Microsoft Planning Lower Rights IE 7.0

A senior Microsoft executive provides details on some of the security enhancements being added to the Internet Explorer makeover.

ORLANDO, Fla.—A senior Microsoft executive on Monday confirmed that the upcoming Internet Explorer 7.0 browser upgrade will ship with reduced privilege mode turned on by default to help thwart browser-based hacking attacks.

During a strategic briefing on security at the TechEd conference, corporate VP of Microsoft Corp.s Security Business & Technology Unit Gordon Mangione said IE 7.0 will be chock full of security and privacy enhancements, all aimed at addressing the biggest threats facing Web surfers today.

"Weve re-architected it to defend against exploits," Mangione said, describing IE 7.0 as a "lower rights IE" with base minimal privileges.

The new browser will also feature major changes in the way files are executed and new anti-spoofing and anti-phishing technology to let users identify fake scam Web sites.


Click here

to read more about early details on IE 7.0.

The enhancements will build on the Security Zones feature in current versions of IE that allows customers to prevent untrusted Web sites from invoking ActiveX controls.

Beyond the security improvements, Mangione said IE 7.0 will add support for IDN (International Domain Names), built-in RSS and seamless search that will include choices of search providers.

The browser will also improve Web page printing capabilities like the automatic "fit-to-page" feature, Mangione disclosed.

As previously reported, Microsoft is expected to beef up IE 7.0s security by blocking access to cross-domain scripting, improving the SSL (Secure Sockets Layer) interface and possibly integrate spyware protection via its Windows AntiSpyware service, which is currently in beta.

During his presentation, which touched on all aspects of the software giants security initiatives, Mangione said spyware protection was high atop Microsofts priorities.

"Nine months ago, we started hearing from partners like Dell that spyware was a major issue. Our own data from [Dr Watson] crash reports was telling us that 30 percent of all machines had some form of spyware. It reached a point where we had to do something."

Since acquiring anti-spyware start-up GIANT company, Microsoft rebranded the product and pushed out a consumer-facing beta within 17 days.

"Weve had 17 million downloads, and its been great, from a consumer point of view. Its the number one download among all our products," Mangione said.

He reiterated Microsofts plans to roll out a for-profit enterprise version of the AntiSpyware product that will feature admin controls and management capabilities.


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.