Security strategy for IE7: Beta 1 overview, Beta 2 preview

Security as a feature can be hard to measure. I
want to provide some insight into our security strategy so our customers and
partners can understand the direction we’re heading with Beta 1 and beyond to
Beta 2. All of the work the IE security team has done for IE7 is designed to
make you safer while you browse. While some of our work is front and center
like the Phishing Filter, a lot of the features are “under the hood” like
Low-rights IE and we hope you will never see them, just know that they are
there protecting you.

We started out designing the new security changes
for IE7 by understanding the risks or the "threats" that browsers
face from a malicious web site.  “Threat
modeling
” as we call it, is one part of the
Security Development Lifecycle
and is really like performing a risk
evaluation to find, and then eliminate or mitigate, security threats in
software .

We found places where we can enhance security by
changing parts of IE’s architecture. Beta 1 includes powerful but mostly
invisible changes to how IE handles URLs and script in sensitive functions.
Those changes will continue forward in Beta 2 but we have established a major
beachhead in Beta 1 against these classes of vulnerabilities. You’ll be hearing
about these in posts coming soon from Eric and myself (Marc would post but he’s
on his honeymoon somewhere in the Caribbean). You may have already read some
about how Internet Explorer for Windows Vista will run in a new “Protected Mode
(formerly known as Low-rights IE) to help prevent malware from installing on a
user’s system through a vulnerability.

Powerful add-ons like ActiveX controls are part
of what make browsing such a rich experience but any extensibility can also
introduce threats to browser security. In IE7 Beta 1, you’ll be able to use IE
in “No Add-ons” mode. In Beta 2 we’ll continue to enhance the user interface
for “Manage Add-ons” to make it easy for users to be in control of Add-ons. We
know that our user base depends on the rich scenarios that they get with
Add-ons. Our goal is to help users take control of important decisions while
maintaining a rich, consistent, easy-to-use experience.

There’s also a threat that a malicious web site
will try to trick you into letting it do something dangerous. The most
upsetting example of this is the recent epidemic scam-tactic known as “phishing”.
The scam usually starts with a bogus email that urges the victim to visit to a
fake banking site. After the victim visits the site and enters their password,
the site uses it to steal money from the victim account. Tariq from my team
will be telling you about how we built a Phishing Filter to fight back against
this threat. The Phishing Filter will be able to take you away from a reported
phishing site but, even if a site hasn’t been reported yet, Internet Explorer
will warn you about sites that might look a “little bit phishy” because they
use some features commonly used on phishing sites. We want your feedback on how
the Phishing Filter performs and Tariq will tell you how to submit feedback
directly through the UI. We’ve also made it easier to check the lock icon for
legitimate banking and secure sites. Eric will tell you more about that. We’ll
continue to improve the user interface in Beta 2 with additional features to
make security decisions easier.

We believe that security is never done but that
we can make a huge difference in this release. We’re proud that we get to
tackle these threats head-on in IE7. We’re hoping for lots of feedback from the
security and developer communities - we want to make sure IE7 is rock solid. As
always, if you find a vulnerability, please report it
responsibly
, this helps protect the other people like you working with us
on this beta.

- Rob Franco