Internet Explorer dynamic security protection
This feature is included in the following editions of Windows Vista:
Through a robust new architecture, Internet Explorer 7 offers multiple, interrelated security features to help defend your PC against malware (malicious code or unwanted software, including worms, viruses, adware, and spyware). Among the browser's dynamic security protections are safeguards to help make sure your personal information doesn’t fall into the hands of fraudulent or deceptive websites.
Web browsers perform many functions. They must be open and flexible enough to handle a mix of website activity while maintaining sufficiently high security to prevent unwanted data access or application behaviors. Managing this balance is a top priority for Microsoft.
Together with Windows Defender, the security built into Internet Explorer 7 provides more levels of defense than ever before.
Microsoft has two primary security objectives with Internet Explorer 7:
Protection against malware
Malware, short for malicious software, refers to software applications designed to damage or disrupt a user’s system. The proliferation of malware and its impact on security were some of the key driving forces behind the design features of Internet Explorer 7. The new version has been improved to reduce the potential for hackers to harm a system by limiting the amount of damage that can be done if malware is able to find its way onto a user's system. In addition, Internet Explorer 7 includes several technical features designed to thwart hackers' efforts to trick you into entering personal data when you should not. Core parts of the browser's architecture have also been fortified to better defend against exploitation and improve the way the browser handles data.
Protected Mode
Available only to people running Internet Explorer 7 in Windows Vista, Protected Mode provides new levels of security and data protection for Windows users. Designed to defend against "elevation of privilege" attacks, Protected Mode provides the safety of a robust Internet browsing experience while helping prevent hackers from taking over the system and installing programs or deleting your information.
In Protected Mode, Internet Explorer 7 in Windows Vista cannot modify user or system files and settings without user consent. Protected Mode requires the user to confirm any activity that tries to put something on your machine or start another program. By ensuring the user consents to these kinds of actions, the likelihood of automated and/or unwanted software installation is reduced. This feature also makes you aware of what a website is trying to do, giving you a chance to stop it and take time to double check the trustworthiness of the website.
ActiveX Opt-In
Internet Explorer offers web developers the ActiveX platform as a mechanism to greatly extend browser capabilities and enhance online experiences. Some malicious developers have co-opted the platform to write harmful applications that steal information and damage computers. Internet Explorer 7 offers a powerful new security mechanism for the ActiveX platform.
ActiveX Opt-In automatically disables all but a small set of well known, pre-approved controls which helps to greatly reduce the potential for abuse or attack. Now, if a website tries to use an ActiveX control you haven’t used before, Internet Explorer 7 will display a notice in the Information Bar. This notification mechanism enables you to permit or deny access when viewing unfamiliar websites. For websites that attempt automated attacks, ActiveX Opt-In protects you by preventing unwanted access and giving the user total control. If you want to enable an ActiveX control for loading, you just click the Information Bar.
Fix My Settings
Because most users install and use applications with their default settings, Internet Explorer 7 ships with security settings that provide the maximum level of usability while maintaining strict security control. There may be times where you need to adjust those default settings for a legitimate reason. In such cases, it's critical that you reverse those changes when you no longer need those custom settings.
Internet Explorer 7 introduces Fix My Settings, a feature to alert you when you might be browsing with unsafe settings. The new feature reminds you about the unsafe settings with a warning displayed in the Information Bar as long as your settings remain unsafe. You can quickly reset the security settings to the Medium-High default level by clicking the Fix My Settings option in the Information Bar. If you close your browser and it reopens with unsafe settings, you will see a notification page reminding you to correct the setting before you can visit any websites.
Fix My Settings interface.
Advanced Protection against spyware with Windows Defender
Windows Defender enhances security and privacy protections when used with Internet Explorer 7. By extending protections against malware at the browser level, Windows Defender helps prevent malware from entering the computer via piggyback download, a common mechanism by which spyware is distributed and installed silently along with other applications. For more information, see Windows Defender.
Personal data safeguards
Most web surfers are unaware of how much personal, traceable data is transmitted with every click of the mouse while they browse the Web. The extent of this information continues to grow as browser developers and website operators develop their technologies to enable more powerful and convenient features. With only basic website development tools, malicious website operators can build near replicas of well-known and trusted websites. Most online users are likely to have trouble discerning a valid website from a bogus copy.
Internet Explorer 7 offers a range of enhancements and solutions to better protect you from malicious websites and confusing URLs. The new Security Status Bar, located next to the Address Bar, helps you quickly differentiate authentic websites from suspicious or malicious ones. One way it does this is by enhancing your access to digital certificate information that helps validate the trustworthiness of e-commerce websites. Internet Explorer 7 also provides a simple file cleanup utility that deletes the browsing history for better protection of privacy and passwords.
Phishing Filter
Phishing is the technique of convincing a user to send personal information to a bogus (or potentially malicious) website that is designed to appear legitimate Phishing attacks continue to be reported in record numbers, and identity theft is emerging as a major threat to personal financial security. Internet Explorer 7 includes the Phishing Filter to help users browse with confidence. The Phishing Filter combines a local (client side) system scanning for suspicious website characteristics with an online service. For more information see Microsoft Phishing Filter in Internet Explorer.
Delete Browsing History
Removing all personally identifiable and tracking information from the browser is crucial to maintaining online privacy, especially in shared computing environments.
Internet Explorer 7 provides a Delete Browsing History option for one-click cleanup so you can easily and quickly erase all personal information stored in the browser. Accessing online resources using a friend's computer seems harmless enough, but you must rely on the security of your friend's system to protect your data. Likewise, in public environments such as libraries, schools, and conference centers, computers might be used by hundreds of people and potentially expose personal data and history information to every one of those users. Delete Browsing History provides a simple mechanism to quickly erase information and eliminate any concern about data privacy on other systems.
Parental Controls
Internet Explorer 7 in Windows Vista works with the Parental Controls that enable parents to establish filter controls for a range of settings, including controls for objectionable content or for defining a specific set of acceptable websites to browse.
Internet Explorer 7 in Windows Vista works directly with the Parental Controls service to provide easy access to logging information and a single interface for managing settings. The Parental Controls service can also be set to block file downloads, offering another way to prevent malware from getting on a system. For more information see Parental Controls.
Security Status Bar
In recent years, encrypted communications and Secure Sockets Layer (SSL) technologies have been introduced to better protect user information. Still, many Internet users remain overly trusting when websites ask for their confidential information. With the explosion of home-based and small business websites selling goods online, you're even more likely to encounter unknown entities asking for your financial information. The combination of these factors creates a situation ripe for abuse. Internet Explorer 7 addresses this issue by giving you clear, prominent, color-coded visual cues indicating the safety and trustworthiness of a website.
Earlier versions of Internet Explorer placed a gold padlock icon in the lower right corner of the browser window to designate the trust and security level of the connected website. Given the importance and inherent trust value associated with the gold padlock, the Security Status Bar in Internet Explorer 7 displays the padlock icon more prominently.
You can also view a website's digital certificate information with a single click on the icon. Digital certificates, issued by recognized entities known as certification authorities, serve two functions: 1) they provide third-party validation of the authenticity or trustworthiness of a business or website, and 2) they provide cryptographic encryption of data communications to keep information safer and more secure as it is passed between the website and browser. To give you a visual cue to recognize questionable websites, the padlock icon appears on a red background if Internet Explorer 7 detects any irregularities in the site's certificate information.
The Security Status Bar also supports new Extended Validation (EV) certificates that offer stronger identification of secure sites such as banking sites. Sites using EV SSL certificates have undergone a comprehensive verification to ensure their identity is that of the real business entity. When viewing a site secured with an EV SSL, you will now be able to view that identity information and verify the information is what you expect to see. Internet Explorer 7 highlights these validated sites with a green-shaded address bar and prominently displays the associated business or entity name.
URL-display protections
Hackers commonly attempt to mislead users into thinking they are looking at information from a known and trusted source. The ability to hide true Address Bar information and domain names from users has long been a valuable hacking tool. Internet Explorer 7 contains two powerful visual tools to help keep you from being duped: an Address Bar in every window and Internationalized Domain Name (IDN) support.
Address Bar in every window. With Internet Explorer 7, all browser windows require an Address Bar. Because hackers often use pop-up windows to display misleading graphics and data to convince users to download or install malware, the requirement of a read-only Address Bar in each window helps ensure that you’ll be able to learn more about the true source of the information you’re seeing.
Multiple-language display.
IDN display protections. The Internet encompasses a global community, and browsers must be able to handle non-English characters and domain names. Another technique used by malicious websites has been to include international characters in the Address Bar for phishing attacks and as a way to hide the true website domain name. The problem is based in similarities among many international alphabets: characters in certain languages (for example, the letter a in English) can resemble entirely different characters in other languages (for example, the letter ä in Cyrillic). As a result, an individual with malicious intent might register a domain name similar to a legitimate one to fool users into submitting their content to a false site.