IE7 Security Vista Security Discuss IE7 Security in the Windows Vista forums; IE7 two main security objectives are to protect user against malware and data safeguards. But it’s up to the user to learn about and use the different options. Here’...

[felix8406]

IE7 two main security objectives are to protect user against malware and data safeguards. But it’s up to the user to learn about and use the different options.

Here’s one of those options:

Protected Mode: It’s designed to defend against “elevation of privilege” attack, which can prevent hackers from executing codes through the use of administrator rights. The protected mode is turned on by default, if is not, open IE7, click on Tools (upper right hand side), Internet Options, Security tab and place a checkmark on Enable Protected Mode. Close and restart IE7.

[Znod]

Are these functions redundant if one is using UAC and Defender? If so,then they would provide a good reason to use IE7 or the equivalent under Firefox (i.e., No Script and 3rd party malware protection). That is, since most baddies get in through the web, one could leave UAC and Defender off when not on the the web. But, of course, one needs AV protection regardless.

[felix8406]

The Protected Mode is just another line of defense that works with Windows Defender. When IE7 is run in Protected Mode, communication between the OS and the browser is through a broker, which cannot be scripted without permission by the user. The Protected Mode allows writing to temporary Internet files only. Windows Defender provides additional security to IE7 by preventing malware to piggyback via a download.

[jayaustin]

people need to remember that there is not ANY OS that is 100% secure. There is a tradeoff with secureity and ease of use as well. IE7 and Vista have made vast improvements in the security of the platform. The protected mode is one of the better additions to IE7.

[felix8406]

Jay, you are so correct. The biggest problems with security, in many occasions, is that we can be our worst enemies because we don't allow the programs to do what they are designed to do.

Another IE7 security feature is ActiveX Opt-In

IE7 permits ActiveX platform because it’s a useful tool, especially for developers. The issue with the ActiveX platform is that some developers use it to write harmful applications designed to steal information or to damage a user PC. IE7 offers protection from these applications by prompting a user before downloading potential unsafe content and by not downloading unsigned ActiveX control. If the ActiveX control has not been previously used on the Internet, you’ll be prompted by the Information Bar so you can either accept it or reject it.

You can quickly activate ActiveX control by opening IE7, going to Tools, Internet Options, Security tab and choose the "Reset all control to default level" option.

[Znod]

Thanks felix.

[felix8406]

You are very welcome, Znod.

Another protection from IE7 that is activated by default or that can simply be selected by opening IE7, going to Tools, Internet Options, Security tab and choose the "Reset all control to default level" option is Protection against cross-domain scripting attacks.

During a cross-domain scripting attack, one Internet domain scripts another domain to manipulate its content. For example, let’s say you received an email about a certain product. When you click the link and open the website, that website will open a new window containing your legit bank website. As you enter the banking information on the legit bank website, the hacker can easily extract the information you are entering.

IE7 can prevent this by appending the domain name from which each script originates and allowing that script to interact only with windows and content from that same domain. This ensures that only your bank domain can see the information. This also protects against malware by limiting the potential for a malicious website to manipulate flaws in other websites.

[felix8406]

Just a few days away for Vista, it's the perfect time to think about making sure your PC is secured.

Here's one more IE7 security designed to make your Internet experience more secure: Fix My Settings

Again, as previously mentioned, most security settings on IE7 are set by default during the installation, but every now and then you may need a custom setup, which my lower your level of security. In such circumstances, it is important that you set the default settings as soon as the custom settings are no longer needed.

IE7 incorporate the Fix My Settings feature, which let you know that you are browsing with unsafe settings. It warns you with an Information Bar as long as the settings remain unsafe. Also, when you modify a critical component of IE7, you will see a red highlight for that component. To revert back to the default settings, click the Fix My Settings option in the Information Bar (see snips). If you close IE7 without changing the unsafe condition and reopen it, IE7 will reopen to a neutral page and warn you that you are browsing in an unsafe way.

[jayaustin]

One thing, all of these settings and reminders can be turned off. There will be many admins that do turn off some of these settings because of the volume of calls that they get. This can be a dangerous thing. They should try to educate the ens users about the need for some of these security measures. Look at UAC for example. Can anyone see admins either turning off this feature, or at least not requiring a password?

[felix8406]

Excellent point and comment Jay. Like you just mentioned, these features can be turned off and usually are, and not always for good reasons. Some users may feel that these security features are annoying or get in their way somehow. That’s the main reason why some user’s PC get infected with malware while others rarely do. Another reason is that some administrators don’t have full knowledge about the principles behind a feature and don’t understand the risks involved.

My suggestion is that if a user doesn’t understand about the risks of turning these features off, leave them alone. Let them set to default, and be aware of applications that ask for a feature to be disabled.

Here’s another reason to run IE7 with default settings: URL-handling protections.

Hackers can take advantage of browser’s internal code design to get into your system, and not with good intentions I may add. This can be done by clicking a link that may reference a malicious URL. As the browser execute the process of parsing or defining the URL, the system’s buffer overflows and executes codes that hackers want to install. Browsers can prevent this by issuing updates as each attack is discovered and the root cause identified, rewriting its code every time an attack occurs.

Microsoft designed IE7 to automatically rewrite the baseline application code providing better security and minimizing possible hacker attacks to your PC. This is important, not just to prevent the attack, but also due to the unfortunate nature that hackers are always looking for ways to damage your system or steal your personal information or identity.