Microsoft Details IE 8 Security Default Change
SAN FRANCISCO-Microsoft plans to make a key Internet Explorer default change to thwart attackers trying to hack into its Web browser.
The software maker will enable DEP/NX (Data Execution Prevention/No Execute) by
default in IE 8 when the browser is running on Windows Vista and Windows Server
2008, a major tweak aimed at mitigating browser-based vulnerabilities.
DEP/NX is already available in IE 7, but it's turned off by default because of compatibility issues.
With the default change, IE 8 automatically gets a security feature that
prevents an application or service from executing code from a nonexecutable
memory region. When used in tandem with additional security mechanisms, DEP/NX
can help to reduce the effectiveness of hacker attacks.
According to Microsoft Program Manager Eric Lawrence, the DEP/NX protection will apply to Internet Explorer and all add-ons loaded by the browser. "No additional user interaction is required to provide this protection, and no new prompts are introduced," Lawrence said.
This means that IE add-on developers will have to make code changes to ensure a smooth ride once IE 8 is released to the general public.
Microsoft's recommendations to IE developers include:
"In rare cases where an add-on is not DEP/NX-compatible for reasons other than outdated ATL usage, a group policy option will be available to allow an organization to opt out of DEP/NX for Internet Explorer until an updated version of the broken add-on can be deployed," Lawrence said.
He also said the DEP/NX change means IE 8's new security features will target three major sources of security exploits-social engineering, and Web server- and browser-based vulnerabilities. It will feature a revamped anti-phishing/anti-malware component called Safety Filter, which blocks Web sites that are known to contain malicious software that could harm users' computers or steal sensitive user information.