Microsoft adds clickjacking protection to IE8 RC1

Protection against malicious Web attacks and tweaks to a feature that allows for private Web browsing are among updates in IE8 RC1, released Monday.

Protection against malicious Web attacks and tweaks to a feature that lets users browse the Internet privately are among updates Internet Explorer users can test in the first release candidate for IE8, which Microsoft made available Monday.

As first reported by the IDG News Service, Microsoft released the feature-complete version of IE8 to the Web Monday. Microsoft added performance tweaks to existing features and one major security update to block Web attacks known as "clickjacking" that the company said makes IE8 the only Web browser to offer such protection.

Clickjacking lets hackers put a transparent filter on sites so they can view what information a user is accessing and what activities that user is doing, said James Pratt, an IE senior product manager at Microsoft. For example, if someone is on a bank Web site, attackers can use clickjacking to see the user's bank information and acquire passwords, and the user will not know the information is being viewed remotely, he said.

The security feature that thwarts clickjacking in IE8 RC1 allows Web-site content owners to put a tag in a page header that will help detect and prevent clickjacking. If a site that uses the IE8 tag detects clickjacking, it will give Web users an error screen letting them know that the content host has chosen not to allow that content, and gives them the option to open the content in a new window that is protected from the attack.

Microsoft also in RC1 expanded the functionality of a feature it introduced in the IE8 beta 2 release called InPrivate. InPrivate has two settings -- InPrivate Browsing, which lets users browse the Web without creating a record of where they've been or enabling cookies, and InPrivate Blocking, which has been renamed in RC1 to InPrivate Filtering.

InPrivate Filtering lets people set a threshold for how many times third-party content appears on sites they are browsing before the feature allows them to view information on how those third-party content owners are collecting information about browsing habits. That threshold can be set between three times and 30 times.

For example, Pratt said that if the same third-party advertisement appears 10 times on Web sites that a user is browsing in a session and the person's InPrivate Filtering threshold is set to 10, the user can then view how the third-party content owner is collecting information about browsing activities.

The Compatibility View introduced in IE8 beta 2 also got a refresh in RC1. The feature allows users to view Web sites that may not be compatible with current Web standards IE8 supports in another view so the sites render properly.

Microsoft added more support for current Web standards such as CSS (Cascading Style Sheets) and RSS in IE7, but sites that were designed for previous versions of IE that didn't support these standards didn't work properly. One of Microsoft's chief goals for IE8 is to make it as Web standards-compatible as possible, but also to ensure older sites can be viewed the way they were designed.

In IE8 RC1, Microsoft built into the browser a list of common Web sites that it discovered must be viewed in Compatibility View mode to render properly, Pratt said. Now when someone browses these sites in IE8 RC1, they automatically appear in that mode without a user having to click on a "Compatibility View" button, as they had to in IE8 beta 2, he said.

Microsoft also tweaked browser performance features so IE8 RC1 opens faster as an application and also opens new tabs or Web pages faster, the company said.

More information about IE8 RC1 can be found in a fact sheet on Microsoft's Web site.

Tags ie8internet explorer 8Microsoftclickjacking

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Elizabeth Montalbano

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?