IT Security & Network Security News & Reviews: Seven IE 9 Security Recommendations for Microsoft
Seven IE 9 Security Recommendations for Microsoft
by Brian Prince
Microsoft could improve things in IE 9 by adopting some of the sandboxing approaches Google uses in its Chrome browser. IE 9 has "Protected Mode," which is similar, though not designed for the same purpose, said Aaron Portnoy, TippingPoint security research team lead.
Plug-ins Out of Process
"I believe it would be beneficial to IE's security posture for it to run as many third-party plug-ins out of process as possible," TippingPoint's Portnoy said. "By running them in-process, an attacker can utilize known or unknown techniques to defeat or weaken exploit mitigations such as DEP [data execution prevention] and ASLR [address space layout randomization]."
By randomizing memory addresses used by popular functions, attackers will have a tougher time identifying and repeating exploits against vulnerable code, said Rick Moy, president of NSS Labs.
"Drive-by downloads make use of multiple redirects to confuse reputation systems [such as IE SmartScreen and Google SafeBrowsing] and bring the user to an unwanted page with an exploit," NSS Labs' Moy said. "Disallowing more than one sequential redirect could significantly increase the effectiveness of reputation systems."
Content Security Policy
By implementing content security policy, Microsoft can offer users additional protections against cross-site scripting and click-jacking. Mozilla has already begun work in this direction for its Firefox browser.
Moy said he would like to see users get help differentiating between good and bad plug-ins. "A combination of code hashing/white listing and reputation could help potential users know who made and packaged the application, and what their track record is," he said.
Secure API for Plug-ins
"Browsers should take the lead in protecting plug-ins from memory-based attacks, such as buffer overflows and heap sprays," Moy said. "Providing a secure API instead of direct memory access would go a long way toward reducing the attack surface."
Seven IE 9 Security Recommendations for Microsoft - Page 9