IT Security & Network Security News & Reviews: Seven IE 9 Security Recommendations for Microsoft

 
 
By Brian Prince  |  Posted 2010-04-16
 
 
 

Seven IE 9 Security Recommendations for Microsoft

by Brian Prince

Seven IE 9 Security Recommendations for Microsoft

Sandboxing Technology

Microsoft could improve things in IE 9 by adopting some of the sandboxing approaches Google uses in its Chrome browser. IE 9 has "Protected Mode," which is similar, though not designed for the same purpose, said Aaron Portnoy, TippingPoint security research team lead.

Sandboxing Technology

Plug-ins Out of Process

"I believe it would be beneficial to IE's security posture for it to run as many third-party plug-ins out of process as possible," TippingPoint's Portnoy said. "By running them in-process, an attacker can utilize known or unknown techniques to defeat or weaken exploit mitigations such as DEP [data execution prevention] and ASLR [address space layout randomization]."

Plug-ins Out of Process

Memory Randomization

By randomizing memory addresses used by popular functions, attackers will have a tougher time identifying and repeating exploits against vulnerable code, said Rick Moy, president of NSS Labs.

Memory Randomization

Redirect Hopping

"Drive-by downloads make use of multiple redirects to confuse reputation systems [such as IE SmartScreen and Google SafeBrowsing] and bring the user to an unwanted page with an exploit," NSS Labs' Moy said. "Disallowing more than one sequential redirect could significantly increase the effectiveness of reputation systems."

Redirect Hopping

Content Security Policy

By implementing content security policy, Microsoft can offer users additional protections against cross-site scripting and click-jacking. Mozilla has already begun work in this direction for its Firefox browser.

Content Security Policy

Plug-in Registry

Moy said he would like to see users get help differentiating between good and bad plug-ins. "A combination of code hashing/white listing and reputation could help potential users know who made and packaged the application, and what their track record is," he said.

Plug-in Registry

Secure API for Plug-ins

"Browsers should take the lead in protecting plug-ins from memory-based attacks, such as buffer overflows and heap sprays," Moy said. "Providing a secure API instead of direct memory access would go a long way toward reducing the attack surface."

Secure API for Plug-ins

Seven IE 9 Security Recommendations for Microsoft - Page 9

 

Seven IE 9 Security Recommendations for Microsoft - Page 9

Rocket Fuel