Security Blog

IE9 Introduces New Security Features

The latest version of Microsoft's internet browser -- Internet Explorer 9 -- was released earlier this week. Since then the release has benefited from largely positive buzz, with users on Twitter praising the release for "being lightning-fast and coping well with script-intensive sites," tweeted @ITHedgeHog. "So IE9 does seem faster. I like the look," @calcomtech told me. And Twitter user @pblumer76 said that "I love IE9 pretty smooth IMO reminds me alot of Chrome in looks and speed."

As with any new release, there were some gripes, too. Some people have complained about the lack of Windows XP or Mac support, while others have pointed out that competitive browsers have better HTML 5 support. Despite the muted criticism, Microsoft announced earlier today that more than 2.3 million copies of IE9 had been downloaded in the first 24 hours since it was released.

After spending some time with IE9 myself, I found it to be slick, polished, and a significant upgrade over previous versions of IE. Aside from a minor display glitch with the DNN-based content management system for the Windows IT Pro website, IE9 seems to work faster and provides a more attractive user interface than previous iterations of Internet Explorer. Some of the biggest improvements to IE9 came in the form of security and privacy improvements, with the three most significant being enhanced memory protection, improved defense against social-engineering attacks, and a new "pinned sites" features that adds multiple security improvements.

According to Eric Lawrence, Microsoft's senior program manager for Internet Explorer, the enhanced memory protection features in IE9 are designed to help prevent attackers from exploiting memory-related browser vulnerabilities. "Internet Explorer 9 utilizes the latest memory protection technologies to help prevent an attacker’s code from running if a memory-related vulnerability is discovered in the browser or one of its add-ons," Lawrence writes in a Microsoft blog post about IE9's improved memory protection.

Defending against socially-engineered attacks -- which are attempts to fool a user into thinking malicous downloads are trusted ones -- was another focus for the IE9 team. IE9 introduces SmartScreen Application Reputation, a new feature that Microsoft program manager Ryan Colvin describes as Microsoft's attempt to reduce the impact of downloaded malware that relies on social engineering to deceive users. "[Application Reputation] accomplishes this by greatly reducing the number of unnecessary warning prompts while warning users only when they are about to run a downloaded program that is more likely to be malicious. At this point, the user can either explicitly run the program or they can decide to delete the downloaded immediately...our data shows that this feature is a great complement to our existing social-engineering protection and will contribute significantly to the safety of our users over time."

A number of new security features were introduced as part of the pinned sites feature introduced in IE9. The concept revolves around "pinning" icons of frequently-used (and trusted) sites to your browser toolbar which run in their own browser session, and don't load any additional toolbars or help objects. Lawrence writes in the official Microsoft IE blog that the pinned sites feature also helps "avoid insecure HTTP to HTTPS redirections" and securely terminates connections if there are any problems "with the security certificate presented when your browser contacts [another] Web site."

Microsoft may still be playing catch-up to VMware on the virtualization front, fumbling important Windows Phone 7 updates, and has possibly developed a serious case of Apple envy. All that said, the IE team seems to have hit this one out of the park, proving that there are product teams in Redmond that still know how to develop and ship competitive products. The jury is still out on whether IE9 is the best web browser on the market today, but it's clearly much more competitive than it used to be, and is undoubtedly the best version of IE yet.

Follow Jeff James on Twitter at @jeffjames3

Follow Windows IT Pro on Twitter at @windowsitpro

Related Content:

TAGS: Windows 8
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.