IE 9 To Feature Do Not Track Option

  /     /     /  
Publicated : 22/11/2024   Category : security


IE 9 To Feature Do Not Track Option


Tracking Protection draws kudos for Microsoft, but Protected Mode in existing IE versions under scrutiny



Microsofts browser security and privacy offerings were under the microscope this week with the software giants announcement that the next version of Internet Explorer, IE 9, will come with a feature that lets users prevent websites from tracking their online behavior.
The new Tracking Protection feature, which will be available in the upcoming IE 9 release candidate, comes on the heels of an FTC report calling for a possible do not track option for consumers. Microsoft officials say the privacy enhancements in IE 9 are an evolution of an existing feature and are in synch with the FTCs guidelines for privacy. This puts users in control of what sites can get their [activity] data, says Dean Hachamovitch, corporate vice president and head of IE development.
Meanwhile, Microsofts Protected Mode feature in IE 7 and IE 8 also was under fire this week; Verizon Business researcher Tom Keetch
published
methods he discovered for bypassing the security control. Keetch was able to cheat Protected Mode via remote IE Zone escalation and by escalating privileges in the browser from low to medium integrity.
When asked whether Microsoft would issue a fix for the issue in the upcoming IE 9 browser, Microsofts Jerry Bryant, group manager of response communications, said the method in the Verizon report isnt a vulnerability. Microsoft is aware of a report describing how Protected Mode in Internet Explorer can by bypassed. The issue discussed in the report is not a vulnerability. It is a method for bypassing a security mitigation, Bryant says. In order to use this method, an attacker would first need to be able to exploit an unpatched vulnerability on the target computer.
Bryant says Protected Mode is for defending against elevation of privilege attacks as well as protection from malicious downloads by restricting where files can be saved without the users permission. Protected Mode is not a security boundary -- it does not provide direct protection, only a chance for a user to verify an action before it happens, he says. Microsoft continues to encourage customers to upgrade to the latest version of Internet Explorer as it provides enhanced security mitigations to help protect customers from criminal activity.
Microsofts new Tracking Protection feature in IE 9 is turned off by default, so users have to opt into it. It also includes an open platform for creating so-called tracking protection lists for IE, the equivalent of a Do Not Call list for sites users dont want tracking them. Theres also an OK to call option for online shopping sites where customers want the vendor to keep tabs on their buying patterns for rewards programs or customization, for instance. Tracking Protection can be turned on and off by the user, and it stays active for an entire Web session, according to Microsoft.
This is a great, pro-privacy and strategically savvy move on Microsofts part. I am delighted to see companies competing on privacy, and building better features into their products. This announcement will likely have a significant impact on the current Do Not Track debate, and it will be interesting to see how the ad industry, the other browser vendors, and government regulators respond, wrote security expert Christopher Soghoian in
a blog post today
.
Meanwhile, the
beta version
of IE 9 released by Microsoft in September included the new Download Manager feature, which scans files for malware and issues warnings when it detects malicious code.
In the IE 9 beta, Microsoft integrated the Download Manager with its SmartScreen URL filter, a feature that first debuted in IE 8. SmartScreen is an anti-phishing and anti-malware filter that blocks badware in real-time, based on Microsofts application reputation database. In IE 9, the browsers Download Manager now also blocks downloads from known malicious URLs: It flashes a warning in the browsers new notification bar as well as in Download Manager. The user then decides whether to download it.
Have a comment on this story? Please click Discuss below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
IE 9 To Feature Do Not Track Option