Tuesday, March 15, 2011 12:49 PM
Internet Explorer 9 is out, includes new security features - SANS Internet Storm Center
Microsoft released version 9 of its Internet Explorer web browser. You can download IE 9 from windows.microsoft.com.
Microsoft also set up a domain dedicated to the new browser: www.beautyoftheweb.com.
Unfortunately, that site isn't hosted under the microsoft.com domain,
nor does it have an SSL certificate to confirm that it belongs to
Microsoft. Using this site to distribute the browser goes against the
advice of downloading software only from known vendor websites. Copycat
malicious sites claiming to distribute IE 9 will probably appear
shortly, if they aren't around yet.
Internet Explorer 9 includes a number of security improvements that
make the upgrade worth your consideration. These include application
reputation capabilities that are part of the SmartScreen feature that helps protect the user against socially-engineered malware. The browser also supports the notion of Pinned Sites,
which implements "secure launch" capabilities to safeguard users'
sessions with important websites. Internet Explorer 9 also improves its
resistance to exploits by embracing support for DEP/NX, ASLR and SafeSEH
memory protection capabilities. The new browser also improves the messages its users see when they download files and programs; the messages are designed to make it easier for the users to assess the risk of opening such files.
Have you had a chance to experiment with Internet Explorer 9? Let us know what you think of its security capabilities.
-- Lenny Zeltser
Lenny Zeltser leads a security consulting team and teaches how to analyze and combat malware. He is active on Twitter and writes a daily security blog.