Microsoft released a public beta of the long-awaited Internet Explorer 7.0 . The new browser includes numerous security features that will help make Web surfing much safer than was possible with previous versions of IE.
One major improvement is that, according to Microsoft, use of ActiveX controls is now optional since "nearly all pre-installed ActiveX controls" are disabled by default. IE 7 also provides a new Protected Mode, although this feature is only available in the Windows Vista version. In Protected Mode the browser will be will be isolated from the OS thus rendering it unable to modify files and system settings. Protected Mode will also severely restrict COM objects and the browser will be able to write only to the Temporary Internet Files directory. These features will help protect the system against infiltration by various forms of malware.
IE 7 introduces support for international domain names in URLs along with protection against certain types of domain name spoofing attacks. The browser will notify you "when visually similar characters in the URL are not expressed in the same language." The new browser also includes a redesigned URL parsing engine. IE 7 also places new limits on scripts to help prevent cross-site scripting attacks.
Other features include opt-in protection against phishing attacks and a new security status bar. IE 7 will help prevent phishing attacks by performing a real-time URL lookup against a database of known and suspected phishing sites. If you're visiting such a site, the browser will warn you.
The security status bar help users remain aware of Web site security and privacy settings. The browser displays a color-coded indicator depending on the security of a given Web site. Green indicates that a site uses the newer "high assurance" encryption certificates, which are issued to entities that complete a more extensive identity verification check. White indicates sites that use a typical SSL certificate. Yellow indicates that a site is suspected, but not confirmed, of participating in phishing. Red indicates that a site is known to participate in phishing.
Another major change is the way SSL certificates will be handled. IE 7 will initially block access to sites whose certificates weren't issued by a trusted root or whose certificates have expired or been revoked. Under the first two conditions, the browser will offer the user the option of connecting anyway but not if the certificate has been revoked. In addition, the browser won't show nonsecure content on sites whose pages use both secure and nonsecure content unless the user explicitly unblocks the nonsecure content.
For a full list of new features (including those not related to security) review Microsoft's IE 7 feature matrix. You can also read our article, "Internet Explorer 7.0 Beta 2 Public Preview Review," to learn more about the browser and to get a glimpse of the new interface. To gain an understanding of how IE 7 stacks up against Firefox, Opera, and Netscape browsers be sure to read our article, "Just Browsing ."
