Upload
justina-mccarthy
View
224
Download
5
Tags:
Embed Size (px)
Citation preview
Internet Explorer 7Internet Explorer 7Security FeaturesSecurity Features
Steve LambSteve LambTechnical Security Evangelist @ Microsoft LtdTechnical Security Evangelist @ Microsoft [email protected]@microsoft.comhttp://blogs.technet.com/steve_lambhttp://blogs.technet.com/steve_lamb
AgendaAgenda
Lessons learned from IE in Windows XP SP2
Overview of Internet Explorer 7
Detailed features and demo
Timeline
More information
First, Let me ask…First, Let me ask…
How many of you are using IE7 now?What build?
How can we help you?
Post Windows XP SP2Post Windows XP SP2Strengths
Big security investments were worthwhile
Right balance of application compatibility and security
Opportunities to improveSocial attacks (phishing) as important as code execution
Bad trust decisions don’t have an “undo” option
Make life better for Web developers
Everyone wants new features
Internet Explorer 7Internet Explorer 7Major innovations in IE7 for Windows XP SP2
Enhanced functionality in IE7 in Windows Vista includes:
Protected ModeParental Controls integration
Key areas of focus:Makes everyday tasks easierDynamic security protectionImproved platform and manageability
IE7 – New LookIE7 – New Look
Tabbed BrowsingTabbed Browsing
Quick TabsQuick Tabs
Page ZoomPage Zoom
BeforeBefore AfterAfter
Shrink-To-Fit PrintingShrink-To-Fit PrintingWeb Pages Automatically Formatted To Print ProperlyWeb Pages Automatically Formatted To Print Properly
Inline SearchInline Search
RSS Feed ReaderRSS Feed Reader
Enhanced Validation CertificatesEnhanced Validation Certificates
Clearer information about trusted sites
Trust Badge rotates to show Certificate Authority
1515
Dynamic Security ProtectionDynamic Security ProtectionInternet Explorer 7Internet Explorer 7
Technology to protect Technology to protect against against technology technology attacksattacks
Limit programmatic accessLimit programmatic access
Reduce attack surfaceReduce attack surface
Warn if settings insecureWarn if settings insecure
Simplified architectureSimplified architecture
Technology to protect Technology to protect against against social attackssocial attacks
Anti-phishing serviceAnti-phishing service
Secure site visuals and infoSecure site visuals and info
Address bar anti-spoofingAddress bar anti-spoofing
““One-click cleanup”One-click cleanup”
Security FeaturesSecurity FeaturesProtecting the machine from technology attacks
Unified URL parsingCross-domain security enhancementsCode quality improvements to reduce buffer overrunsActiveX Opt-inProtected Mode (Microsoft Windows Vista only)
Protecting the user from social attacksDownload scanning with Windows DefenderPhishing FilterHigh-assurance SSL and address barDangerous settings notificationSecure defaults for International Domain NamesParental controls (Windows Vista only)
ActiveX Opt-in & Protected ActiveX Opt-in & Protected ModeModeDefending systems from malicious attackDefending systems from malicious attackActiveX Opt-in: puts users in control
Most controls disabled
Reduces attack surface
Retain ActiveX benefits, increase user security
Protected Mode*: reduces severity of threatsIE process ‘sandboxed’ to protect OS
Eliminates silent malware install
Designed for security and compatibility
ActiveX Opt-inActiveX Opt-in
EnabledEnabledControlsControls
WindowsWindows
DisabledDisabledControlsControlsUserUser
ActioActionn
Protected ModeProtected Mode
UserUser
ActioActionn
IEIECacheCache My Computer (C:)My Computer (C:)
BrokerBrokerProcessProcess
Low RightsLow Rights
* Windows Vista only
Change Change Settings,Settings,
Download a Download a PicturePictureExploit can Exploit can
install install MALWAREMALWARE
IExplore.exeIExplore.exe
Install an Install an ActiveXActiveXcontrolcontrol
Cache Web Cache Web contentcontent
Exploit can Exploit can install install
MALWAREMALWARE
Admin Rights AccessAdmin Rights Access
User Rights AccessUser Rights Access
Temp Internet FilesTemp Internet Files
HKLMHKLM
Program FilesProgram Files
HKCUHKCU
My DocumentsMy Documents
Startup FolderStartup Folder
Untrusted files and Untrusted files and settingssettings
Internet Explorer Running Internet Explorer Running with Full Privilegeswith Full Privileges
ProtectedProtectedModeMode
Internet Internet ExplorerExplorer
Install an Install an ActiveX ActiveX controlcontrol
Change Change settings, settings,
Save a Save a picturepicture
Inte
gri
ty C
on
trol
Inte
gri
ty C
on
trol
Bro
ker
Pro
cess
Bro
ker
Pro
cess
Redirected settings Redirected settings and filesand files
Com
pat
Red
irect
or
Com
pat
Red
irect
or
CacheCache Web content Web content
Admin Rights AccessAdmin Rights Access
User Rights AccessUser Rights Access
Temp Internet FilesTemp Internet Files
HKLMHKLM
HKCRHKCR
Program FilesProgram Files
HKCUHKCU
My DocumentsMy Documents
Startup FolderStartup Folder
Untrusted files and Untrusted files and settingssettings
Bro
ker
Pro
cess
Bro
ker
Pro
cess
Protected Mode Runs with Protected Mode Runs with Lowest PrivilegeLowest Privilege
2020
Security Status BarSecurity Status Bar
Makes users aware of online security and Makes users aware of online security and privacyprivacyEnhanced ValidationEnhanced Validation
Standard SecurityStandard Security
Phishing Filter Phishing Filter (Warn)(Warn)
Trusted party has provided extensive Trusted party has provided extensive verification for the authenticity of verification for the authenticity of certificate holdercertificate holder
Website provided a certificate matching Website provided a certificate matching the server and appears trustworthythe server and appears trustworthy
The website contains characteristics found The website contains characteristics found in phishing websites … proceed cautiouslyin phishing websites … proceed cautiously
Incorrect DataIncorrect Data There are errors in the certificate provided There are errors in the certificate provided and the website should not be trustedand the website should not be trusted
Phishing Filter Phishing Filter (Block)(Block)
A warning is displayed and users are A warning is displayed and users are navigated away from the websitenavigated away from the website
https://https://urs.microsoft.comurs.microsoft.com
IEAPFLTR.DATIEAPFLTR.DAT
Known Good URLsKnown Good URLs
Phishing FilterPhishing FilterClient-side heuristics, allow-list, Client-side heuristics, allow-list, and Web serviceand Web service URL Reputation ServiceURL Reputation Service
Phishing FilterPhishing FilterPopulating the URL reputation Populating the URL reputation serviceservice
https://https://urs.microsoft.comurs.microsoft.comEnd User End User
ReportReport
Graders
Grader Grader ConfirmeConfirmeddSitesSites
Site OwnerSite OwnerReportReport
Mark Monitor
CyotaInternet Identity
Third Party Phishing Third Party Phishing databasesdatabases
URL Reputation ServiceURL Reputation Service
Address Bar EverywhereAddress Bar Everywhere
Fix My SettingsFix My Settings
IDN DisplayIDN Display
Phishing Filter – Suspicious SitePhishing Filter – Suspicious Site
Phishing Filter - Blocked SitePhishing Filter - Blocked Site
Fix My SettingsFix My Settings
Customer Call To ActionCustomer Call To Action
Read the technology overview
Upgrade to IE7 RTM
Test LOB applications and public websites
Provide feedback to Microsoft (mailto:[email protected])
More IE7 InformationMore IE7 InformationDownload the IE7 RC1 at http://www.microsoft.com/ieTechnical docs on IE Developer Centerhttp://msdn.microsoft.com/ie IT Administrator information on Technet http://www.microsoft.com/technet/prodtechnol/IE/ieak7More technical information on TechNet http://www.microsoft.com/technet/prodtechnol/IEFollow the IE Team Blog athttp://blogs.msdn.com/ie
Resources 1Resources 1Internet Explorer Bloghttp://blogs.msdn.com/ie/
Internet Explorer Feedback [email protected]
Internet Explorer Developer Center http://msdn.microsoft.com/ie/
Internet Explorer 7 Readiness Toolkithttp://go.microsoft.com/fwlink/?LinkId=64421
Internet Explorer 7 App Compat Toolkithttp://blogs.technet.com/all_things_appcompat/default.aspx
Internet Explorer 7 External Bug Databasehttps://connect.microsoft.com/site/sitehome.aspx?SiteID=136
Internet Explorer Administration Kit (IEAK) 7 Beta 2http://www.microsoft.com/technet/prodtechnol/ie/ieak7/default.mspx
Resources 2Resources 2Technical Chats and Webcastshttp://www.microsoft.com/communities/chats/default.mspx http://www.microsoft.com/usa/webcasts/default.asp
Microsoft Learning and Certificationhttp://www.microsoft.com/learning/default.mspx
MSDN & TechNet http://microsoft.com/msdnhttp://microsoft.com/technet
Virtual Labshttp://www.microsoft.com/technet/traincert/virtuallab/rms.mspx
Newsgroupshttp://communities2.microsoft.com/communities/newsgroups/en-us/default.aspx
Technical Community Siteshttp://www.microsoft.com/communities/default.mspx
User Groupshttp://www.microsoft.com/communities/usergroups/default.mspx
© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.
Steve LambSteve LambTechnical Security Evangelist @ Microsoft LtdTechnical Security Evangelist @ Microsoft [email protected]@microsoft.comhttp://blogs.technet.com/steve_lambhttp://blogs.technet.com/steve_lamb