Microsoft Internet Explorer (IE) 8 has a slew of security and productivity features that IT needs to understand. But knowledge about the security features needs to trickle down to end users quickly in order for organizations to benefit from some of the most meaningful improvements.
The Internet Explorer 8 Technology Overview for Enterprise and IT Professionals is recommended reading for IT security staff. Security pros who read it should produce a summary of recommendations for employees based on the definitive performance and security improvements IE 8 offers over IE 7.
Microsoft built Internet Explorer for both consumers and IT-managed corporate use. It is difficult to satisfy both sets of requirements and there are security and privacy features that IT will either manage centrally or will rely upon user training and awareness. There are features, such as cross-site scripting (XXS) prevention and data execution prevention that make it more difficult for classes of XSS or buffer overflow attacks to succeed.
- SmartScreen Filter uses Microsoft's reputation service to block access to websites that are known to be related to phishing or malware distribution. More than 50% of attacks are now Web based, far surpassing email as an attack vehicle. Reputation services can augment traditional signature-based endpoint protection by recognizing transient sites that are often associated with phishing or malicious code centers. With SmartScreen Filtering, the browser window is painted red and access is blocked when a URL with a seedy reputation is encountered. IT should look at setting the group policy to remove the user's ability to override SmartScreen Filter decisions.
- InPrivate browsing removes private information such as browsing history, temporary Internet files and entered form data. The ability to erase temporary files, cookies and internal page URLs from portable endpoints may help lessen the risk of data leakage as users conduct business through corporate websites. This feature was designed to be a user-oriented feature preventing affiliated websites from learning the browsing habits of consumers, but it may help reduce the exposure of sensitive data through the browser.
- Tab isolation is trumpeted as a crash recovery feature, but its real value to IT may be that it makes it tougher for an attack to learn about other browser sessions. Opening a new tab in IE8 starts the new session in a distinct, more isolated process, including browser helper objects and ActiveX controls. This approach, called Loosely-Coupled Internet Explorer, helps prevent an error in one tab from affecting the other tabs, but also seems to be a more secure approach to contain attacks.
Like all Web browsers, Microsoft's Internet Explorer 8 will still have vulnerabilities, but it does promise to make it harder for malicious code to have its way. The IE 8 browser's responsibility is to avoid contact with malicious code through features such as SmartScreen filters, InPrivate browsing, tab isolation and data execution prevention. IT can then deploy traditional endpoint security protection including whitelisting, attack signature pattern matching, and behavioral heuristics to focus on thwarting and cleaning up identifiable malware. Microsoft introduced security features in IE8 that should reduce the number of calls to the IT service center for software refreshes.
Eric Ogren is founder and principal analyst of the Ogren Group, which provides industry analyst services for vendors focusing on virtualization and security. Prior to founding the Ogren Group, Eric served as a security industry analyst for the Yankee Group and ESG. Ogren has also served as vice president of marketing at security startups Okena, Sequation and Tizor. He can be reached by sending an email to firstname.lastname@example.org.