With the release of Windows Vista, you can expect to use the newest and most secure version of Microsofts Web browser to date. New features in Internet Explorer 7 help to prevent the inception and spread of malware. To help protect a users personal information and the security of Vista in general, IE 7 comes with many new advances in security and tools to help prevent or limit damage from an attack.
One simple change is with the Secure Sockets Layer (SSL) protection offered when using the browser. Commonly, a padlock icon will show up in the bottom of the browser indicating that you are entering a secure site that uses encryption technologies. Now, the new security status bar helps by showing you in clearer terms that a site you are visiting is safe. The padlock also appears closer to the top of the browser and is highlight blue when safe. This is but one very simple example of things that have changed to make your browsing experience easier and safer.
Basic Browser Behavior
This article is excerpted from Vista for IT Security Professionals. To order this book, please visit Syngress.
Web browsers are client software programs, such as IE7, Netscape, and Opera, that connect to servers running Web server software (such as IIS or Apache) and request Web pages via a URL, which is a friendly address that represents an IP address and particular files on the server at that address. The browser receives files that are encoded (usually in Hypertext Markup Language [HTML]) and must interpret the code or markup that determines how the page will be displayed on the users monitor.
Browsers are open to a number of attack types. The embedded scripts (and even some of the markup language) can be used to exploit your browser. With Internet Explorer 7, new tools such as the Phishing Filter help to thwart these attacks.
Early browser programs were fairly simple and could be exploited by using minimal techniques. Todays browsers are highly complex, signaling the need to secure them even further. These newer browsers are capable of not only displaying text and graphics, but also playing sound files and movies and running executable code. The browser software also usually stores information about the computer on which it is installed, as well as the user (via data stored as cookies on the local hard disk), which can be uploaded to Web serverseither deliberately by the user, or in response to code on a Web site.
However, hackers and attackers can exploit these characteristics in many ways. For example, an attacker can program a Web site to run code that transfers a virus to the client computer through the browser, erases key system files, or plants a backdoor program that then allows the hacker to take control of the users system.