Beta testers in the security blogosphere have a new toy to salivate over — the first beta release of Microsoft Internet Explorer 8 (IE 8). The software giant said IE 8 can be installed on Windows Vista and Vista Service Pack 1 (SP1), Windows XP Service Pack 2 (SP2), Windows Server 2008 and Windows Server 2003 Service Pack 2 (SP2).
Microsoft says this version is the most secure yet. Of course, the company touted IE 7 as the most secure version yet when it was released a couple years ago, but it has since been releasing security patches for it on a regular basis.
To be fair, IE 7 was a huge improvement security-wise over the much-attacked IE 6, and Microsoft has more than proved its security seriousness in recent years. The results are not always pretty, especially when you consider all the compatibility headaches that come with Vista. But there is no doubt Microsoft security is much better than it was in the days of Slammer and Sasser.
Surprisingly, a look around the blogosphere reveals only a small amount of discussion about the security features.
Andy’s Tech blog focuses on the domain highlighting feature, writing, “Many malicious sites have stupidly complex URLs that make it difficult to figure out what the actual domain is. This features makes the top level domain stand out from the rest of the address.”
Andy Lianto writes in his Communication Technology blog that IE will always be full of security holes no matter which version it is, and so he remains a devotee of Mozilla’s Firefox browser.
“In my opinion, and most people in the world, Firefox owns IE,” he wrote. “Firefox is far too good for IE 8 to even smell its feet, mainly because IE has too many bugs. IE has to much patches. If you use Windows Update, you will often see “security update for Internet Explorer.” He says he prefers the Mozilla approach of simply pushing an updated version of the browser to users when a security fix is made. No patch deployment. Just a push of a button. That, he said, is much better than anything Microsoft can offer with IE 8.
The AskTheAdmin.com blog has a detailed look at all the IE 8 features, including security, saying the browser will build upon Microsoft’s security and privacy investments to address users’ security concerns. In the months ahead, additional new protection, prevention, and privacy services will be added, the blog said.
The blog offers the following details about the security features, taken directly from Microsoft:
- Enhanced protection from deceptive websites: As part of an ongoing commitment to privacy and security, Microsoft is making enhancements to the phishing filter in Internet Explorer 8 to provide additional protection against evolving threats to the consumer. With the Safety Filter, Internet Explorer 8 will now protect against a broader set of online threats by analyzing the full URL string. The Safety Filter provides a more granular detection, and these prevention capabilities enable Microsoft to protect against more targeted and sophisticated attacks.
- What Is Domain Highlighting? Domain Highlighting is a technology that highlights the top level domain in the address bar, allowing users to quickly confirm that the website they are visiting is the site they intended to visit. The domain name is in bold and black font, standing out from other characters in the URL which are gray.
I hope to see more blog chatter on the security side, but for now I’m interested in any feedback from those who have started to take this one for a spin.
Thanks, as always!
About Security Blog Log: Senior News Writer Bill Brenner peruses security blogs each day to see what’s got the information security community buzzing. In this column he lists the weekly highlights. If you’d like to comment on the column or bring new security blogs to his attention, contact him at firstname.lastname@example.org.