Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE 8 To Include New Security Tools

Posted by ryuzaki0 on from the hopefully-half-of-them-work dept.

Trailrunner7 writes "Internet Explorer has been a security punching bag for years, and rightfully so. IE 6 was arguably the least secure browser of all time. But Microsoft has been trying to get their act together on security, and the new beta of IE 8, due in August, will have a slew of new security features, including protection against Type-1 cross-site scripting attacks, a better phishing filter and better security for ActiveX controls."

14 of 177 comments (clear)

  1. Better security for ActiveX controls by sakdoctor · · Score: 5, Insightful

    Or scrap ActiveX controls?

    1. Re:Better security for ActiveX controls by Tweenk · · Score: 4, Insightful

      ActiveX is a critical technology in (South) Korea - you can't do any online banking, online shopping, etc. without ActiveX support. MS can't drop ActiveX or it would lose the Korean market.

      --
      Those who would give up liberty to obtain working drivers, deserve neither liberty nor working drivers.
    2. Re:Better security for ActiveX controls by Anonymous Coward · · Score: 5, Insightful

      > MS can't drop ActiveX or it would lose the Korean market.

      Lose it to whom? There aren't any other ActiveX providers, so if MS dropped ActiveX, South Korea would have no choice but to use whatever MS would provide as replacement.

    3. Re:Better security for ActiveX controls by JebusIsLord · · Score: 4, Insightful

      ActiveX is the only thing keeping large businesses TIED to IE. The last thing MS would do is scrap them. And to be honest, within a corporate intranet (where users don't have the rights to install activex controls), ActiveX is a pretty solid technology.

      --
      Jeremy
    4. Re:Better security for ActiveX controls by IntlHarvester · · Score: 3, Insightful

      It isn't.

      But yet every single modern browser has a way of running 3rd party binary 'plug-ins' or 'add-on' because its too damn useful. Therefore the only real distinction here between browsers that support ActiveX and browsers that don't is marketing.

      --
      Business. Numbers. Money. People. Computer World.
    5. Re:Better security for ActiveX controls by IntlHarvester · · Score: 5, Insightful

      Actually, I'm not. If you look at that Firefox plug-in I linked above, it uses a site whitelist which makes it considerably more secure than IE. Just because IE has/had poor ActiveX security doesn't mean another browser would have the same policies.

      Look at the posts in this thread. Everyone's convinced that "ActiveX==BAD" while they probably have 50 Firefox add-ins and plug-ins installed. They're the basically the same damn thing, so I'll maintain this is almost entirely a perception issue (which exists for valid, but historical reasons).

      --
      Business. Numbers. Money. People. Computer World.
    6. Re:Better security for ActiveX controls by Daimaou · · Score: 3, Insightful

      Or maybe South Korea could pull their collective head out and stop supporting lock-in and using crap technologies.

  2. Re:Was I the only one to misread the title? by kjart · · Score: 5, Insightful

    Was I the only one to misread the title as: "IE 8 To Include New Security Holes" ?

    That's true for almost everything new. As complexity rises, so does the chance of a problem, and browsers are surprisingly complex nowadays.

  3. Sandbox javascript, flash etc ... by BlueParrot · · Score: 3, Insightful

    There isn't any good reason why the javascript engine should run with the same privileges as the browser, and there certainly isn't any good reason why plugins like flash should have as many privileges as they do. Sandboxing those bits should help a lot.

  4. Re:Let me guess... by lostmongoose · · Score: 3, Insightful

    As bad as they've been about IE security in the past, they're actually trying this time.

    Because they say they are, right? They've said that it'll be more secure than before everytime they've done this and nothing really changes.

  5. Re:This is a simple job by Your.Master · · Score: 2, Insightful

    Right, because only nimrod programmers have bugs in their software.

  6. I thought the same. Microsoft need to learn! by QJimbo · · Score: 2, Insightful

    Annoying the user seems like a running pattern with anything Microsoft try and make secure.

    Windows Live messenger: "This file was a security risk and has been removed", User: "BUT IT WAS AN MP3?!?!"

    Windows Vista: *download program* IE7: "Are you sure you want to download?" *click yes... wait...* "File downloaded" *click Run* IE7: "Are you sure you want to run this file?" *click yes* Vista Access Control: "This file is a program and may cause bad things to happen! Are you sure?" User: "ARGH FOR THE THIRD TIME YES I'M SURE"

  7. whatever by Anonymous Coward · · Score: 2, Insightful

    year after year after year after year after year after year after year......

    all we ever hear is how MS is making their next OS/Browser/Apps more secure. Have they ever succeeded? Not once... all I have witnessed is bug patches and more complexity. Its very tiring to hear the same garbage over and over again.... ...and for any site that only runs activex - get with the rest of the world and learn something....

  8. Re:Nope, just the best one to date. by DaedalusHKX · · Score: 4, Insightful

    Technically, if they break the use of the product it is THEM that broke it. For example, if you take a car to a dealership for an oil change, and they break your transmission, the auto company/dealership is NOT immune to a lawsuit because "hey, you got usage out of the transmission".

    In fact, they will have to get you the FULL value of the transmission / replace it with a fully working one. See the whole issue is that a remedy to a broken contract is supposed to set you off AS WELL OR BETTER THAN BEFORE THE DAMAGE WAS INCURRED!

    Pay attention to the caps... there's a reason for them. That was originally the whole point of contracts, fulfillments and remedies in case of broken contracts. Seems that companies that deal in software are permitted to break the product and the client is to blame. Strange that. Nowhere nearly as strange as the fact that you seem to think that such things are perfectly fine. Amazing. Nothing short thereof.

    Not that I care. It was one more reason why I stopped using XP period. Guess what. Unless they give me a copy of Vista FREE, I don't plan to ever go back either. Hell, since I stopped gaming I've had more spare time than I've been able to waste with a conscious effort :)

    --
    " What luck for rulers that men do not think" - Adolf Hitler