Writing Files from Low-Integrity Processes

Internet Explorer 7 introduced Protected Mode, which uses Windows’ Integrity Controls feature to help prevent the contamination of the system with data that originates from the Internet. As a part of this feature, Internet Explorer now maintains two stores for the Temporary Internet Files and two Cookie Jars to store the user’s cookies. For each,…

4

Friendly HTTP Error Pages

Internet Explorer 5 and later will show a  “Friendly” HTTP Error page if the server returns certain HTTP Error status codes with a short message body. The intent is to replace a terse server message like this one: …with a page which may be slightly more helpful to the average user, like this one: Unfortunately,…

0

One Billion…

SmartScreen has blocked one billion malware downloads. Pretty amazing.

0

Understanding Conditional Requests and Refresh

Today’s post is a collection of technical tidbits about conditional HTTP requests and the behavior of IE’s Refresh button. It’s probably of limited interest to most readers, but if you need to deeply understand either of these topics, hopefully you will find it helpful!  Conditional Requests Web browsers make two types of requests over HTTP…

15

IE and the Security Development Lifecycle

Microsoft’s Security Development Lifecycle describes how we engineer security into our products. Earlier this year, Security Program Manager Mark Shlimovich wrote a detailed whitepaper about how SDL was applied to IE8, providing “behind the scenes” insights into the security engineering that went into Internet Explorer 8. As you probably know, one of my favorite IE8…

0

Trivia: Animated GIF Timing

Every now and again, someone reports that Internet Explorer is “slow” when rendering an animated GIF file. Typically, they’ll load a lengthy animation in Firefox and IE and note that it runs much more quickly in Firefox. Similarly, Chrome and Safari are “slow” while Opera is “fast.” Conversely, there are bug reports against Mozilla complaining…

15

Downloads and International Filenames

A few times a year, I get a question about Internet Explorer’s behavior when it comes to downloading files that have non-ASCII characters in the filename, because different browsers have different behavior when handling such files. The server can suggest the name for a file download in one of two ways: Explicitly, by including a…

16

Understanding Cookie Controls

Internet Explorer offers an extremely rich set of options for controlling cookies. The default settings are fairly well-balanced, but some users may want to introduce more restrictive or specialized controls. To configure cookie settings in IE, click Tools > Internet Options. Click the Privacy tab. The tab offers a simple slider with a range of…

4

Certificate Enrollment from the Browser

Back in Windows XP, an ActiveX control known as XEnroll could be used from the browser to request digital certificates on the client’s behalf. Certificate authorities and others would use this control when a customer purchased a certificate for code signing, server authentication, or other purposes. In Windows Vista, XEnroll was deprecated (and prevented from…

2