Enhanced Web Browser Security Privacy and Anti-Phishing in IE9
Web Browser wars are just heating up. It is heartening to see that after a relentless pursuit of making the web browser feature-rich and user-friendly focus is now being made on the security aspects as well. The browser developer companies are giving due considerations to the fact that browsers are the windows to the external world for the users and their ruggedness is the first key to the privacy and PC security of the users.
Internet Explorer 9 is the latest version of the old war-horse from Microsoft which is still under development stage. It is being developed only to run on machines with Vista SP1 and above which means that Windows XP, the most used OS at present, is out of luck.
But this post is about the new and enhanced security features present in the Internet Explorer 9. Here we go…
1. InPrivate Browsing: It seems that private browsing is the order of the day. You can invoke or close it at your will. Once inPrivate browsing is invoked, IE9 stops retaining your browsing history, temporary Internet files, data from online forms, cookies, user names and passwords.
2. InPrivate Filtering: When you visit a webpage, it is not necessary that all the content is served from that domain only. Lots of content like advertisements, images, scripts, tracking codes etc. is served from other domains and often this is the cause of the malware infections.
InPrivate Filtering feature allows you to decide how much of this third-party content they want to experience. Once it’s enabled, InPrivate Filtering is designed to watch for and block third-party content you frequently find across the websites you visit.
3. Download Manager with SmartScreen filter Integration: SmartScreen is a URL blacklist providing malware and phishing protection. Starting with this version, Microsoft introduced SmartScreen download reputation. SmartScreen download reputation is a browser feature that uses reputation data to remove unnecessary warnings for well-known files, and shows more severe warnings when the download has a higher risk of being malicious. This reduces the problem of having the users ignoring or deactivating these warnings if they appear too often. The download manager also performs some malware checks, digital signature checks, and so on.
4. Domain highlighting: An effective measure against phishing attempts is to look in the address bar for the actual domain name of the URL. Domain highlighting feature in IE9 highlights the domain name for easy identification, which allows users quickly understand the actual address of the website. This reduces the chances of them getting fooled by the look-a-like URLs with the target phishing domain.
5. Cross-Site Scripting Filter: Cross-site scripting is a particularly nasty form of online attack that can jeopardize the personal information of website visitors. In a cross-site scripting attack the attackers inject malicious code into a website. That code can then get the attacker access to page content (even content that was secured behind a users name and password), session cookies and other information maintained by the visitor’s Web browser.
Internet Explorer 9 has a cross-site scripting filter that’s built to detect these cross-site scripting attacks. The filter is turned on by default in Internet Explorer 9; when it finds a harmful script running on a Web page it takes steps to disable the script and keep visitors to the website safe.