Microsoft adds clickjacking protection to IE8 RC1

Protection against malicious Web attacks and tweaks to a feature that allows for private Web browsing are among updates in IE8 RC1, released Monday.

Protection against malicious Web attacks and tweaks to a feature that lets users browse the Internet privately are among updates Internet Explorer users can test in the first release candidate for IE8, which Microsoft made available Monday.

As first reported by the IDG News Service, Microsoft released the feature-complete version of IE8 to the Web Monday. Microsoft added performance tweaks to existing features and one major security update to block Web attacks known as "clickjacking" that the company said makes IE8 the only Web browser to offer such protection.

Clickjacking lets hackers put a transparent filter on sites so they can view what information a user is accessing and what activities that user is doing, said James Pratt, an IE senior product manager at Microsoft. For example, if someone is on a bank Web site, attackers can use clickjacking to see the user's bank information and acquire passwords, and the user will not know the information is being viewed remotely, he said.

The security feature that thwarts clickjacking in IE8 RC1 allows Web-site content owners to put a tag in a page header that will help detect and prevent clickjacking. If a site that uses the IE8 tag detects clickjacking, it will give Web users an error screen letting them know that the content host has chosen not to allow that content, and gives them the option to open the content in a new window that is protected from the attack.

Microsoft also in RC1 expanded the functionality of a feature it introduced in the IE8 beta 2 release called InPrivate. InPrivate has two settings -- InPrivate Browsing, which lets users browse the Web without creating a record of where they've been or enabling cookies, and InPrivate Blocking, which has been renamed in RC1 to InPrivate Filtering.

InPrivate Filtering lets people set a threshold for how many times third-party content appears on sites they are browsing before the feature allows them to view information on how those third-party content owners are collecting information about browsing habits. That threshold can be set between three times and 30 times.

For example, Pratt said that if the same third-party advertisement appears 10 times on Web sites that a user is browsing in a session and the person's InPrivate Filtering threshold is set to 10, the user can then view how the third-party content owner is collecting information about browsing activities.

The Compatibility View introduced in IE8 beta 2 also got a refresh in RC1. The feature allows users to view Web sites that may not be compatible with current Web standards IE8 supports in another view so the sites render properly.

Microsoft added more support for current Web standards such as CSS (Cascading Style Sheets) and RSS in IE7, but sites that were designed for previous versions of IE that didn't support these standards didn't work properly. One of Microsoft's chief goals for IE8 is to make it as Web standards-compatible as possible, but also to ensure older sites can be viewed the way they were designed.

In IE8 RC1, Microsoft built into the browser a list of common Web sites that it discovered must be viewed in Compatibility View mode to render properly, Pratt said. Now when someone browses these sites in IE8 RC1, they automatically appear in that mode without a user having to click on a "Compatibility View" button, as they had to in IE8 beta 2, he said.

Microsoft also tweaked browser performance features so IE8 RC1 opens faster as an application and also opens new tabs or Web pages faster, the company said.

More information about IE8 RC1 can be found in a fact sheet on Microsoft's Web site.

Join the PC World newsletter!

Error: Please check your email address.

Tags ie8internet explorer 8Microsoftclickjacking

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Elizabeth Montalbano

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?