IE8 Release Candidate now available

As of yesterday the much awaited first Release Candidate (RC1) of Internet Explorer 8 became available for download [1].

I won’t bore you with all the details of the features new in this version – you can find that information here. But from a security perspective, the headline items include:

  • SmartScreen filter – to restrict access to known bad malicious or phishing URLs (expanding upon the phishing protection included within IE7)
  • InPrivate browsing mode – sometimes labeled “porn mode” [2], minimizing any trace of browsing history on the machine
  • XSS filtering – to help prevent cross-site scripting attacks
  • DEP on by default (for IE8 on Windows Vista SP1)

In this and subsequent blog posts, I will be taking a closer look at IE8, specifically from a security/threat perspective, hopefully trying to reveal some of the actual facts behind the above headline items.

Since version 7.6.0, the Sophos endpoint product has included a web content scanning plug-in, to enhance the handling of malicious web content [3]. The plug-in works happily in IE8, and can be enabled/disabled via the usual ‘manage add-ons’ dialogue. Attempting to access malicious content with the plug-in enabled will show the familiar Sophos warning message.

One of the key features I am keen to investigate is the SmartScreen filter, designed to block access to known bad sites.

Curiously, during my testing thus far, I have been unable to trigger the filter, despite intentionally browsing to well over 50 recent, malicious sites (some of them notorious). Perhaps something amiss with my test setup? (I will continue investigating…)

The InPrivate browsing mode enables users to browse sites without leaving the usual “information trail” in the form of browsing history, cookies, temporary internet files (these are cached, but subsequently deleted) and form data. The address and title bars make it clear to the user when they are browsing in this mode.

When parental mode is enabled, you do not have to worry about InPrivate browsing, it is disabled.

All in all, there is a lot to look forward to in the final version of IE8 (and a lot of features to investigate more fully). It has to be said, with some of the major browser releases recently, users are getting a little spoiled for choice! Usability across the board has improved considerably – lets hope that security features start to feature more prominently in dictating browser choice.