Internet Explorer 7 Security Features Steve Lamb Technical Security Evangelist @ Microsoft Ltd @microsoft.com

  • View
    221

  • Download
    5

Embed Size (px)

Text of Internet Explorer 7 Security Features Steve Lamb Technical Security Evangelist @ Microsoft Ltd ...

  • Slide 1
  • Internet Explorer 7 Security Features Steve Lamb Technical Security Evangelist @ Microsoft Ltd Stephen.lamb@microsoft.comhttp://blogs.technet.com/steve_lamb
  • Slide 2
  • Agenda Lessons learned from IE in Windows XP SP2 Overview of Internet Explorer 7 Detailed features and demo Timeline More information
  • Slide 3
  • First, Let me ask How many of you are using IE7 now? What build? How can we help you?
  • Slide 4
  • Post Windows XP SP2 Strengths Big security investments were worthwhile Right balance of application compatibility and security Opportunities to improve Social attacks (phishing) as important as code execution Bad trust decisions don t have an undo option Make life better for Web developers Everyone wants new features
  • Slide 5
  • Internet Explorer 7 Major innovations in IE7 for Windows XP SP2 Enhanced functionality in IE7 in Windows Vista includes: Protected Mode Parental Controls integration Key areas of focus: Makes everyday tasks easier Dynamic security protection Improved platform and manageability
  • Slide 6
  • IE7 New Look
  • Slide 7
  • Tabbed Browsing
  • Slide 8
  • Quick Tabs
  • Slide 9
  • Page Zoom Before After
  • Slide 10
  • Shrink-To-Fit Printing Web Pages Automatically Formatted To Print Properly
  • Slide 11
  • Inline Search
  • Slide 12
  • RSS Feed Platform Automatic Delivery Of Personalized Information Windows Supports RSS Feeds in Three Ways Discover, subscribe & read as you browse Update all feeds with a single click Provides Common Feed List and Feed Store to enable any application to easily support RSS Enables new scenarios via Simple List Extensions, giving RSS feeds the power to do moreBrowsersReadersAppsWebsites
  • Slide 13
  • RSS Feed Reader
  • Slide 14
  • Enhanced Validation Certificates Clearer information about trusted sites Trust Badge rotates to show Certificate Authority
  • Slide 15
  • 15 Dynamic Security Protection Internet Explorer 7 Technology to protect against technology attacks Limit programmatic access Reduce attack surface Warn if settings insecure Simplified architecture Technology to protect against social attacks Anti-phishing service Secure site visuals and info Address bar anti-spoofing One-click cleanup
  • Slide 16
  • Security Features Protecting the machine from technology attacks Unified URL parsing Cross-domain security enhancements Code quality improvements to reduce buffer overruns ActiveX Opt-in Protected Mode (Microsoft Windows Vista only) Protecting the user from social attacks Download scanning with Windows Defender Phishing Filter High-assurance SSL and address bar Dangerous settings notification Secure defaults for International Domain Names Parental controls (Windows Vista only)
  • Slide 17
  • ActiveX Opt-in & Protected Mode Defending systems from malicious attack ActiveX Opt-in: puts users in control Most controls disabled Reduces attack surface Retain ActiveX benefits, increase user security Protected Mode*: reduces severity of threats IE process sandboxed to protect OS Eliminates silent malware install Designed for security and compatibility ActiveX Opt-in Enabled Controls Windows Disabled Controls User Action Protected Mode User Action IE Cache My Computer (C:) Broker Process Low Rights * Windows Vista only
  • Slide 18
  • Change Settings, Download a Picture Exploit can install MALWARE IExplore.exe Install an ActiveX control Cache Web content Exploit can install MALWARE Admin Rights Access User Rights Access Temp Internet Files HKLM Program Files HKCU My Documents Startup Folder Untrusted files and settings Internet Explorer Running with Full Privileges
  • Slide 19
  • ProtectedMode Internet Explorer Install an ActiveX control Change settings, Save a picture Integrity Control Broker Process Redirected settings and files Compat Redirector Cache Web content Admin Rights Access User Rights Access Temp Internet Files HKLMHKCR Program Files HKCU My Documents Startup Folder Untrusted files and settings Broker Process Protected Mode Runs with Lowest Privilege
  • Slide 20
  • 20 Security Status Bar Makes users aware of online security and privacy Enhanced Validation Standard Security Phishing Filter (Warn) Trusted party has provided extensive verification for the authenticity of certificate holder Website provided a certificate matching the server and appears trustworthy The website contains characteristics found in phishing websites proceed cautiously Incorrect Data There are errors in the certificate provided and the website should not be trusted Phishing Filter (Block) A warning is displayed and users are navigated away from the website
  • Slide 21
  • https://urs.microsoft.com IEAPFLTR.DAT Known Good URLs Phishing Filter Client-side heuristics, allow-list, and Web service URL Reputation Service
  • Slide 22
  • Phishing Filter Populating the URL reputation service https://urs.microsoft.com End User Report Grader Confirmed Sites Site Owner Report Third Party Phishing databases URL Reputation Service
  • Slide 23
  • Address Bar Everywhere
  • Slide 24
  • Fix My Settings
  • Slide 25
  • IDN Display
  • Slide 26
  • Phishing Filter Suspicious Site
  • Slide 27
  • Phishing Filter - Blocked Site
  • Slide 28
  • Fix My Settings
  • Slide 29
  • Customer Call To Action Read the technology overview Upgrade to IE7 RTM Test LOB applications and public websites Provide feedback to Microsoft (mailto:ietell@microsoft.com)mailto:ietell@microsoft.com
  • Slide 30
  • More IE7 Information Download the IE7 RC1 at http://www.microsoft.com/ie http://www.microsoft.com/ie Technical docs on IE Developer Center http://msdn.microsoft.com/ie http://msdn.microsoft.com/ie IT Administrator information on Technet http://www.microsoft.com/technet/prodtechn ol/IE/ieak7 http://www.microsoft.com/technet/prodtechn ol/IE/ieak7 More technical information on TechNet http://www.microsoft.com/technet/prodtechn ol/IE http://www.microsoft.com/technet/prodtechn ol/IE Follow the IE Team Blog at http://blogs.msdn.com/ie http://blogs.msdn.com/ie
  • Slide 31
  • Resources 1 Internet Explorer Blog http://blogs.msdn.com/ie/ Internet Explorer Feedback Alias ietell@microsoft.com Internet Explorer Developer Center http://msdn.microsoft.com/ie/ Internet Explorer 7 Readiness Toolkit http://go.microsoft.com/fwlink/?LinkId=64421 Internet Explorer 7 App Compat Toolkit http://blogs.technet.com/all_things_appcompat/default.aspx Internet Explorer 7 External Bug Database https://connect.microsoft.com/site/sitehome.aspx?SiteID=136 Internet Explorer Administration Kit (IEAK) 7 Beta 2 http://www.microsoft.com/technet/prodtechnol/ie/ieak7/default.mspx
  • Slide 32
  • Resources 2 Technical Chats and Webcasts http://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asp Microsoft Learning and Certification http://www.microsoft.com/learning/default.mspx MSDN & TechNet http://microsoft.com/msdn http://microsoft.com/technet Virtual Labs http://www.microsoft.com/technet/traincert/virtuallab/rms.mspx Newsgroups http://communities2.microsoft.com/ communities/newsgroups/en-us/default.aspx Technical Community Sites http://www.microsoft.com/communities/default.mspx User Groups http://www.microsoft.com/communities/usergroups/default.mspx
  • Slide 33
  • 2006 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary. Steve Lamb Technical Security Evangelist @ Microsoft Ltd Stephen.lamb@microsoft.comhttp://blogs.technet.com/steve_lamb