Overview of Internet Explorer 8 (part 3) - Using New Security and Safety Features of IE8 & Working with SmartScreen Filters

- Free product key for windows 10
- Free Product Key for Microsoft office 365
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
6/26/2011 11:41:18 AM

5. Using New Security and Safety Features of IE8

The new security and safety features of Windows Internet Explorer 8 are designed to help protect end users from malicious attacks or attempts to get personal information from the user without their knowledge. Users expect things to be as they appear which is not always the case. Because we all use the internet and our corporate intranets to provide information every day, online crime has risen dramatically.

The new type of criminal we face are known as cybercriminals, and they are using extremely deceptive and sophisticated methods for getting information from end users. One method is the use of malware to steal private information through software pretending to be an expected website. This malware could be a program running on your PC which reads everything you type (including login information from a web browser) and reports the info back to a cybercriminal. Phishing is another technique used by cybercriminals to gain personal information from users. Phishing can be perpetrated by the cybercriminal pretending to be a legitimate website such as the user's banking site or credit card site and getting the end user to enter information into a fraudulent page.

New features of IE8 helping to identify malware and phishing schemes will make it easier for end users to quickly identify potential issues and allow the administrators to spend less time "fixing" the network and user-compromised data. Domain Highlighting, Cross Site Scripting Kilter, Click-Jacking prevention, Smart Screen filters, a -InPrivite Browsing, and InPrivate Filtering are new additions to Windows Internet Explorer 8.

5.1. Using Domain Highlighting

Domain Highlighting is one of the new features in Windows Internet Explorer 8 that gives the user more feedback about the website they are visiting. When a user surfs to a website, they normally type in a Uniform Resource Locater (URL) in the form of, for example, This is displayed in the address bar of the browser, and the user can see it during the entire browsing session. This may or may not be apparent to the user as it is in nondescript text and nothing jumps out at them. In IE8, the displayed URL is shown to the user with the domain highlighted, for example, As the user continues to surf to other pages within Bing, the domain portion,, remains clear (the other text softens to gray) so if the user is redirected to another site, there is a visual clue jumping out at the user.

If you take a look at Figure 8, you can see the same search string issued in both Windows IE7 and IE8. Notice how much better stands out in the Windows Internet Explorer 8 address bar.

Figure 8. Domain Highlighting in IE8

Domain Highlighting and user education are a good starting place for security and safety, but are there features that can be added to proactively help the user? Yes, one of the more common phishing/malware activities is Cross Site Scripting (XSS), where the user inadvertently runs a script in a website link exploiting a flaw in the website, or Click jacking, where a user clicks a link that says one thing on the page but sends the user somewhere else. IE8 has proactive software to help identify these types of phishing/malware attacks before they can happen.

5.2. Defending Against Cross-Site Scripting and Click-Jacking

Cross-site scripting (XSS) attacks attempt to exploit vulnerabilities that exist in the websites you use. XSS attacks are set up by inserting an address to a malicious website in a link a user might click on in an email. The data in the link directs the browser to a legitimate website that has been compromised to contain malicious code that can capture keystrokes, letting the cybercriminal capture a user's login credentials (user name and password).

As a leading compromise today, Windows Internet Explorer 8 includes a Cross Site Scripting filter that attempts to detect these types of attacks and disable the harmful scripts. If users surf to a website that has been compromised, the problem can be detected and 1E8 can modify the request, avoiding the potential risk.

A message will appear at the top of IE8 page indicating to the user that "Internet Explorer has modified this page to help prevent cross-site scripting." Figure 9 shows the message displayed when a malformed query is issued to a search engine. The user can click the message to get further information about the compromise.

Figure 9. Cross-site scripting filter message

As with all of technology and cybercrime, it's a cat-and-mouse game between the administrators and users, and the cybercriminals. Every time the good guys find a way to block or mitigate an attack, the bad guys (good or bad I guess depends on your point of view) find a different way to perpetrate an exploit. Click-jacking is a growing threat to our online community. A savvy cybercriminal can create a website where a real page is placed in a frame in the attacker's page.

Clicking on an item in the attacker's page allows the attacker to manipulate your input and have you view an advertisement at best or change your browser parameters at worst. Windows Internet Explorer 8 includes code that will allow developers to prevent their websites from getting inserted into a frame in the IE8 interface, helping to mitigate the click-jacking problem.

The cross-site scripting filter and click-jack prevention code offer protection against malicious code in a website. There is also a set of tools included in Windows Internet Explorer 8 that help prevent the user from visiting a website that has been reported as unsafe or downloading content that has been reported as unsafe. This protection is known as Smart Screen filtering.

6. Working with SmartScreen Filters

Microsoft maintains a database of unsafe websites that is checked while a user is browsing through websites. If an unsafe website is chosen, IE8 wilt block the user's request and present a page displaying the fact that the page has been identified as unsafe and changing the background color of the address bar to reflect the same.

The user can continue to the web page if they are confident of the safety of the website by choosing More Options and continuing to the website. This functionality is part of the IE8 suite of technologies helping to protect the users from the deceptive practices of cybercriminals. The SmartScreen filters also have the ability to block malware or phishing from within initially safe sites by including specific pages identified as unsafe in the Microsoft unsafe website database.

Another new feature added to SmartScreen filters is the ability to protect the user from unsafe downloads. If a user attempts to download a file and the file has been reported as unsafe (and accepted into the Microsoft database as unsafe), an Unsafe Download security warning dialog box is generated and the user is prevented from downloading the file. As with the unsafe website filters, the user can still choose to continue the download if they are confident the file they are requesting is safe, as shown in Figure 10.

Figure 10. SmartScreen filter of an unsafe download

Administrators do have the option of configuring Group Policy for Windows Internet Explorer 8 to disable the ability of the users to download unsafe files if this is desired. You do have the ability to manage Smart Screen Filtering functionality from the Safety menu of IE8. Figure 11 shows the option to select Turn Off Smart Screen Filter.... From the Smart Screen filter menu choice you do have the ability to check whether the current site has been reported as unsafe (let's say you turned off Smart Screen Filtering but would like to check a specific site).

Figure 11. Smart Screen Filter options menu

The Smart Screen Filter menu option also gives you the ability to report a website as unsafe. Once submitted, Microsoft will review the site and add it to their database if they determine it meets the criteria they have put in place for an unsafe website. Microsoft has also added two new features to protect a user's personal information. The new features are InPrivate Browsing and InPrivate Filtering.

6.1. Using InPrivate Browsing and InPrivate Filtering

InPrivate browsing provides some level of privacy to users using Windows Internet Explorer 8. The privacy maintained with InPrivate browsing relates to current browsing where an InPrivate session has been enabled. The InPrivate session prevents the browsing history from being recorded nor will temporary internet files be retained. Cookies, usernames, passwords, and form data will not remain in IE8 following the closing of the InPrivate session nor will there be any footprints or data pertaining to the InPrivate browsing session.

This is a good method of protecting user data if you are not surfing from your own machine or are surfing from a public location (always a bad place to leave personal information). InPrivate browsing can also be used if you don't want anyone to be able to see data from your internet browsing session.

There are several ways to launch an InPrivate IE8 browsing session. One way is to open a new tab and select the Open An InPrivate Browsing Window option from the Browse With InPrivate section. This will open a new tab and the tab will be an InPrivate session. You can also choose to open Windows Internet Explorer 8 and start an InPrivate session directly by choosing the Safety menu item and selecting the InPrivate Browsing menu choice.

You can also open a new IE8 browser and press Control+Shift+P. Figure 12 shows an InPrivate session launched with Control+Shift+P and going to This will ensure any of my login and browsing information will not be saved to this computer.

Figure 12. InPrivate Browsing session

InPrivate Browsing keeps information from being saved to the local machine while the session is active, but don't get lulled into a false sense of security; malware, phishing, and other methods that send data out of the local machine are still valid and can provide personal information to a cybercriminal.

InPrivate Filtering takes a slightly different approach in providing security and safety to the user who is surfing using Windows Internet Explorer 8. Many of today's websites gather content from different sources as they present a web page to you. Some of these sources are websites outside the main location, and they provide third-party companies with tracking information about where you surf and what you look at.

This information can then be used to provide statistics as well as send advertisements back to you. InPrivate Filtering provides an added layer of control for the user to decide what information third-patty websites will have access to while the user is browsing, limiting the ability of third-party websites to track their browsing usage.

InPrivate Filtering is not enabled by default and must be enabled per browsing session. It is enabled from the Safety menu in IE8. You can alternatively use Control+Shift+F to enable InPrivate Filtering.

Once you choose InPrivate Filtering, you will be given the option to have IE8 automatically block some third-party content or choose to let the user select which third-patty providers will receive the user's browsing information (Figure 13). You can always go back and change the options later or turn off InPrivate Filtering if you desire.

Figure 13. InPrivate Filtering options

After InPrivate Filtering is enabled, you can see which pages have been blocked as third-party queries from the InPrivate Filtering Settings dialog box. The InPrivate Filtering Settings dialog is an alternate location for enabling InPrivate Filtering (as shown in Figure 14) or disabling it. You open InPrivate Filtering Settings from the Safety menu item of Windows Internet Explorer 8.

Figure 14. InPrivate Filtering settings

Along with the new security and safety features of Windows Internet Explorer 8, there are several enhancements to existing features. Some of the enhanced items include Data Execution Prevention, Automatic Crash Recovery, and Enhanced Delete Browsing History.

One of the many advantages of IE8 is that you can configure the web content filter. IE8 also allows you to set up and configure the Allow and Block lists. The Allow and Block lists are lists that you can subscribe to that will automatically filter out certain websites.

Other -----------------
- Overview of Internet Explorer 8 (part 2) - Defining IE8 Web Slices & Using IE8 Compatibility View
- Windows 7 : Configuring Hardware and Applications - Managing Applications
- Windows 7 : Configuring Hardware and Applications - Managing Printers
- Windows 7 : Configuring Hardware (part 2) - Installing and Updating Device Drivers & Driver Signing
- Windows 7 : Configuring Hardware (part 1) - Device Stage & Using Device Manager
- Windows 7 : Scripting Windows with PowerShell - Creating PowerShell Scripts
- Windows 7 : Scripting Windows with PowerShell - Scripting Objects
- Windows 7 : Scripting Windows with PowerShell - Running PowerShell Cmdlets
- Windows 7 : Scripting Windows with PowerShell - Getting Started with PowerShell
- Scripting Windows 7 with WSH : Programming the Windows Management Instrumentation Service
- Scripting Windows 7 with WSH : Scripting Internet Explorer
- Scripting Windows 7 with WSH : Programming the WshNetwork Object
- Scripting Windows 7 with WSH : Programming the WshShell Object (part 2)
- Scripting Windows 7 with WSH : Programming the WshShell Object (part 1)
- Scripting Windows 7 with WSH : Programming the WScript Object
- Scripting Windows 7 with WSH : Programming Objects
- Scripting Windows 7 with WSH : Scripts and Script Execution
- Adding Macs to Your Windows 7 Network : Letting Windows Computers See Your Mac Shares
- Adding Macs to Your Windows 7 Network : Using a Mac to Make a Remote Desktop Connection to Windows 7
- Adding Macs to Your Windows 7 Network : Connecting to a Windows Shared Folder
Top 10
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
programming4us programming4us