IE 8 To Include New Security Tools

Trailrunner7 writes "Internet Explorer has been a security punching bag for years, and rightfully so. IE 6 was arguably the least secure browser of all time. But Microsoft has been trying to get their act together on security, and the new beta of IE 8, due in August, will have a slew of new security features, including protection against Type-1 cross-site scripting attacks, a better phishing filter and better security for ActiveX controls."

Re:Sandbox javascript, flash etc ...

[Z34107]

In IE7 on Vista, those bits (and everything you do, actually) are sandboxed. It's called protected mode and like everything well-written and intelligible in life, there's a MSDN article. ~~

If you can get to a Vista machine, boot up Internet Explorer 7. In the bottom-right hand corner, you'll see a "Internet|Protected Mode: On." Internet Explorer, and everything launched in/from IE, run under a low "Integrity Level", which means they only have access to the "Temporary Internet Files\Low" folder and "HKEY_CURRENT_USER\Software\LowRegistry" key.

Any file access is transparently redirected from these points: An ActiveX control trying to create "virus.dll" in "c:\windows\system32" will have it actually created "Temporary Internet Files\Low\C\Windows\System32". (Nothing in this folder is executable.)

Open up task manager. (CTRL+SHIFT+ESC) You'll notice an "ieuser.exe" process - should something need more privileges, like you saving a file to your downloads directory, this process will grant that one action regular, non-admin user privileges. Anything system changing has to pass through an "IEinstal.exe" process, which will trigger a UAC prompt.

My understanding is limited to some Vista beta-era documentation and the MSDN article I linked, but they pretty much sandboxed the entire browser with sub-guest-account privileges. It's relies on some new parts of the Vista kernel (you won't see the same sandboxing on IE7 in XP) but it's still pretty nifty, I think.