IE 7 new features

can anyone give me a good overview of the new security features in IE 7 over IE 6, and which ones are essential in a corporate network to implement. No links please
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It's not necessary to implement - the corporation I work for still uses IE6. However, they have a hundred layers of firewalls and the likes before it reaches my web browser.


-Tabbed browsing, obviously.
-The search box in the top right screen for searching through search engines quickly.
-Printing advances (can print only selected text on a webpage, or scale the whole page down so it fits nicely on a sheet of paper).
-RSS if your employees need that for whatever reason...

Beyond that, there's not too many features I would think that would change productivity.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Wes MillerIT  SupportCommented:
New Security Features with no links.....
Dynamic Security Protection
Web browsers perform a broad range of functions in the computing environment. They must be open and flexible enough to enable users to interact with multiple data sources housed on a range of systems around the globe and at the same time be secure enough to prevent unwanted data access or application behaviors. Managing this balance is a top priority for Microsofts customers. The combination of the ubiquitous and essential nature of the Web browser with the requirement for bidirectional network communications gives browsers the unenviable responsibility of being both a critical element of the computing infrastructure and the primary attack point for malicious software.

Vulnerabilities exist in all sophisticated software code; the differences essentially come down to the degree of difficulty required to exploit them and what a hacker can do upon exploiting them. Further, some security vulnerabilities are not even technological in nature. For example, malicious individuals can exploit social behaviors and user misinformation techniques, resulting in users being tricked into turning over personally identifiable information through obscured Web sites, confusing dialog boxes and unexpected add-on behavior. Web browsers represent an alluring target for hackers because many users can be easily confused and, historically, have not applied all security updates in a timely manner.

Windows XP Service Pack 2 greatly improved security in the operating system and the browser. Internet Explorer 7 goes well beyond those changes, providing a significantly strengthened browser by eliminating legacy code to deliver stronger and more secure software. When combined with Microsoft Windows Defender, Internet Explorer 7 helps users achieve an unprecedented level of security protection.

Microsoft has two primary security objectives with Internet Explorer 7:
"      Protection against malware. Microsoft is committed to giving customers more confidence in the security of their browsing activity and helping to prevent the installation of malicious software. The company defines malware as all malicious code or unwanted software, including worms, viruses, adware and spyware.
"      Personal data safeguards. Microsoft aims to protect users from phishing attacks, prevent fraudulent Web sites from stealing user data, and help users more safely and securely engage in legitimate e-commerce without divulging their personal information unintentionally.
Protection Against Malware
Malware, short for malicious software, refers to software applications designed to damage or disrupt a users system. The proliferation of malware and its impact on security is a driving force behind the design of Internet Explorer 7. The new version has been improved to reduce the potential for hackers to compromise a users browser or system. In addition, Internet Explorer 7 includes several technical features designed to thwart hackers efforts to lead users into giving away personal data when they should not. Core parts of the browsers architecture also have been fortified to better defend against exploitation and improve the way the browser handles data.

URL Handling Protections
Historically, attackers have taken advantage of internal code design issues within the Web browser to attack a system. A hacker would rely on a user clicking on an HTML link referencing some type of malformed URL that contains odd or excessive characters. In the process of parsing the URL, the systems buffer would overflow and execute some code the hacker wanted to install. Given the size of Web browser application code, the most efficient solution to fixing these types of attacks was to issue updates as each was discovered and the root cause identified. Yet even with only a handful of such updates required, the more optimal solution was to rewrite the baseline application code. Internet Explorer 7 benefits from these experiences and the analysis of attack signatures. Rewriting certain sections of the code has drastically reduced the internal attack surface of Internet Explorer 7 by defining a single function to process URL data. This new data handler ensures higher reliability while providing greater features and flexibility to address the changing nature of the Internet as well as the globalization of URLs, international character sets and domain names.

ActiveX Opt-In
Internet Explorer offers Web developers the ActiveX® platform as a mechanism to greatly extend browser capabilities and enhance online experiences. Some malicious developers have co-opted the platform to write harmful applications that steal information and damage user systems. Many of these attacks were made against ActiveX Controls shipped within the Windows operating system, even though the controls were never intended to be used by Internet-facing applications. Internet Explorer 7 offers users a powerful new security mechanism for the ActiveX platform. ActiveX Opt-In automatically disables entire classes of controls  all controls the user has not previously enabled  which greatly reduces the attack surface. This new feature mitigates the potential misuse of preinstalled controls. Users will now be prompted by the Information Bar before a previously installed but as-yet unused ActiveX Control can be accessed. This notification mechanism will enable users to permit or deny access when viewing unfamiliar Web sites. For Web sites that attempt automated attacks, ActiveX Opt-In protects users by preventing unwanted access and giving the user total control. If the user opts to permit loading an ActiveX Control, the appropriate control is easily enabled by clicking in the Information Bar.

Protection Against Cross-Domain Scripting Attacks
Cross-domain scripting attacks involve a script from one Internet domain manipulating content from another domain. For example, a user might visit a malicious page that opens a new window containing a legitimate page (such as a banking Web site) and prompts the user to enter account information, which is then extracted by the hacker. Internet Explorer 7 has been improved to help deter this malicious behavior by appending the domain name from which each script originates and limiting that scripts ability to interact only with windows and content from that same domain. These cross-domain script barriers will help ensure that user information remains in the hands of only those the user intentionally provides it to. This new control will further protect against malware by limiting the potential for a malicious Web site to manipulate flaws in other Web sites and initiate the download of some undesired content to a users PC.

Protected Mode
Available only to users running Internet Explorer 7 in Windows Vista, Internet Explorer Protected Mode will provide new levels of security and data protection for Windows users. Designed to defend against elevation of privilege attacks, Protected Mode provides the safety of a robust Internet browsing experience while helping prevent hackers from taking over the browser and executing code through the use of administrator rights.

In Protected Mode, Internet Explorer 7 in Windows Vista is unable to modify user or system files and settings. All communications occur via a broker process that mediates between the Internet Explorer browser and the operating system. The broker process is initiated only when the user clicks on the Internet Explorer menus and screens. The highly restrictive broker process prohibits work-arounds from bypassing Protected Mode. Any scripted actions or automatic processes will be prevented from downloading data or affecting the system. Specifically, Component Object Model (COM) objects will only be self-aware and will have no reference information by which to identify and attack other applications or the operating system.

Internet Explorer Protected Mode helps protect users from malicious downloads by restricting the ability to write to any local machine zone resources other than temporary Internet files. Attempting to write to the Windows Registry or other locations will require the broker process to provide the necessary elevated permissions. Internet Explorer Protected Mode also offers tabbed browsing security protection by opening new windows  rather than new tabs  for content contained outside the current security zone.

Fix My Settings
Knowing that most users are likely to install and operate applications using the default configuration, Internet Explorer 7 ships with security settings designed to provide the maximum level of usability while maintaining controlled security.  There are legitimate reasons why a custom application may require a user to lower security settings from a default, but it is critical the user reverse those changes when they are no longer needed.  Internet Explorer 7 introduces users to the new Fix My Settings feature to keep users protected from browsing with unsafe settings.  This new feature in Internet Explorer 7 warns users with an Information Bar when current security settings may put them at risk.  When a user makes changes in the security settings window, they will see settings automatically highlight in red if they modify certain critical items.  In addition to dialog alerts warning the user about unsafe settings, the user will be reminded by the Information Bar as long as the settings remain unsafe.  Users can instantly reset the security settings to the Medium-High default level by clicking the Fix My Settings option in the Information Bar.


Advanced Protection Against Spyware With Windows Defender
Microsoft Windows Defender enhances security and privacy protections when used with Internet Explorer 7. Extending the protections against malware at the browser level, Windows Defender helps prevent malware entering the machine via piggy-back download, a common mechanism by which spyware is distributed and installed silently along with other applications.

Although the improvements in Internet Explorer 7 cannot stop non-browser-based spyware from infecting the machine, using it with Windows Defender will provide a solid defense on several levels. Windows Defender is available for Windows XP and is also in Windows Vista.
Personal Data Safeguards
Most users are unaware of how much personal, traceable data is transmitted with every click of the mouse while they are browsing the Web. The extent of this information continues to grow as browser developers and Web site operators evolve their technologies to enable more powerful and convenient user features. Similarly, most online users are likely to have trouble discerning a valid Web site from a bogus copy.

The extent to which convenience and discount pricing are available online gives users an attractive reason to click and buy. The Internet enables any large or small business to easily create an online storefront for selling goods, enabling the business to reach a consumer audience well beyond traditional physical and geographic boundaries. Search engine marketing efforts allow these Web sites to establish instant consumer credibility and reach millions of users through some of the largest search engines or portal Web sites. The combination of these factors creates situations in which consumers are dealing with distant businesses and left with fewer concrete mechanisms to differentiate legitimate businesses from those seeking to collect their information for improper gain. Another challenge facing users is the ability for malicious Web site operators to abuse the same search listing services to attract unsuspecting consumers to knockoff Web sites designed to mimic the appearance and function of well-known and trusted businesses.

A technique used by many malicious Web site operators to gather personal information is known as phishing  masquerading online as a legitimate person or business for the purpose of acquiring sensitive information. Such fake Web sites designed to look like the legitimate sites are referred to as spoofed sites. Over the past year, phishing attacks have been reported in record numbers, and identity theft is emerging as a major threat to personal financial security. In the past two years, the number of confirmed phishing sites has grown twenty-fold  from 580 to more than 11,000 (source: Anti-Phishing Working Group, April 2006 report).

Unlike direct attacks where hackers break into a system to obtain account information, a phishing attack does not require technical sophistication but instead relies on users willingly divulging information such as financial account passwords or Social Security numbers. These socially engineered attacks are among the most difficult to defend because they require user education and understanding rather than merely issuing an update for an application. Even experienced professionals can be fooled by the quality and details of some phishing Web sites as hackers become more experienced and learn to react more quickly to avoid detection.

Internet Explorer 7 offers a range of enhancements and solutions to better protect against malicious Web site operators and help prevent users from becoming victims of confusing URLs. The new Security Status Bar, located next to the Address Bar, is designed to help users quickly differentiate authentic Web sites from suspicious or malicious ones. In addition, Internet Explorer provides a simple file cleanup utility.

Certificates also play an essential role for users in validating e-commerce Web sites and helping to thwart phishing scams. The Security Status Bar in Internet Explorer 7 enhances access to certificate information by placing it more prominently in front of users and providing single-click access to the certificate.

Extended Validate Certificates
Over the past few years, Web browser users have been introduced to the concept of encrypted communications and secure sockets layer (SSL) technologies to better protect their information from being obtained by third parties. Although many users have become quite familiar with SSL and its associated security benefits, a large proportion of Internet users remain overly trusting that any Web site asking for their confidential information must be protected. With the explosion of small- and home-based business Web sites selling goods that span the pricing spectrum, users are even more likely to encounter unknown entities asking for their financial information. The combination of these factors creates a situation ripe for abuse. Internet Explorer 7 addresses this issue by providing users with clear, prominent, color-coded visual cues to the safety and trustworthiness of a Web site. With the assistance of Internet Explorer 7 to help identify legitimate Web sites, users can more confidently browse and shop anywhere on the Internet.

Previous versions of Internet Explorer placed a gold padlock icon in the lower-right corner of the browser window to designate the trust and security level of the connected Web site. Given the importance and inherent trust value associated with the gold padlock, the new Security Status Bar places it more prominently in users line of sight. Users can now view the certificate information with a single click on the padlock icon. The Security Status Bar also supports information about Extended Validation certificates for those sites meeting guidelines for better entity identity validation. Users can benefit from support for Extended Validation certificates by having instant visual access to the increased validation of authenticity for a given Web site. To provide users with another visual cue designed to help them recognize questionable Web sites, the padlock now appears on a red background if Internet Explorer 7 detects any irregularities in the sites certificate information. By contrast, trusted Web sites will clearly display the name of the certificate owner and a gold background to indicate that users can provide confidential data.


Microsoft Phishing Filter
Developers of phishing and other malicious activities thrive on lack of communication and limited sharing of information. Using an online service that is updated several times an hour, the new Phishing Filter in Internet Explorer 7 consolidates the latest industry information about fraudulent Web sites and shares it with Internet Explorer 7 customers to proactively warn and help protect them. The filter is designed around the principle that, to be effective, early warning systems must derive information dynamically and update it frequently.

The Phishing Filter combines client-side scans for suspicious Web site characteristics with an opt-in online service. It helps protect users from phishing scams in three ways:
1.      It compares the addresses of Web sites a user attempts to visit with a list of reported legitimate sites that is stored on the users computer.
2.      It analyzes sites that users want to visit by checking those sites for characteristics common to phishing sites.
3.      It sends the Web site address that a user attempts to visit to an online service run by Microsoft to be checked immediately against a frequently updated list of reported phishing sites.

Internet Explorer 7 uses the Security Status Bar to signal users (in yellow) if a Web site is suspicious. The example below shows a site that is attempting to spoof a legitimate Woodgrove Bank site.


If the Web destination has been confirmed as a known phishing site, Internet Explorer 7 signifies the threat level in red and automatically navigates the user away from that site.


URL Display Protections
Hackers commonly attempt to mislead users into thinking they are looking at information from a known and trusted source. A valuable hacking tool has been the ability to hide true URL information and domain names from users. Internet Explorer 7 contains two powerful visual tools to help prevent users from being duped: an Address Bar in every window and Internationalized Domain Name (IDN) support.

Address Bar in Every Window
With Internet Explorer 7, all browser windows require an Address Bar. Because hackers often have abused valid pop-up window actions to display windows with misleading graphics and data as a way to convince users to download or install their malware, the requirement of an Address Bar in each window will help ensure that users always know more about the true source of information they are seeing.


IDN Display Protections
Internet Explorer 7 natively delivers full IDN functionality and display protections. The Internet incorporates a global community, and browsers must be able to handle non-English characters and domain names. Operators of malicious Web sites have used international character display issues as a mechanism for phishing attacks against users and as a way to hide the true Web site domain name. The problem derives from international alphabets; many characters in certain languages (e.g., the letter a in English) can resemble entirely different characters in other languages (e.g., the letter 0 in Cyrillic). As a result, an individual with malicious intent may register a similar domain name to fool users into submitting their content to a false site. Previous versions of Internet Explorer did not have IDN support and thus were not vulnerable to this attack. Internet Explorer 7 not only delivers native IDN support but also provides extensive security mechanisms to protect users from attack. One of the core security features of IDN support in Internet Explorer 7 is the multiple language display in the Address Bar.


Internet Explorer 7 IDN rules force the display of the Punycode domain name format when multiple character sets are contained within a single domain name label. For example, the URL http://www.microsó would be displayed in Punycode since it mixes both the French and English character sets in the same label portion. The address bar would display, alerting the user and calling attention to the suspicious URL. The URL would be displayed correctly because the language character sets are contained in separate labels.

Delete Browsing History for Better Protection of Privacy and Passwords
All Web browsers provide mechanisms to delete history information, clean the cache, erase automatically completed form history and clear the Start/Run history. The removal of this data requires deleting each set individually, and not all the necessary removal buttons are located on a single screen or within one application. Internet Explorer 7 provides a Delete Browsing History option that provides users with one-click cleanup to easily and instantly erase personal data. Delete Browsing History is especially valuable in shared-resource environments. Accessing online resources using a friends computer seems harmless enough, but the user then becomes reliant on the security of the friends system to protect his or her data. Likewise, in public environments such as libraries, schools and conference centers, computers may be used by hundreds of people and potentially expose personal data and history information to every one of those users. Delete Browsing History provides a simple mechanism to instantly erase information and eliminate any concern for data privacy on other systems. It is another way Microsoft is working proactively to deliver tools that improve user safety and data protection.

Parental Controls
Internet Explorer 7 in Windows Vista provides additional security and privacy mechanisms by utilizing a network layer filter component. Available to all Windows Vista applications, this network layer service allows parents to establish filter controls for objectionable content or define a specific set of allowable Web sites to browse. Internet Explorer 7 in Windows Vista works directly with the Parental Controls service to provide easy access to logging information and a single interface for managing settings. The Parental Controls service can also be set to block file downloads, offering another way to prevent malware from getting on a system. If Parental Controls are set to block downloads, Internet Explorer 7 in Windows Vista will automatically block the file unless the user is able to provide the appropriate administrative password. If Parental Controls are set to permit file downloads, all downloads will be logged for review at a later time. If a child attempts to access a page with mixed content  data contained both on and off the allowable list of Web sites  Internet Explorer 7 in Windows Vista will present the user with an Information Bar to request permission from a parent to approve the download. When the entire page is blocked, an error page is displayed that also provides a link allowing the child to request permission.

the above was extracted from the Microsoft Technology Overview: Internet Explorer 7
© 2008 Microsoft Corporation. All rights reserved.
Source of Information:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Browsers

From novice to tech pro — start learning today.