Internet Explorer 7: Security gets an upgrade
Published: December 5, 2005
By Mark Walker
It's a risky world out there. Spyware, fraudulent Internet sites, and viruses present a threat to Internet users. Although threats do exist, we can do quite a bit to limit the security risks inherent on the Internet, and Internet Explorer 7 can help.
An important area in which Microsoft and Internet Explorer 7 have been stepping out is in helping to protect against fraudulent Web sites. Both security and privacy breaches have become more common in recent years, and with the latest release of Internet Explorer, Microsoft hopes to help stop that spread.
We have all become accustomed to one of the methods in which Internet Explorer signals the trustworthiness of a Web site --the gold padlock in the information bar at the bottom of the browsing window. In fact there are times that I feel as if I take the icon for granted, and find myself blissfully skimming through, with intent to purchase, sites before checking their security. Microsoft must have felt the same way, because in Internet Explorer 7 they have placed a new padlock to the right of the address window, the new Security Status Bar—right at eye level.
The new blue padlock pops up next to the information bar when you are visiting a Web site believed to be secure.
You'll only see the padlock if the website falls into this category—although Internet Explorer often displays additional security information at the bottom of the page (but more on that later in the section on phishing). For example, a community forum discussing the use of steroids in professional sports won't rate a padlock (usually). Click on the padlock to show a site's security level. Doing so displays the SSL (Secure Socket Layer) encryption of the site (usually 128 bits). Click on the Details link for additional information.
Click the Details link to display when the security certification was issued, what it was issued for, and for how long the certificate is effective.
Tip: Normally the padlock rests on a blue background. The soothing blue is your tip that all is well. If the padlock is surrounded by red, all is not well on the site, and Microsoft has detected some problems. Click on the padlock for additional details.
How to Slip the Phishing Hook
I live in the country, and by country I mean a mile to my nearest neighbors and ten miles to the nearest McDonalds. If I want stuff, especially techno-geek stuff, I shop online, frequently at auction sites. Now that's great, but I occasionally receive emails from less than honest sources asking me to "verify this" or "check that" with my account. Of course the alleged link to the auction site is enclosed within the email. Clicking the link pops a site that looks remarkably like the auction site, but isn't—it's a dummy location. This is phishing (pronounced just like what we do for bass, trout, or compliments).
Phishing is a darkly dangerous form of security violation in that it requires no software installation on your computer. You simply travel to the dummy site via the link, and after you arrive the privacy invasion begins. Normally the phished sites ask personal questions or prompt you for login information. This information is forwarded to the phishing party, and can be used to access your account, for identity theft, etc. Such attacks have grown 500% in the last year.
Internet Explorer 7 offers a solution to help prevent these attacks. It's called a Phishing Filter and resides on the Tools menu.
The Phishing Filter provides several options for catching phishing sites in a security net.
Choose Tools and then Phishing Filter to display the options listed below.
| • | Check This Website: Clicking here sends the currently viewed website to Microsoft for checking against a list of known phishing sites. It's a straightforward process and usually takes no more than a minute or two, depending on your connection speed. 
If the site you checked looks clean IE7 pops this window.
|
| • | Turn On Automatic Checking: Click here if you want to automatically check each and every site that you visit. The upside? You are less likely to get phished. The downside? Because the address of each Web site you visit is sent to Microsoft for verification against a list of known phishers, it'll slow up your browsing. |
| • | Report This Website: This is one of the methods Microsoft uses to get a list of phishing websites. Click here and report if you suspect the Web site. |
| • | Phisher Filter Settings: No big deal here. Clicking opens up the Internet Options window, with the Advanced tab pre-selected. You can choose to Check Websites Automatically, Do Not Check Them, or completely turn off the Phishing Filter. |
Tip: If you choose not to automatically check sites, Internet Explorer 7 pops an icon at the bottom of the browser window that looks like this 
. Clicking on the icon will check the site. The icon doesn't appear if you have Automatic Checking turned on.
Keep Your Business Your Own
For example, say a user is studying his stock options using the broadband connection at the local library. The research also includes accessing his bank account. Obviously, when he leaves the terminal, he doesn't want the next user to access the same sites, or glean personal data or password information. With Internet Explorer 7 he can help do that with one click.
Clicking Delete Browsing History removes Web Sites, caches, user names, passwords — evidence of your browsing endeavors.
In the past, you could delete individual links, and direct the computer NOT to remember passwords, but there wasn't one, all-inclusive, command that erased personal data. Now there is. To delete evidence of your browsing history click on Tools and then choose Delete Browsing History. Be aware, however, that doing so, not only erases the addresses, but also the cookies (including user names and passwords), and Internet Explorer caches within your browser. The end result is that it's less likely anyone can steal your personal information, but you'll need to subsequently re-enter your data on each site that requires it. Bottom line? It's a great feature, but one that is more useful on shared/public computers than your home machine. Unless, of course, you don’t want your spouse to trace your Internet travels. They wouldn't do that, would they?
Know Who the Bad Guys (and Girls) Are with URL Display Protection
A common hacker tactic is to mislead and deceive, specifically to trick us into believing they are at one location on the Internet when they are actually at another. An important means to do this, or at least hide its implementation, was to conceal domain names and URL information from users. That is a tactic that is harder to do in Internet Explorer 7.
Simply put, Internet Explorer 7 requires all windows to contain an address bar. This helps folks surfing the Internet determine the actual originator of the information that they are viewing, making it more difficult for the user to be duped.
Just the Beginning
These features aren't the end all of the security upgrades in Internet Explorer 7, but rather just the beginning. Microsoft's new browser also allows users to more closely control add-ons, help protect themselves from spyware, and in the new Protected Mode, even if a Internet location finds a possible fault in Internet Explorer 7, the site's code will not have the necessary privileges to install software, copy files to the Startup folder, or change your browser's home page or search provider settings.
No doubt it's a risky world out there, but with Internet Explorer 7, it's become much less so. Now, if they could just do something about those mediocre sitcoms.
