Microsoft Planning IE7 Security Zone Lockdowns

Filed under: — By Aviran Mordo @ 11:10 am

Microsoft Corp. has announced plans to make several key default changes to Internet Explorer 7’s security zones to further harden the browser from malicious hacker attacks.

The built-in zones, used in IE to enforce security rules for Web sites by grouping them into categories, will be changed to scrap the use of the “Intranet” zone unless the computer has joined a domain.

According to details posted on the official IE Blog, Microsoft will also making significant default changes in the “Internet Zone” and “Trusted Sites” zone to provide defense-in-depth against some dangerous IE attack vectors.

“The Internet zone, where most users browse, will be tightened down with two very notable changes. The Internet zone will run in Protected Mode on Windows Vista,” the company explained. “ActiveX Opt-In will also help reduce the attack surface of ActiveX controls in the internet zone.”

Customers who depend on the IE6 level of the Trusted Sites zone will be able lower settings back to IE6 levels with a slider on the “Security” tab of “Internet Options” or through policy settings.

Source: eWeek


Leave a Reply

You must have Javascript enabled in order to submit comments.

All fields are optional (except comment).
Some comments may be held for moderation (depends on spam filter) and not show up immediately.
Links will automatically get rel="nofollow" attribute to deter spammers.

Powered by WordPress