455
edits
CFA/Security-Notes: Difference between revisions
→General capabilities
| Line 73: | Line 73: | ||
*** Use TLS 1.0 Protocol | *** Use TLS 1.0 Protocol | ||
*** Certificates | *** Certificates | ||
* Extensions | |||
** NoScript - It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, and guards the "trust boundaries" against cross-site scripting attacks (XSS) | |||
* ActiveX opt-in - Disable nearly all pre-installed ActiveX controls to prevent potentially vulnerable controls from being exposed to attack. You can easily enable or disable ActiveX controls as needed through the Information Bar and the Add-on Manager. (IE) | |||
* Security Status bar - Color-coded notifications appear next to the address bar to make you aware of website security and privacy settings. The Address Bar changes to green for websites bearing new High Assurance certificates, indicating the site owner has completed extensive identity verification checks. Phishing Filter notifications, certificate names, and the gold padlock icon also appear next to the address bar for better visibility. You can easily display certificate and privacy detail information with a single click on the Security Status bar. (IE) | |||
* Cross-domain barriers - Internet Explorer 7 helps to prevent the script on webpages from interacting with content from other domains or windows. This enhanced safeguard gives you additional protection against malware by helping to prevent malicious websites from manipulating flaws in other websites or causing you to download undesired content or software. (IE) | |||
* Address bar protection - Every window, whether it's a pop-up or standard window, will show you an address bar, helping to block malicious sites from emulating trusted sites. (IE) | |||
* International domain name anti-spoofing - In addition to adding support for International Domain Names in URLs, Internet Explorer also notifies you when visually similar characters in the URL are not expressed in the same language—protecting you against sites that could otherwise appear as known, trustworthy sites. (IE) | |||
* URL handling security - Redesigned URL parsing ensures consistent processing and minimizes possible exploits. The new URL handler helps centralize critical data parsing and increases data consistency throughout the application. (IE) | |||
* Fix My Settings - To help protect you from browsing with unsafe settings, Internet Explorer 7 warns you with an Information Bar when current security settings may put you at risk. Within the Internet Control Panel, you will see certain critical items highlighted in red when they are unsafely configured. The Information Bar will continue to remind you as long as the settings remain unsafe. You can instantly reset Internet security settings to the "Medium-High" default level by clicking the "Fix My Settings" option in the Information Bar. (IE) | |||
* Protected mode Internet Explorer 7 in Windows Vista runs in isolation from other applications in the operating system. It restricts exploits and malicious software from writing to any location beyond Temporary Internet Files without explicit user consent. (IE) | |||
=== Malware detection === | === Malware detection === | ||
=== Anti-phishing === | === Anti-phishing === | ||