Microsoft adds clickjacking protection to IE8 RC1
Protection against malicious Web attacks and tweaks to a feature that lets users browse the Internet privately are among updates Internet Explorer users can test in the first release candidate for IE8, which Microsoft made available Monday.
As first reported by the IDG News Service Friday, Microsoft released the feature-complete version of IE8 to the Web Monday. Microsoft added performance tweaks to existing features and one major security update to block Web attacks known as "clickjacking" that the company said makes IE8 the only Web browser to offer such protection.
Clickjacking lets hackers put a transparent filter on sites so they can view what information a user is accessing and what activities that user is doing, said James Pratt, an IE senior product manager at Microsoft. For example, if someone is on a bank Web site, attackers can use clickjacking to see the user's bank information and acquire passwords, and the user will not know the information is being viewed remotely, he said.
The security feature that thwarts clickjacking in IE8 RC1 allows Web-site content owners to put a tag in a page header that will help detect and prevent clickjacking. If a site that uses the IE8 tag detects clickjacking, it will give Web users an error screen letting them know that the content host has chosen not to allow that content, and gives them the option to open the content in a new window that is protected from the attack.
Microsoft also in RC1 expanded the functionality of a feature it introduced in the IE8 beta 2 release called InPrivate. InPrivate has two settings -- InPrivate Browsing, which lets users browse the Web without creating a record of where they've been or enabling cookies, and InPrivate Blocking, which has been renamed in RC1 to InPrivate Filtering.
InPrivate Filtering lets people set a threshold for how many times third-party content appears on sites they are browsing before the feature allows them to view information on how those third-party content owners are collecting information about browsing habits. That threshold can be set between three times and 30 times.
For example, Pratt said that if the same third-party advertisement appears 10 times on Web sites that a user is browsing in a session and the person's InPrivate Filtering threshold is set to 10, the user can then view how the third-party content owner is collecting information about browsing activities.
The Compatibility View introduced in IE8 beta 2 also got a refresh in RC1. The feature allows users to view Web sites that may not be compatible with current Web standards IE8 supports in another view so the sites render properly.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
ie8
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
