The version of Internet Explorer 7 packaged with Windows Vista includes a number of
advanced security technologies that make this the safest version of IE yet. In this section
you’ll examine the many security features Microsoft added to Internet Explorer 7. These
features were absolutely necessary: Ever since Microsoft integrated Internet Explorer with
the Windows shell beginning in the mid 1990s, Internet Explorer has been a major avenue
of attack against Windows. With Windows Vista, finally, Microsoft has decoupled IE from
the Windows shell and introduced advanced security controls that make IE safer.
ActiveX Opt-In
Initially developed as a lightweight version of COM (Component Object Model)—
executable code modules designed to be small and fast enough to work over the Internet—
Microsoft’s ActiveX technology has been maligned by security experts as being one of the
most insecure technologies created in the past 20 years. ActiveX controls litter literally
every Windows system in existence, and hundreds of thousands of them are available
online. Unfortunately, some of the controls—which can take various forms, such as browser
helper objects, toolbars, and so on—are malicious and designed to hurt PCs.
In previous Internet Explorer versions, Microsoft didn’t differentiate between ActiveX
controls that were designed expressly for the Web—such as the Adobe Reader add-on—
and those that were designed to be used locally on the PC only (Microsoft still includes
many such controls with Windows). With Internet Explorer 7, a new feature called ActiveX
Opt-In automatically disables entire classes of ActiveX controls, including those that were
not designed specifically for use over the Internet. Now, when you visit a Web page that
tries to activate an ActiveX control on your system, the Internet Explorer 7 Information
Bar prompts you so you can decide whether or not to proceed, as shown in Figure 8-9.
If you know a particular control is safe, the Information Bar lets you enable the control
and proceed.
Protected Mode
Available only in Windows Vista, Internet Explorer Protected Mode ensures that Internet
Explorer 7 runs with even lower security privileges than a standard user account. This is a
huge improvement over the way IE 7 works in, say, Windows XP. On that system, IE runs
in the context of the user account of the current user, which is typically an administratorclass
account with wide-open access to everything on the system. In Windows Vista, IE 7
always runs in a special low-privilege mode that is below that of both administrators and
standard users; and it does so regardless of what kind of user is currently logged on.
This important feature ensures that automated electronic attacks cannot succeed against
Internet Explorer 7, and because the browser is restricted from accessing any part of
the user’s hard drive other than the Temporary Internet Files folder, Internet Explorer is
effectively sandboxed from the rest of Vista. As a result, should an attack succeed somehow,
any malicious code that is injected into the system will find itself in a location that
is isolated from the rest of the file system. Furthermore, the code will simply be deleted
when Vista reboots. IE is significantly safer than it used to be.
Fix Settings for Me
In the past, it was sometimes necessary to temporarily change Internet Explorer’s security
settings in order to run a certain Web application or access certain online features;
but once you did that, it was hard to figure out what you needed to do to restore Internet
Explorer back to its default state. If you are forced to change Internet Explorer 7’s security
settings in a way that lowers Vista’s security prowess, the browser will begin prompting
you with its Information Bar. Then you can access a simple new feature called Fix Settings
for Me to return IE to its default security settings.
Shown in Figure 8-11, this feature simply requires you to click the Information Bar and
select Fix Settings for Me. You’ll be prompted with a confirmation dialog box, and Internet
Explorer reverts to its default settings. It’s easy and effective.
Phishing Filter
Internet Explorer 7 includes an integrated Phishing Filter that can help prevent you from
being a victim of identity theft. These so-called phishing attacks are described in Chapter
20 because this type of attack is most commonly launched via an e-mail solution.
Delete Browsing History
In previous Internet Explorer versions it was difficult to delete various data related to
Web browsing, such as temporary Internet files, cookies, Web history, saved form data, or
saved passwords. In IE 7 all of this information can be deleted from a single dialog, either
individually or all at once. Delete Browsing History is available
from the Tools button in the IE command bar.
The list of Internet Explorer 7 security features is vast, although you won’t likely run into
most of them unless you’re truly unlucky. IE 7 integrates with Windows Defender to provide
live scanning of Web downloads to ensure that you’re not infecting your system with
spyware, and it integrates with Vista’s parental controls (see Chapter 9) to ensure that
your children are accessing only those parts of the Web you deem safe. IE 7 also provides
International Domain Name (IDN) support so that hackers can’t construct malicious Web
sites that mix character sets in order to fool unsuspecting users. In addition, various lowlevel
changes prevent cross-domain or cross-window scripting attacks.
