Internet Explorer 10 Brings New Security Features to Windows

screenshot of Internet Explorer 10 displaying MSN page of political news.With each new upgrade of its Internet Explorer Web browser, Microsoft has brought in improved security features.

That pattern continues with Internet Explorer 10, which promises a number of new enhancements when it’s released along with Windows 8 at the end of October. (The browser will also run in Windows 7.)

Internet Explorer hasn’t always had the best reputation when it comes to security, although that’s partly because many computer users still use out-of-date versions such as IE 6. Today, Internet Explorer also has to compete with Google Chrome and Mozilla Firefox, which are considered to be more secure.

However, having an up-to-date browser is far more important than which flavor of browser you use. Each new iteration of browser technology is always more secure than the previous version. 

[How Your Old Browser Threatens Your Security]

Under the hood

Michael Sutton, vice president of security research for Zscaler ThreatLabZ in San Jose, Calif., said many of IE 10′s new security features are enhancements of what older versions offered. They include:

Enhanced Protected Mode: “Protected Mode” was first introduced with Internet Explorer 7 in 2006 and ensured that Internet Explorer ran with restricted privileges that limited its effect on other applications or on Windows.

Enhanced Protected Mode, introduced in IE 10, extends this further by ensuring that the browser has read/write access only when absolutely necessary.

One complication of this extended feature is that most browser add-ons are not yet compatible with Enhanced Protected Mode and will be disabled until they are updated.

InPrivate browsing: First introduced with Internet Explorer 8 in 2009 and designed to prevent storing a user’s browser history, InPrivate Browsing — sometimes known as “porn mode” — will now be per-tab rather than per-session.

ForceASLR: Microsoft has enhanced memory-bed controls with each successive iteration of IE to prevent code injected into a running application from executing.

Address space layout randomization (ASLR) was introduced in IE 7 and randomized the locations in memory of various modules. That way, it’s more challenging for malicious code to call various functions.

ForceASLR extends this concept by randomizing the location of all modules loaded into memory by the browser.

Yanking out the plug-ins

Internet Explorer 10 also addresses chronic security problems with two common browser plug-ins: Java and Adobe Flash Player.

In the old Web, Flash and Java enabled the first rich, cross-browser application experiences, far beyond what browsers alone could offer. Many games, video clips, remote desktop interfaces and browser utilities ran in Flash or Java.

“In the new Web, the emerging standards-based technologies, like those in HTML5, will offer capabilities similar to those plug-ins, natively in the browser,” said Chris Weber, co-founder of Casaba, a software-security company in Redmond, Wash.

But Java and Flash have been the targets of countless attacks over the past couple of years, with the result that many security experts recommend disabling them altogether.

“The new Web will run cross-browser without the need for plug-ins, making for a reduced attack surface and more secure browsing experience,” Weber said. “The emerging standards we call HTML5 are providing specifications for rich features previously only found in third-party plug-ins (e.g. Java, Flash, Silverlight). HTML5 is paving the way to a browser experience that doesn’t require plug-ins.”

Weber pointed out that Internet Explorer 10 has an integrated Flash player, similar to what Chrome has had for years.

However, IE10 comes in two variants — a “desktop” version that’s not very different from IE 9, and a new “Modern” interface that’s built for tablets and touch screens running Windows RT, a mobile version of Windows 8.

The Modern interface will permit only preapproved, “whitelisted” websites to run Flash.

“The simplest way to put this is that Flash will work in some sites, and not in others,” Weber said. “Developers should be making efforts to move away from it, and move toward HTML5 standards which provide similar functionality.”

Does that mean HTML5 is the answer to the security problems that seem to accompany some browser plug-ins? Perhaps it will be in the future, but not yet.

“HTML5 will try to replace all proprietary plug-ins eventually; however, Internet Explorer 10 will have to support Java and Flash because the majority of Internet users want to be able to use applications that rely on these plug-ins,” said Marcus Carey, a security researcher at Boston-based vulnerability-management company Rapid7.

“Microsoft needs to recognize this and support both plug-ins for the foreseeable future if they want to maintain any kind of viable market share in the browser market,” Carey said. “This is particularly true for business environments that rely on Java for productivity. … If IE10 can’t support their needs, they will use alternative browsers such as Firefox or Chrome.”

Tight race against Chrome

So how do the new security features in Internet Explorer 10 compare with those in other browsers? According to Weber, Chrome and IE run pretty closely together when it comes to security features; however, IE is pushing a few extra points when it comes to memory protection.

Firefox is lagging behind by not building in such major features as process isolation, or “sandboxing,” which IE and Chrome have both featured for a while now.

The security experts agree on one thing: Only time will tell how well the security features and enhancements in IE10 work, and where IE10 fits into the crowded browser market.

This story was provided by SecurityNewsDaily, a sister site to Laptopmag.com.

LEAVE A REPLY
Name*
Email* (will not be published)
Website
*Indicates required field
Comments*
Submit Comments

FIND A REVIEW
Laptops
All Product Types Accessories Cars Digital Camcorders Digital Cameras eReaders GPS Laptops MP3 & Video Players Projectors Smartphones Software Storage Tablets / MIDs VoIP Wi-Fi
All Subcategories
All Subcategories All-Purpose Budget Business Desktop Replacement Gaming Multimedia Netbook Nettop Rugged Student Tablet PCs Ultraportable
Brand
Acer Alienware Apple Archos ASUS Averatec BenQ CTL Corp. Dell Digital Storm eMachines Emtec Everex Fujitsu GammaTech Gateway General Dynamics Getac Gigabyte Hercules HP HTC iBuyPower Intel Lenovo MSI Nokia Nvidia OCZ OLPC OQO Origin Panasonic Sager Samsung Sony Sylvania Systemax TabletKiosk Toshiba Verizon Viewsonic Viliv VooDoo Workhorse PC ZT Systems
Minimum Rating
Any Rating 4.5 Stars 4.0 Stars 3.5 Stars 3.0 Stars
Screen Size
10 11 12 13 14 15 16 17 18 20 4 5 6 7 8 9
Resolution
1024x576 1024x600 1024x768 1200X800 1280 x 720 1280x1024 1280x768 1280x800 1366x678 1366x768 1440x1050 1440x900 1600x768 1600x900 1680x1050 1680x945 1920x1080 1920x1200 800x400 800x480
Weight Range
10.1 - 12.0 pounds 12.1 - 14.0 pounds 14.1 - 16.0 pounds 2 lbs 2 pounds and under 2+ lbs 2.1 - 4.0 pounds 4.1 - 6.0 pounds 6.1 - 8.0 pounds 8.1 - 10.0 pounds Over 16 pounds Under 2 pounds
more options
SUBSCRIBE