Windows 7 Security : New Security Features in Internet Explorer 8

Internet Explorer 8 now includes new anti-malware protection and better ways to protect your privacy.

InPrivate Browsing

When enabled, InPrivate Browsing hides activity from your browser history. When you turn on InPrivate Browsing, a bar next to the address bar shows you’ve enabled this browsing mode (see Figure 1). This means that your browser history will not retain the addresses of sites you’ve visited.

Figure 1. When InPrivate Browsing is enabled, you’ll see this notifier in the address bar.

Some websites gather information about you when you visit the site. InPrivate Filtering prevents these sites, which may supply content to the page you’re visiting, from doing so. You can also choose the sites you’ll allow to collect your data. You can enable or disable InPrivate Filtering without turning on InPrivate Browsing by clicking the icon at the bottom of the program’s window.

SmartScreen

The SmartScreen filter blocks both phishing and malware-distributing sites. Phishing involves sending an email to a user and falsely claiming to be an established legitimate enterprise in an attempt to trick the user into surrendering private information that will be used for identity theft. The email directs you to visit a website where you are asked to update personal information, such as passwords and credit card numbers, your Social Security number, or bank account numbers. This website is bogus and steals your information, usually transferring it to identity thieves.

Malware sites contain rogue programs that can plant Trojan horses, viruses, or other destructive applications in your computer. These programs pose a major security threat to Internet security internationally and are proliferating yearly. Your best protection is to stay away from these sites, but because new ones are created all the time, your problem is identifying the new ones.

With Windows 7, when you land on either a phishing site or a malware site, you see a red page with a warning, rather than being taken to the site. If you’re unsure about a site, you can check it from the Safety menu, where you can also report destinations that you’ve determined contain malware (see Figure 2).

Figure 2. SmartScreen Filter will check sites that you aren’t sure about and will flag you if you attempt to visit a known dangerous site.

With cross-site scripting (XSS), you might get an email, for example, with a link to a legitimate site, such as that of a store. However, characters appended to the URL run a script that could send your keystrokes to the malware writer or other destinations. When such an attack is detected, IE8 automatically refuses to execute the related script code and alerts you that an attack has been blocked.