HelpWithWindows | Windows Forum | RoseCitySoftware





HelpWithWindows - Home

• October 28, 2006 •

Review: Internet Explorer 7 (Page 2)

RSS support

Real Simple Syndication (RSS) is an XML data format that is used to publish Web content to which people can subscribe. Many Web sites (such as The New York Times, CNN and News.com) now have RSS feeds, that lets people subscribe to their content. Most people these days use what is called a news aggregator to subscribe to RSS feeds. These aggregators come in three basic types: standalone news aggregator clients, email plug-ins, and Web browser plug-ins.

Microsoft decided to extend Internet Explorer's functionality, and make it a RSS compatible reader. IE 7 features a "feed discovery" button on the toolbar that lights up red (although this is easy to miss) when you navigate to a Web site that includes an RSS-based subscription (Figure). There is an option under Internet Options > Content > Feeds which also lets you assign a sound effect to the discovery of feeds. You can click the button to see the RSS feed rendered right in Internet Explorer (Figure). At the top of the feed, you'll see a small explanation of the RSS Feed, and a link Subscribe to this feed, which adds the feed to Internet Explorer's Favorites Center.

Using the Favorites Center, you can select a number of advanced options for a feed by selecting Properties when you right-click a subscribed feed. You can set for example how often the subscribed feed is updated (Figure), and set Archive options (the number of items to keep). When new content is available, the feed in the Favorites Center will turn bold.

Delete Browsing History

Another nice addition is the Delete Browsing History menu item on the Tools menu of Internet Explorer. This lets you delete your entire Web browsing history (Temporary Internet Files, Cookies, History, Form data and Passwords) either individually, or just with a single click (Figure).

Security

Microsoft is finally moving forward again with Internet Explorer; it was needed! From a security standpoint, Internet Explorer has been a leading attack vector for malware for the last few years. It is clear from looking at IE7 that Microsoft is (finally) making a serious effort to remove the risk factor from Internet Explorer, and make it safer for everyday use.

Phishing Filter

A new feature in IE7 is a Phishing Filter. Phishing (I.T. slang for fishing) is usually defined as the act of sending an e-mail to a user falsely claiming to be a legitimate business (for example a bank or Internet Service Provider) in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as credit card-, social security-, and bank account-numbers. These Web sites are bogus and set up only to steal the user's information.

Microsoft has enlisted the help of Cyota, MarkMonitor, and Internet Identity, to help IE7 identify websites designed to trick people into disclosing personal data to identity thieves. Microsoft previously worked only with WholeSecurity, which was recently acquired by Symantec.

If you visit a Web site that meets certain criteria, the Phishing Filter will trigger a yellow warning (and the address bar turns yellow too) to warn you that the site looks suspicious and might be a Phishing site updated. When you click on the warning, you get a short explanation, and are offered the opportunity to report the Web site as being suspicious or not. If you visit a Web site that is known to be malicious (to be labeled as such, Web sites are verified by a human to be a Phishing site), you get a red warning. As with the suspected phishing warning, when you click on the warning, you get a short explanation, and are offered the opportunity to report the Web site as not being a phishing website.

Curiously in IE7, the phishing filter is off by default, although you will be asked to switch it on the first time you run IE7. Apparently the phishing filter is off because of privacy concerns. The filter has to communicate with Microsoft's servers to do its work, so Microsoft didn't want to be accused of having set this on by default to collect user data. Tariq Sharif, a Microsoft program manager for IE7's security team has a thorough write-up on IE7's phishing filter on the IEBlog site.

I think adding the Phishing Filter is a very good move on Microsoft's part, given the fact that identity theft has overtaken viruses & worms as the #1 threat to Internet users, and a lot of novice computer users fall victim to these Phishing sites on a daily basis.

Microsoft also has a dedicated FAQ Web page om IE7's phishing filter.

International Domain Name Spoofing Protection

A new vector of attack that is emerging is the spoofing of domain names by using different character sets. IE7 includes technology to detect these spoofing techniques so that malicious Web sites that try to use this technique to fool users will fail.

Fix My Settings

A new security setting in IE7 is called the Fix My Settings feature. You will see this feature if you set your security settings to an insecure state (from the Internet or Restricted zones). When you choose an insecure setting two things will happen (Figure):

  • An information bar will appear at the top of the browser with 'Fix Settings for Me' as the first menu option.
  • In place of your homepage, you will see a warning page on startup of IE.

From the information bar you can choose to have IE fix the settings to a secure state, or open IE's Security Settings. IE will clearly mark which setting is causing the problem (Figure).

Microsoft's view here is that when you're browsing in the Internet or a Restricted zone, any settings that would allow arbitrary code to run on your computer without your consent could potentially put your computer at risk, and will be flagged.

I think this is a good feature to have, especially for the novice users. Power users are probably going to be annoyed by the constant warnings if they choose "unsafe" settings, but there should be a Group Policy to turn the warning off.

Other Security Enhancements

There are a number of other security enhancements in IE7 that will not be apparent, but they will none the less make IE7 more secure. So has Microsoft improved the security for ActiveX. ActiveX controls are now Opt-In by default, but even when you attempt to install an ActiveX control, if it's a malicious ActiveX, installation will fail. Another improvement is that IE7 will require all windows (even pop-up windows) to show an Address Bar, so you can more easily identify which site opened the pop-up window. Similar to the safe modes in Firefox, Opera (and other browsers), IE 7 now includes a No Add-ons mode that allows you to troubleshoot problems in the browser without loading plug-ins or other add-ons (Figure).

ClearType

Microsoft has deemed it necessary to enable ClearType (font) rendering by default in IE7. Even if you have chosen not to enable ClearType in Windows, IE7 will still enable it. ClearType renders text more clearly on LCD or modern CRT displays, but can make text look blurry on older CRT's. If needed, you can disable ClearType from the Internet Options (look under the Multimedia header on the Advanced tab).

Availability

IE7 is available for Windows XP with Service Pack 2 or higher, Windows XP Professional x64 Edition, and Windows Server 2003 with Service Pack 1 or higher.

Here are the download pages on Microsoft's site for the available versions of Internet Explorer 7 (English Language only for now):

Note that these pages also contain links to Release Notes and system requirements.

Other Language Versions

Microsoft will be releasing Internet Explorer 7 in all languages available for each version of Windows - twenty-four fully localized languages in total. In two to three weeks, Microsoft will ship the Arabic, Finnish, French, German, Japanese, and Spanish language versions. The remaining languages will be released in phases between November and January.

In addition to these full language versions, Microsoft will release the Multi-language User Interface (MUI) version in January and the fifty-five Windows XP Professional Language Interface Pack (LIP) versions of Internet Explorer 7 after that.

Microsoft to Provide Customer Support

Internet Explorer 7 for Windows XP is now available in English and runs on Windows XP Service Pack 2, Windows XP 64-bit Edition and Windows Server® 2003 Service Pack 1. Internet Explorer 7 will be made available in other Windows-supported languages over the coming weeks.

Microsoft will continue to provide consumers in North America running Internet Explorer 7 with unlimited phone support for installation and download issues at no charge until November 1, 2007. Free phone support is available in English Monday through Friday, 5 a.m. to 9 p.m. PDT, and on Saturday and Sunday from 6 a.m. to 3 p.m. PDT by calling (866) 234-6020.

Automatic Update Distribution of IE7 by November 1

Microsoft will distribute Internet Explorer 7 via Automatic Updates as a high-priority update. Users who are already running Internet Explorer 7 pre-release versions will get the final version, a few weeks later Microsoft will move onto Internet Explorer 6 users. Microsoft will roll out to all Internet Explorer 6 users 'progressively' over a few months, so don't be surprised if you don't see the update right away (if you want you can download it now using the links above).

Unlike other high priority updates, Internet Explorer 7 will not be installed automatically. Instead, Automatic Updates will notify you when Internet Explorer 7 is ready to install by presenting a welcome screen. You can choose whether or not to install it; IE7 will not install without your consent. (screenshot) If you wish to prevent this download you can grab a free non-expiring blocker tool from the Microsoft Web site.

Conclusions

Microsoft finally got a decent Internet Explorer version out; it was needed! From a security standpoint, the addition of the Phishing Filter to the browser should be a huge step in making the Web a safer place for many people. The emergence of tabbed browsing on IE will also be welcomed by many, while the improvements made to IE's printing engine will alleviate another problem faced by many IE users today. Other security improvements make this browser a must-have upgrade!

If you want to make your browsing even more safer, have a look at my article How to surf the Internet more safely with Internet Explorer 7


Give your comments on this article.            E-mail This Page

Privious Page
Privious Page