IE8 Security Details Emerge
Results 1 to 10 of 10

Thread: IE8 Security Details Emerge

  1. #1
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246

    IE8 Security Details Emerge

    Redmond shares some details on Internet Explorer 8's security features.

    IE8 Security Part I: DEP/NX Memory Protection - IEBlog

    Internet Explorer 7 on Windows Vista introduced an off-by-default Internet Control Panel option to “Enable memory protection to help mitigate online attacks.” This option is also referred to as Data Execution Prevention (DEP) or No-Execute (NX).

    We have enabled this option by default for Internet Explorer 8 on Windows Server 2008 and Windows Vista SP1 and later.

    DEP/NX helps to foil attacks by preventing code from running in memory that is marked non-executable. DEP/NX, combined with other technologies like Address Space Layout Randomization (ASLR), make it harder for attackers to exploit certain types of memory-related vulnerabilities like buffer overruns. Best of all, the protection applies to both Internet Explorer and the add-ons it loads. No additional user interaction is required to provide this protection, and no new prompts are introduced.
    Thumbs up for this inclusive form of protecting plug-ins (if it works).

  2. #2
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    lol next weeks headline will be "New DEP/NX in IE 8.0 Beta bypassed"

    The only thing that will be good about ie 8 is that it will follow standards and pass acid 2.0

  3. #3
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Unfortunately, not even that. The program is still in beta so I'm not getting too crazy about this, but IE 8 has no opacity support at all, not even the filters it used to have.

  4. #4
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    You mean for pictures?

  5. #5
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    For anything. Any HTML element could have it's opacity changed with CSS, and although IE5 thru 7 did support the wrong syntax (proprietary syntax for MS) at least it WAS supported somehow. I understand IE8 has removed the support entirely.

  6. #6
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    Thats pretty weird haha. I wasnt thinking about CSS but, CSS does support it and as long as they follow the standards it should work... Maybe they just took out their own crap

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Yes it is weird. Sure they have removed their non-standard filter approach to comply with standards but haven't provided anything for CSS3.

    I have heard that a definitive standard for CSS3 has still to be agreed? that might explain why it hasn't been included.

    What strikes me as strange is that there wasn't an attempt to provide an "interim solution" as other browsers have. Particularly when you look at all the "eye candy" in the higher levels of Vista.

  8. #8
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,052
    This is true maybe they are waiting for 3.0

  9. #9
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Yes, that's true, it's not part of the standard officially yet, but there was no reason for them to remove their filters. In some ways they were well ahead of the standard, as they may have been the first ones to support opacity in any form. They also have other filters that can do things you can't do with CSS in any other browser, like reverse images, flip them upside down, or show them as a negative of the image. CSS doesn't do any of that yet.

    IE gets a bad rap because of its security issues, but when you build in greater possibilities the potential that those possibilities will be exploited maliciously is always present.

    They would have been much better off leaving the filters as they were and just including support for the syntax that has been suggested by the worldwide consortium. That way there would have been backward compatibility for existing sites which use those filters. But the program is still in beta, no reason to panic yet.

  10. #10
    Junior Member
    Join Date
    Mar 2008
    Posts
    12
    I am currently enjoying IE8 and all the new functions. The one issue I have with it is that IE8 has a memory leak when processing some sites such as this forum and others.

Similar Threads

  1. 10 ways to protect yourself with 'pragmatic network security'
    By Black Cluster in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: June 15th, 2006, 03:21 AM
  2. Windows XP Security Guide (phase two)
    By pooh sun tzu in forum The Security Tutorials Forum
    Replies: 10
    Last Post: March 6th, 2004, 09:54 PM
  3. Windows Pc Data Security
    By nihil in forum The Security Tutorials Forum
    Replies: 6
    Last Post: December 24th, 2003, 03:04 AM
  4. NEWS: This weeks security news.
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: July 25th, 2002, 04:05 AM
  5. NEWS: This Week in Security
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 1
    Last Post: July 18th, 2002, 05:36 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •