|
|
|
Microsoft Details IE 8 Security Default Change
By: Ryan Naraine
2008-04-09
Article Rating: / 8
There are 2 user comments on this Network Security & Hardware story.
The company will enable DEP/NX (Data
Execution Prevention/No Execute) by default in IE 8 when running on Windows Vista and Windows Server 2008.SAN FRANCISCOMicrosoft
plans to make a key Internet Explorer default change to thwart attackers trying
to hack into its Web browser.
The software maker will enable DEP/NX (Data Execution Prevention/No Execute) by
default in IE 8 when the browser is running on Windows Vista and Windows Server
2008, a major tweak aimed at mitigating browser-based vulnerabilities.
DEP/NX is already available in IE 7, but it's turned off by default because of
compatibility issues.
With the default change, IE 8 automatically gets a security feature that
prevents an application or service from executing code from a nonexecutable
memory region. When used in tandem with additional security mechanisms, DEP/NX
can help to reduce the effectiveness of hacker attacks.
According to Microsoft Program Manager Eric Lawrence, the DEP/NX protection
will apply to Internet Explorer and all add-ons loaded by the browser. "No
additional user interaction is required to provide this protection, and no new
prompts are introduced," Lawrence
said.
What kind of security features do people expect to see in IE 8? Click here to read more.
This means that IE add-on developers will have to make code changes to ensure a
smooth ride once IE 8 is released to the general public.
Microsoft's recommendations to IE developers include:
If code depends on older versions of ATL
(Active Template Library), please rebuild it with ATL
v7.1 Service Pack 1 or later (Visual Studio 2005 includes ATL
8.0).
Set the /NXCompat linker option to indicate that an extension is compatible
with DEP/NX.
Test code with DEP/NX enabled using IE 8 Beta 1 on Windows Vista SP1.
(Alternatively, test with IE 7 on Windows Vista after enabling the DEP/NX
option. To enable DEP/NX for IE 7, Run IE as an administrator, then set the
appropriate checkbox in the Tools > Internet Options > Advanced tab.)
Opt code into other available defenses like stack defense (/GS), safe
exception handling (/SafeSEH) and ASLR (/DynamicBase)
"In rare cases where an add-on is not DEP/NX-compatible for reasons other
than outdated ATL usage, a group policy
option will be available to allow an organization to opt out of DEP/NX for
Internet Explorer until an updated version of the broken add-on can be
deployed," Lawrence said.
He also said the DEP/NX change means IE 8's new security features will target
three major sources of security exploitssocial engineering, and Web server-
and browser-based vulnerabilities. It will feature a revamped
anti-phishing/anti-malware component called Safety Filter, which blocks Web
sites that are known to contain malicious software that could harm users'
computers or steal sensitive user information.
Lawrence said IE 8 will also offer
greater control over ActiveX controls and new AJAX
(Asynchronous JavaScript and XML) features, XDomainRequest and XDM, for safer mashups.
|
|
�������xv㶲 ;^+(}LR/ْڱ-oKޝofiQ$$1Hmd�Y�_��t%qδ%�,
UBP�$i9crsk�|jx>w߽�!�[f0TE[�]Ϥ^=Am۟�@t�5v9:�r
���z=�>;|�9|@D���%�j'A]kc{F}_2z5o0�f��E1;&�}9Bm �~5;��s�!%�2{8�K;;$?*B�]2HXߦu�ɷ~{Xe�;��7� C�Kd/B(?F#�c�?9CvN��0/Pcw��Ҵ/�v[P�;U�{a�h�� /�\1r.b,{{4�ɿTݱu6���{ �-�,w2M*-f{е�:�9�z�u
v=�rDJ�53ҧ
=K�;O=k��\w=j�P?B1 ��I
�uBģz�r(˺79hm�y�a�ijTӪrT�5X;rދWcm9��2w7[RV5MQj�U���u7�ںs��nm)k��Cq9}r>?'��7��;A:��@o&1W`J�LTRBhd"���Pc@GNj,{/B��oVq+ZV�H+(.##-byOa`%�pfQUri�[}o__]wzmo�_wڧ>ߘekfy�3�?�b Jw3B~�W�7ke{#kjꜴ{
ݹGtHM��Wh:w Nկf�O|iuHz>54�01\�]Z-$5�VM&�usBr,�Ndo/ !}Ow|�nr2GrI/]o,��$̛cM�|�Ip6M2T��c��]N�j__ӬZxka
4�+@_x0N�D=�f�M�s,e��g{0A�M)��61t�k
�3!RBʼ��ĿI�K
_VPJB�-)\Dh+�Ԍ$ٛ�"G�;�ž_��"ʥ��c�p1S{n�.Ӱu�irq���^oVV͉:]XYu�jZnE?´;\g8m7�-һ^5?aUb}Phv�ZM]�qsuTSt*Zl:��}�5գ"T���G'&-d`q86ayƔIG�?{x?�����aO>�)5>�'4�}t>�$>hƋCriYnL,�r�Ӈt�u4A�.~�{ݣn]?&tnYXŞ�+LRVi50CG�E�6]�LR}>t9q�HhQ0<�sz0Y[S衟�#j{7t(
u�,/��{@`\@�8�Hp�yY?9���>�o ��߃5�#z[-[�Z6x�GA }Q�P|'sZ(�7^b��y"�"D%� T
h��4�A�ǰ�E�EN�A7;�.VKŤ�\*y"�Jm':ݱ;PKR�x&,�S,BV-KᗄPf%i2mh�ƺń(VFN��l�(0��Vf)5mV�AL �
�|�U=kb�$`~f�
�B�
SL@ΧrE\
�~1��~1UŠP=I)
]�`u0$��VT!rB�s�=?w�2_!�挮��t!VB�{�ZYUKZTpW�t~GNg�$�h�/Op���M??5�Yo�N?+�vo?�{]wK\�~g^l^�L�cv"O`��Q$O,p2HU>XC}`/�cҧ8P�ĺU0�UESUG�+[+]>�F����]h���!.��־ �X@�P A6+8SӞ-5Z,Y~B)'�-_�9��oE`���9^R˶SL*H@8�:{>-��W`
>�N=�1Ǩk
05-�tp]U*jAe߯yU�XY :څH�����i3
9��
�~�g�H
ysV�9y�]%��fZ+a1,*=:Y5AP,2gy3isS"ܪ�+_M�e�<�MxK�s�ͳi
4=_@HpjGi�
�>W˳(AD &�ϛ
/��j�h��tUM+%Pm2�YhSYpg#HٚIuMs�|,On?�jT�Sc\o U�lYGqOX7n3/�DV;I�9dYb:9Ki>C?9dN u3� U�sf>
��|�%`�մZ9kٝNC7E$�9Pܘ��G�wDF$�R3̍oU?F85oqS))r�*H+ů �3Fˁ;�_.7qD�z�GVUe@5ỵV3C
e
4v=.EЋq}c�LB.M�o
4y�Qʣ",߸X,W̑�^`�3X�Z>2lz�
�|q6tGM4*6H!I?QjQ�ud*�+ZR�<*�
ZlmM�
��l⊗q@K�τkox~�E�6-2j=kR�`J%�¸�_v^�IўA>�b2�at53yp0͎�s{�ql'YVc�6fĺ}���a}`MٸU
V|�eZU
ՂVE'�u0�|�aߋ
WuRԣo{{�7}óf�A"WS[�U�ts��:C\Դ"hw
ĶRsG'}D.,��q=C
H\}PK�(,�~w9ـo�|\V*Z�솣d9#�T�`| @-a'd1s<�œo
-"Ԅ_8 +�~W?l)ɡX�XD�>DQkF\{e"��nxB*n�gF�Dccb^f>A*o��P�[�/I6]S�0:;_�ݘ`3ax��-⤔�Qԕº}wi�IAcԧ˾tڼ>A&̫�;~x;C:LGp֏2��a%<��8�sj됔�,Z~pxْ:��m~1�}�LAIP
��4�#7="i�COճ"ju.?H�m}��8�-o�d�D4|w/�ΥI{��e[J:^w��9"�!5;�.�Yz�F�]99o7óO�M1��0vhR`A��fjmX#�ǎFMT_�!m�BU\5g��^|%�V}Xr!sdQ6h4�'l5/Q�
Bf/�3b!|JG<ևAP#��{ r
H)'4��N9:̝�\bϻ;A��B�0F�D_TJi�)W4f'u�3xjt)�5�E_�%'K;tR-[N7S+tY�GD_q+
s��z4~�\3Z9n|"�B2�^'68�;=h)�ޏH�B"a�]Z�in}
zsH&iR'DZ3pu*h�hw6D20�O&8v�\e0G`�q�4É@P� V���QגZ4ҫoeW!9�
��\Cp0S�`0#!9˫|1}~XU*�۽N����H1s
��ذq�;eΫ� P|��v�,N��W�3l{Rѵl��2M ��.`�Y �=w>���`LM\g�7�h�G(V=w-h*1
rXsgc��l3,�LjDžܳbt �n4kҼ?�5L0�c,H~ �;#|$~>x�FM{uS棏G�
95�'y�V7�N{m,d�a3fo?c_;
?-m-8t�ǠC�R�#K1&�$Z^VP**sᔤ˞CȔ�X�N�GX�d1�0d&q�+��=#tzoo=إ�֛�<�A�?�'L��w.�z@z@pSx6{Zg%QJ=�,qM@kjiIr\<~^YZ�䑽D���Hڃ}co D:*pctO�xc�Z�yi�襶�<�/:曜;�`!3ȑ �+Ӡ��5Mm)�H.v�G �$T8h�l|n�wkJljl�� 4�Qbh,r9٦h��r["�6a'�zYOC,'
�pIVܱ�S,*O_�O�o+N֊ v)[ꈧ W�/5;U�S�&5�.�̼V�&Q~p*�wCOƥ�G/>q�Ĩ`bo�x?���sfdl娳̺UJş|X`ˤ~[bOO^~t�,}L9uHX%<2d{�#r-�E�(oaKL�^ߨ@�?KxKX4HZnϏQD^�N|< ,9o�P� {Y@&�lB�`'�0KuS�@8�Ob�lxi��"#� :2l`���T껫-GV�#M\`F^�*nG[g3ڜ4k:&�ņ¡�(d+aVaj9)ՏvZ���cu��I&�+qKMc�+�g&1%KR$�]q#q��/.+q�=TnIO%Α`���'rH"
���Ot�L<}���y�_��FQ_m���8?sq*BimåL"ZQJՊp5rt$ �n�7�^lď�z6#&`>���?
j=N)rr'�F-�~�Ŷ�bZ�uzH�
9ghlv[hkr|6p1G;R]Z4-ۗ@jHe�Y��C~d$%E��I�`��-]D�)єL3h��ʍ�*ޘ.�y�eMRUIM�!x(Wc�~t�Os��98_�&tL<$=GU�V%PYԪv�6@R
`Z�07@�h٭`�'*�>:B؝]5e[v-S�I6`,p�1�7R0�fSժY6i ;%c>�4˶"@3�~U�
itz4�T-/�_��nbp}P
1&ԗz}�a襢t��|6?-sh�0CV*4L�I �>- 5"@
bZաWm9�'�Gj�r�c"TT1L�ZPUJ�@1SL�{�kw*mO�^z�[�3쳋sc�P��җ
`��Hb�xD#!W>ى��TJeJŕǫVnIk���pHj?l�B=/f�d��fr!|�'�_�hui!YH�PeļU0�3lEµSnj�Ga³�roooo.UԲ|ou:ot_XH�R�\-/�k8L
X�|yci_*:�[ϋ9ۑ���j)TauXbRg:;�+�K%�K
EBu|@g�ҵu۰W*Rið'l�SJXK�����`JNerJ�O$%P��.^:�ݶ�l� �pntН��&���H�CE��A��i]p� .s5ͩX~/�~���WPM�H�x4b\6Mh2n@� 6
��m 6ͪ}^p���/�gK,4W~~ұY&b<�:G�
&mbb+c
Q���(1ҙ`."=k
�f��3`+JFu'$SF�Y[a� )FfKbE�F�X4hɘe�_&0Q&)b$!خ&�wI'�{^ZV.n/^|gBc���tz)vaD�'m���_x���c'�>뛧;?Ӷ:Dx;,�[U�^'Y옊k˿%wi*��!��|#ÛA#�Ghokcۚ3�y1-/MO�3˲EZ7CfL�C+)khTx&1>S@n@�vD�z�K!LOܛP�$wA Yuo@uª�V}h_gv1ƍx56�}m�O E6�~Js徔*��3~�"^'[y>�!#غwq:3v}N�a`m`|�/P=}6�dUoko#fyN; mV)Kjhk�>|Ѳ|6�zlï^�Ji��f#e։
V$��H_�X��L4skx�(0G7{$/rrpBL�Kפ�K|:6Ϡ 8weQHL|ӗ�K{~i[�
cfX[k��*`5m{;�hO��>#b1D+b��@/j�3}L�=}J,T7�ikg!ީiwT60�8{7�~�I�@�(�
xף�}�-�6�Ӫ=F(XK��؉i�ͨ4$t{��#iW����"^��tEw'y{Dd�H�':t=jh�DbѤJd�mLYP)ϑVPJx>h�ߡ<�4`仸cWVRѪE�r�r|Ȯ.�̈́*9/va)�.:��Փ>-,b'c�0/Ƙ;`^*iB¼{4Mw�:>(�[�}1�W-vᮦq#Ǡ�j>S"�tH�bW
~Qً^Rc"W6�#��`ӹ��$-:uh&n*16J)t|{po<|SP�ʕ�U+%=�hpq�ـ�jcE~�:��td{1�6ɝ�!="&s'؏p�S�'"EoX�V{+$νO��g-�ۑAguU�zp VH+�^@0��3�:�%}�$͈ɵ?ѝ���4?5iv>�N;WN�ϻ7xn Zӷptԝsm}>^}>\;\��|jKym2/*�˙͓Q�9l^28SΘksYx�9%�y�*w�8l�'�z$;G(%lGyї�5�1ũ4MT鏩Bfuljŵ�N#g58ٙ/K_�9q�Χ65�A^J�c>s�N�M�o���
)n}>e;�MjV}Qy�xQ3Q�Q~
כO͌.w3ʑ[@V;�O6�}N3�!�>Bg\㬳5:r_'\fC;�k(�7���xS]\���_�,@ߋ�^�}.2s�_d�y���2z'(Q~�g�d_@EF9e^\f%euwAt3O�K7C\�\e�5u��^�=�A6�_SV9)�O@O�rߛ�o2ڿ�\'I��73y�S*�Rq/2苬+ OY射<(Ay>++P/nt3�ث�:�?3/�z�^�}NV&/n+��^a芪g-5n�
ǸJuv��^_A�5KHe^ۛTFCGPYpKxEó#�#�h��toĶ.�p��&}:=Wvl+Jy._[nNJ>s\ȜHǣ�WɴVی �`
Ӯ % /ܻ�GznQ'��L2~�<'ԎnOArr m>v#y\���^��x�P�[ԙq�ޢD�)+F�yk@��?f�>xfO��vHy>j~h|Z/O�*8�uߚ�Yu8��%�� {YV&@Y8'}Q�?Ѱs�3@�t=^i{@$��,@���$u͇RiE�rT)玾ߓNٝ0k����z@�DdU*�.��rF(�RB�4|O۴W)]7tSsc<{�+4�аY-P��=��^?&G�u]ŗ1 {7�/��^"_�v3&mc�(2��)�R1�K1@e^*u1*j>d%Q<�o�qb7.�7K�4l&%KlŜh'b�C'�]SNL0#���8W
!�7c�U�ݡQ�oCŵRų�l1@�Щ>�h�,���\șP˦=�wAp.W:^nx6�,0�G9U1i����!�ӗ:�i�Fx�ZzIc3�t71�L(�$LfLyC!;6��bZ�9֠}ֽ��D#iZ#7X�nƀ_@o=,N7"fG9p=�y
x��_�˝ܔ0b�pa`O�*}�q�K�Anӵc�X00w]Ww�-E_~K5 D 9bw
oY1L]Z�$�z���b2O|e'0O�2#0' MĮkfAj3�r�,Gzw���='�fs(�#>L�_l4W�[l,��)1 {��;Kh.6,�C�Sr��ħ�%NAa�:2�Ş�_ =6}`^�s��D֣c:4�� �`AtN[a��>$NSPs%n)l:h}r;Ws��ܺ�0PG~]�;h�PxU�E'0P$=Cf�Kǣ�,h�:BQF{&A�}FV垓$gg_7�b
Fy&b3@p�+�c|@ăx!$k�W���p|"���ϷϒezLU"zʴt�Dq+N%%�}YQ ��v.y�hFʪv\J��T~3)V��\w|7(6؋BO�t.t��.�X&"�>m��?'.}Fu;H' �"@2drt�Pŗ�;waSF)f��'NFp)hN�<}y?٢�u+�ğ? \� cwH�V&Lt>;Oulם8G�
Pr�⁜0ћ��S1$+nvG�D
g>��6'كl2p�!(Dْ�0�-�?�Fu:h�/�A�sl+
6-����`⎈me�6iZDR�*,E&f
,��� ~sf㿴�(@P��9���Bu�z��Ϸ;���<�v7�͇O�e$|��_�[0~Y��+ʕbA,\�n2?>Ş�i#{��@kD͝fHE�k^��zX�ٻ"Ps�h݆G��0ޏq۷�PV�l@��xS�a
�뱊v�)E=b�\
�Ѩ�pSTUD'�l���3^k'gycD]E>*�Ѝ
�O1igNb��c��gb@x��=f_q�x�N|L/�ؙ9u�Ut�g)C2^#s!?"L�n3m�^^kte�(n
aa��X����w6��+[Ȁ7H>Y;D,5R7tP�9͓ a�0�+�=�:`-�sq7C'
C�&DW�K�5�4Ƙb>0�,X�+0_m�k��A�k�LeU��|tCGYEL`&;]+�N%t&ж?8�a�cT
1L(�_:,R�.�דWv!{�ZqƋ�|��E>byx ŧ$�NS?�X|:T+ ��+��Sq�|>o\,{ٗN�χ<|;�X�Yx(~�']f(FRq�O\||8�)>wc3yq�ݏ-)h,-(Z�NN`��)Xfչ�C%ȕ/�2F#x�oU��AޚYf]Z%�Nb�i|ۊ�#iQg8&rYOjJZR۽w�D^8�%ܖmJPU&s)#KM�\eZ)M�S9Q��2kE�skq�>tgLp�-�ͱeRZ`l/Z6Nd)��
|
Network Security & Hardware 
