{"id":1412,"date":"2005-05-01T00:00:00","date_gmt":"2005-05-01T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/05\/01\/microsoft-puts-ie-enhancements-on-fast-track\/"},"modified":"2021-12-30T11:39:20","modified_gmt":"2021-12-30T11:39:20","slug":"microsoft-puts-ie-enhancements-on-fast-track","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2005\/05\/01\/microsoft-puts-ie-enhancements-on-fast-track\/","title":{"rendered":"Microsoft Puts IE Enhancements on Fast Track"},"content":{"rendered":"<p>&#8220;Longhorn&#8221; won&#8217;t make its first appearance until the end of next year at the earliest, but with enterprises demanding better security tools, Microsoft Corp. is not waiting for the next version of Windows to ship before it makes changes to improve the security of some key components such as Internet Explorer, which will see a significant security upgrade in its next release.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;We made the decision that the things we were doing wouldn&#8217;t just be in Longhorn and that we needed to get them into the hands of the current installed base as well.   IE 7 is down-level to [Windows] XP, even though somewhat of a superset of it is the browser in Longhorn,&#8221; said Microsoft Chairman and Chief Software Architect Bill Gates in an interview at WinHEC here last week.<\/p>\n<p>In Longhorn, IE will run in its own protected space, thus isolating it from other parts of the operating system.<\/p>\n<p>But even before Longhorn hits, Microsoft is adding several security enhancements to IE 7.0, which is due in beta this summer.  The newest version of the browser will have technology to prevent cross-domain scripting, and the default mode will be one with a reduced privilege level to help prevent attackers from using IE as a stepping-off point for other attacks.<\/p>\n<p>Version 7.0 may also include integration with Microsoft&#8217;s nascent anti-spyware technology, which is in beta.<\/p>\n<p>&#8220;But, if you consider that IE is probably one of the most-used products and has the most access to untrusted systems on the Internet, it kind of makes some sense to almost have IE behave like a bastion host,&#8221; Robert said.<\/p>\n<p>Matthew Patton, a network security engineer in Arlington, Va., said he does not believe Microsoft&#8217;s moves will be very effective.  &#8220;Cross-domain scripting, for example, is a problem local to IE, and isolating IE from the operating system doesn&#8217;t change anything in that regard,&#8221; Patton said.<\/p>\n<p>The Redmond, Wash., software maker is entering the third decade of Windows computing, which really became pervasive in its second decade with the release of Windows 95.<\/p>\n<p>Virtualization is another key technology for Microsoft, and the company will be building that support into Windows, making sure the emulation is &#8220;very, very efficient,&#8221; Gates said.  Microsoft must be careful that the VM does not become a security weakness through which an attacker could insert a VM under the operating system, negating Windows&#8217; security protections, Gates said.  &#8220;So the operating system will have to become enabled to be able to look down and have what&#8217;s called a chain of trust where it looks if it is a trustworthy [VM] running on trustworthy hardware.&#8221;<\/p>\n<p>http:\/\/www.eweek.com\/article2\/0,1759,1791107,00.asp?kc=EWRSS03119TX1K0000594<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1412","post","type-post","status-publish","format-standard","hentry","category-product"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1412"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1412\/revisions"}],"predecessor-version":[{"id":3899,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1412\/revisions\/3899"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}