Seven IE 9 Security Recommendations for Microsoft - Security - News & Reviews - eWeek.com
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Seven IE 9 Security Recommendations for Microsoft

Seven IE 9 Security Recommendations for Microsoft
Written By
Brian Prince
Brian Prince
Apr 16, 2010
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More


Seven IE 9 Security Recommendations for Microsoft

10 Database Security Threats Every IT Administrator Should Know

by Brian Prince


Sandboxing Technology

2

Microsoft could improve things in IE 9 by adopting some of the sandboxing approaches Google uses in its Chrome browser. IE 9 has “Protected Mode,” which is similar, though not designed for the same purpose, said Aaron Portnoy, TippingPoint security research team lead.


Plug-ins Out of Process

3

“I believe it would be beneficial to IE’s security posture for it to run as many third-party plug-ins out of process as possible,” TippingPoint’s Portnoy said. “By running them in-process, an attacker can utilize known or unknown techniques to defeat or weaken exploit mitigations such as DEP [data execution prevention] and ASLR [address space layout randomization].”


Advertisement

Memory Randomization

4

By randomizing memory addresses used by popular functions, attackers will have a tougher time identifying and repeating exploits against vulnerable code, said Rick Moy, president of NSS Labs.


Redirect Hopping

5

“Drive-by downloads make use of multiple redirects to confuse reputation systems [such as IE SmartScreen and Google SafeBrowsing] and bring the user to an unwanted page with an exploit,” NSS Labs’ Moy said. “Disallowing more than one sequential redirect could significantly increase the effectiveness of reputation systems.”


Content Security Policy

6

By implementing content security policy, Microsoft can offer users additional protections against cross-site scripting and click-jacking. Mozilla has already begun work in this direction for its Firefox browser.


Plug-in Registry

7

Moy said he would like to see users get help differentiating between good and bad plug-ins. “A combination of code hashing/white listing and reputation could help potential users know who made and packaged the application, and what their track record is,” he said.


Secure API for Plug-ins

8

“Browsers should take the lead in protecting plug-ins from memory-based attacks, such as buffer overflows and heap sprays,” Moy said. “Providing a secure API instead of direct memory access would go a long way toward reducing the attack surface.”


No Title
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information