Posted by: kurtsh | October 26, 2006

INFO: Corporate Security & Internet Explorer 7.0

By now, you’ve read hopefully with great interest how Internet Explorer 7.0, above all other bells & whistles, was designed to be the most secure browser we could make without making it incompatible with today’s leading applications & web services.

I can’t overstate this point enough for two reasons:

  1. Security was focused upon, instead of features.  Some pundits accuse Microsoft of being slow and simply playing catch up ot Firefox, Opera, and other smaller browsers.  I think any IT support person would agree that they’d trade most any feature for the opportunity to NOT have to go back and patch desktops & servers, even if it just prevented the need to patch the corporate infrastructure just once. 

    Patching the enterprise is a hellacious process and IE 7.0 is designed to prevent the need for patching as much as possible in the future.

  2. IE 7.0 is viewed as such a huge leap for operating system security, that we’re pushing it out as a critical update to anyone using Microsoft Update.  This is being done because:
    a) Internet Explorer 7.0 should be the browsing foundation that people build upon – not IE 6.02 which will become harder and harder Microsoft to maintain over time as IE 7.0 security innovations because apparent, and
    b) Internet Explorer, as a core part of the OS, (recall that it’s the HTML rendering engine for virtually every application that runs on Windows including Office) has to be secure because it touches so many other information tools.  Unlike Firefox, Internet Explorer a browsing engine that is used by basically every ISV on the market for rendering HTML and as such, it has a much much greater responsibility to the end user.

Not to tempt fate, <grin> but much in the way that Outlook 2003 was the effective "death knell" for mail client security issues, (when was the last time you heard about an Outlook virus? 2-3 years ago?) Internet Explorer 7.0 has aimed to accomplish the same thing for browsing with this release. 

Here’s a few bullets to help describe the extent to which, deliberate care was taken to make Internet Explorer’s primary key differentiator it’s trustworthy security.

    Joshua Allen did this blog video that explains, "Why Internet Explorer 7.0 is the most secure browser available today"
    VIDEO:  Internet Explorer 7.0 Security
    The Internet Explorer Team also did a blog entry about IE 7.0 and how it strikes a balance between compatibility and security.
    Windows Vista’s Internet Explorer 7.0 will implement "protected mode" whereas the IE7.0 for WinXPSP2 can/does not.  Windows Vista accomplishes this by limiting Internet Explorer 7 to just enough permissions to browse the web, but not enough to modify files or settings keeping the PC safer from web-based attacks.  Even if a malicious site attacks a potential vulnerability in Internet Explorer 7, the site’s code will not have enough privileges to install software, copy files to the Startup folder, or hijack the settings for your browser’s home page or search provider.

    Windows Vista will also implement "parental controls" which will enable parents to restrict logged in children from accessing any specific sites or more importantly, any sites that are outside of a specific grouping of domain names.


%d bloggers like this: