although drive-by ActiveX installs are now impossible, users still need to change their habits. While Internet Explorer has provided publisher program information for some time, simply doing so hasn't deterred people from installing malicious programs.
Alternatively, Firefox allows Web pages to trigger a download dialog box that users must deal with. Firefox also has its own add-on model, and there are concerns about the ease with which they can be installed.
Firefox 2.0 vs. Internet Explorer 7: End-user appeal
However, Firefox 2.0 will likely appeal more to the technically knowledgeable user and its options and dialog boxes reflect that. It offers more customization, such as allowing users to choose which warning messages they receive, and which cookies they can view and remove. On the other hand, if Internet Explorer 7 considers its browser settings to be unsafe, the "Fix Settings for Me" option can help the less technically savvy surfer.
Presently, Firefox has a better reputation for security than Internet Explorer, but Internet Explorer 7 definitely reflects Microsoft's increased focus on security. Regardless, in order to consume Firefox's loyal user base, Microsoft has to show that it can match Firefox's fast response when new security issues arise.
About the Author:
Michael Cobb, CISSP-ISSAP, is the founder and managing director of Cobweb Applications Ltd., a consultancy that offers IT training and support in data security and analysis. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Mike is the guest instructor for SearchSecurity.com's Messaging Security School and, as a SearchSecurity.com site expert, answers user questions on application and platform security.
