The Internet Explorer 7 Security Status Bar
Safely navigating the Internet is not always easy. IE7 introduces the new Security Status Bar (embedded in the right portion of the Address Bar, see Figure 1) to prominently display any security and identity information available for the website.
Figure 1: IE7 Address Bar with Security Status Bar.
By looking at the Security Status Bar and following the simple guidelines outlined below, users will be able to make better and safer decisions when transacting online (shopping, banking or any other kind of transaction that involves sensitive information), as well as better protect themselves against web fraud and data theft.
The Security Status Bar is not displayed during normal browsing when special security concerns do not exist, but when you are about to enter sensitive information (e.g. personally identifiable information, usernames and passwords, bank accounts, etc.) you should look for the Security Status Bar and proceed according to the suggestions in the Table below. The background color for the entire Address Bar is changed based on the information available about the identity of the website. When the Security Status Bar is visible, clicking on it will display the Security Report for the website (see Figure 2).
Whenever you are visiting any website, you should look at the full address (URL) for the site to understand what website you are looking at. IE7 helps you by enforcing the presence of an address bar in every window, but you still may need to scroll through it or maximize the window in order to view the full address.
Figure 2: IE7 Security Report.
|
 |
 |  | White: No identity information is available at this time. | No specific security information is available at this time. | This is the default for browsing web sites. The webpage could be safe but because the communication is not encrypted, you should avoid entering any sensitive data. | |
|  | White: No identity information is available at this time. | The communication is encrypted. | You should carefully read the full URL in the address bar or view the security report, and verify that this website belongs to the company you intended to visit, before entering any sensitive data. | |
|  | Green: This site has verified identity information. The owner of the website and the country he is operating are displayed, along with the name of the CA verifying this information. | The communication is encrypted and the owner has been identified by a Certification Authority (CA) **. | You should verify that the website owner (displayed in the Security status bar) is the one expected before entering any sensitive data. | |
|  | Yellow: This site appears to be misrepresenting its identity. | Phishing Filter in IE7 has analyzed this webpage and considers it suspicious. This may be a Phishing website*. | You should proceed with caution and not enter any sensitive data into this website, unless you are absolutely certain yourself that this is a legitimate website. | |
|  | Red: This site is a known phishing site that is misrepresenting its identity. | Phishing Filter in IE7 has identified this as a fraudulent website that has been reported to Microsoft*. | You shouldn't browse further or enter any data into this website***. | |
|  | Red: This site's identity information is mismatching or invalid – the site may be misrepresenting its identity. | A problem exists with the encryption certificate used (i.e. it has been revoked or has expired). | Make sure that you have typed the correct address. If the error persists, you shouldn't browse further or enter any data into this website before contacting its administrator***. | |
 |
* The Phishing Filter must be turned on.
** In Windows XP and Windows Server 2003, the Phishing Filter must be turned on.
***IE7 will recommend that you close this website. If you wish to continue (not recommended) you will need to click on the "Continue to this website (not recommended)" link on the navigation blocking page (see Figure 3).
Figure 3: IE7 Navigation Blocking Page.
For more information, you may want to visit the following topics:
