Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Protecting Browsers with Defense In Depth Techniques

26 Mar 2010   #1
z3r010

 
Protecting Browsers with Defense In Depth Techniques

Quote:
Posted on half of Pete LePage on the Internet Explorer team.

Protecting Windows customers is an absolute priority for the Internet Explorer engineering team. That's why we work hard to make sure our browser has some of the best safety and privacy features available today. We've spent a lot of time talking about some of the more visible safety and privacy features like our SmartScreen Filter, that protects users from socially engineered malware and phishing attacks; or the InPrivate features that put you in control of how you share your information.

But there are a number of other features that aren't as visible and help prevent vulnerabilities from being exploited, though some are only available on newer platforms like Windows Vista or Windows 7. For example, Protected Mode helps ensure exploited code cannot access system or other resources. Address Space Layout Randomization (ASLR)helps prevent attackers from getting memory addresses to use in buffer overflow situations. Data Execution Prevention (DEP) helps to foil attacks by preventing code from running in memory that is marked non-executable. These defense in depth protections are designed to make it significantly harder for attackers to exploit vulnerabilities.

One way to think about what defense in depth techniques do is similar to the features offered by fire-proof safes that make them last longer in a fire. Without defense in depth techniques, a fire-proof safe may only protect its contents for an hour or two. A stronger fire-proof safe with several defense in depth features still won't guarantee the valuables forever, but adds significant time and protection to how long the contents will last.

Recently, there has been some news from some security researchers about how they've managed to bypass DEP or ASLR in Internet Explorer (and Firefox as well). But like the fire-proof safe example above, defense in depth techniques aren't designed to prevent every attack forever, but to instead make it significantly harder to exploit a vulnerability. Defense in depth features, including DEP and ASLR continue to be highly effective protection mechanisms.

Internet Explorer 8 on Windows 7 helps protect users with all of these defense in depth features, and there is nothing that you have to do to enable them - they're on by default. That's one of the reasons why we encourage users to make sure they're running the latest and most up-to-date software.


More...


My System SpecsSystem Spec
.
26 Mar 2010   #2
johnwillyums

Windows 7 Home Premium 64 bit
 
 

An interesting read John. Thanks. By the way I much prefer your new avatar.
Always thought the old one was a bit creepy. Mind you I've never seen the movies
My System SpecsSystem Spec
26 Mar 2010   #3
Night Hawk

W7 Ultimate x64/W10 Pro x64 dual boot main build-remote pc W10 Pro x64 Insider Preview/W7 Pro x64
 
 

Sad news for DEP in IE 8! I just ran into one article on DEP being breached at Computerworld. Hacker busts IE8 on Windows 7 in 2 minutes

The part about being invulnerable forever is actually an understatement since this had been in no time. FFF 3.6 saw the same breach as well showing any browser is subject and why you still tend to need additional layers of protection inplace!
My System SpecsSystem Spec
.

26 Mar 2010   #4
CarlTR6

Windows 7 Ultimate 32 bit
 
 

Yes; nothing is 100% secure.
My System SpecsSystem Spec
26 Mar 2010   #5
Night Hawk

W7 Ultimate x64/W10 Pro x64 dual boot main build-remote pc W10 Pro x64 Insider Preview/W7 Pro x64
 
 

I often give Opera or Chrome even an edge being two rather new browsers over IE and FF but still no guarantees there either! They just happen to have been out for less time where the percentages are lower.

The big lesson however is never being overconfident about anything! Sooner or later... it's only a matter of time.
My System SpecsSystem Spec
26 Mar 2010   #6
Product FRED

Windows 7 Enterprise 64-bit
 
 

My System SpecsSystem Spec
26 Mar 2010   #7
CarlTR6

Windows 7 Ultimate 32 bit
 
 

Quote   Quote: Originally Posted by Night Hawk View Post
I often give Opera or Chrome even an edge being two rather new browsers over IE and FF but still no guarantees there either! They just happen to have been out for less time where the percentages are lower.

The big lesson however is never being overconfident about anything! Sooner or later... it's only a matter of time.
I agree with you.
My System SpecsSystem Spec
26 Mar 2010   #8
Night Hawk

W7 Ultimate x64/W10 Pro x64 dual boot main build-remote pc W10 Pro x64 Insider Preview/W7 Pro x64
 
 

For a long time people switched to and recommended FF over IE 6 since that was full of security holes until more recently it became just as much a target for malwares as IE! The other two browsers mentioned once they have grown in popularity will suffer very much the same fate.

A recent report indicated Opera seeing only 6% while IE and FF were taking the bulk of hits won't stay that low on the percentage scale for long. Even with the MS Security Essentials being favored as an added local protection things will eventually get by undetected there too.

MS now has a take a serious look at improvements for IE 9 which will likely be seeing the beta out late this year as far as improving it's filters. It's a competition however between MS, Mozilla, and other browsers against the malware writers to start with! The typical user has to remain sharp or get caught up in the middle.
My System SpecsSystem Spec
Reply

 Protecting Browsers with Defense In Depth Techniques




Thread Tools




Similar help and support threads
Thread Forum
Windows 7, No Security Barriers, Just Defense in Depth
Source - Windows 7, No Security Barriers, Just Defense in Depth Mitigations - Protecting users is a top priority, says Pete LePage - Softpedia
News
What are your techniques for avoid procrastinating ?
Hey I'll admit it, whenever there's something that needs to be done, generally I tend to procrastinate a lot and put it off until the last minute. I would like some opinions, how do you overcome your procrastination ? For example today I would like to get one of my school assignments...
Chillout Room
UX Design Tools & Techniques
More...
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 16:36.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App