CFA/Security-Notes: Difference between revisions

Jump to navigation Jump to search

CFA/Security-Notes (view source)

Revision as of 00:24, 21 July 2007

16 bytes added ,  21 July 2007
→‎General capabilities
Line 11: Line 11:
= Research =
= Research =
== General capabilities ==
== General capabilities ==
=== Information Provided ===
* highlight URL domain name in address bar
* Digital Signature Information - provides more information about the publisher of a program as well as whether the program is digitally signed (IE screenshot)
* Address bar protection - Every window, whether it's a pop-up or standard window, will show you an address bar, helping to block malicious sites from emulating trusted sites. (IE)
* Fix My Settings - To help protect you from browsing with unsafe settings, Internet Explorer 7 warns you with an Information Bar when current security settings may put you at risk. Within the Internet Control Panel, you will see certain critical items highlighted in red when they are unsafely configured. The Information Bar will continue to remind you as long as the settings remain unsafe. You can instantly reset Internet security settings to the "Medium-High" default level by clicking the "Fix My Settings" option in the Information Bar.  (IE)


=== Virus Scanning ===
=== Cross-Zone and Cross-Domain Vulnerabilities ===
=== Cross-Zone and Cross-Domain Vulnerabilities ===
* Cross-domain barriers - Internet Explorer 7 helps to prevent the script on webpages from interacting with content from other domains or windows. This enhanced safeguard gives you additional protection against malware by helping to prevent malicious websites from manipulating flaws in other websites or causing you to download undesired content or software. (IE)
* Cross-domain barriers - Internet Explorer 7 helps to prevent the script on webpages from interacting with content from other domains or windows. This enhanced safeguard gives you additional protection against malware by helping to prevent malicious websites from manipulating flaws in other websites or causing you to download undesired content or software. (IE)
Line 18: Line 25:
* Downloads - if web page uses script to try to pop up a download box and force you to deal with it, IE intercepts the script and displays a prompt in the Info bar instead. (IE screenshot)
* Downloads - if web page uses script to try to pop up a download box and force you to deal with it, IE intercepts the script and displays a prompt in the Info bar instead. (IE screenshot)
* Protection from Spyware - notification whenever downloading or installing software
* Protection from Spyware - notification whenever downloading or installing software
* download actions - don't downloda
* extension installation
* virus/malware protection
* Protected mode Internet Explorer 7 in Windows Vista runs in isolation from other applications in the operating system. It restricts exploits and malicious software from writing to any location beyond Temporary Internet Files without explicit user consent. (IE)
=== Anti-phishing ===  
=== Anti-phishing ===  
* Phishing Protection - warn users of suspected forgery (phishing) sites, and offer to take user to search page to find the real Web site they were looking for.
* Phishing Protection - warn users of suspected forgery (phishing) sites, and offer to take user to search page to find the real Web site they were looking for.
** make easier to report phishing sites
** make easier to report phishing sites
** implementing phishing filter that learns automatically - integration w/ phishTank
** implementing phishing filter that learns automatically - integration w/ phishTank
* blacklisting
* whitelisting
* Security Status bar - Color-coded notifications appear next to the address bar to make you aware of website security and privacy settings. The Address Bar changes to green for websites bearing new High Assurance certificates, indicating the site owner has completed extensive identity verification checks. Phishing Filter notifications, certificate names, and the gold padlock icon also appear next to the address bar for better visibility. You can easily display certificate and privacy detail information with a single click on the Security Status bar. (IE)
* International domain name anti-spoofing - In addition to adding support for International Domain Names in URLs, Internet Explorer also notifies you when visually similar characters in the URL are not expressed in the same language—protecting you against sites that could otherwise appear as known, trustworthy sites. (IE)
=== Options ===
=== Options ===
* Options
* Options
Line 86: Line 103:
* page info (click on lock)
* page info (click on lock)
* bookmarklets
* bookmarklets
*blacklisting
*whitelisting
*AJAX
*AJAX
*surf by ip protection
*surf by ip protection
* download actions - don't downloda
 
* security preferences


*script execution  
*script execution  
* pop ups
* pop ups
* secure defaults/ no security pop-ups
* secure defaults/ no security pop-ups
* cookies
*extension installation
* virus/malware protection
* highlight URL domain name in address bar


* Automated Update - always checks to see if you’re running the latest version, and notifies you when a security update is available.
* Automated Update - always checks to see if you’re running the latest version, and notifies you when a security update is available.
* Digital Signature Information - provides more information about the publisher of a program as well as whether the program is digitally signed (IE screenshot)
* Extensions
* Extensions
** NoScript - It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, and guards the "trust boundaries" against cross-site scripting attacks (XSS)
** NoScript - It allows JavaScript, Java and other executable content to run only from trusted domains of your choice, e.g. your home-banking web site, and guards the "trust boundaries" against cross-site scripting attacks (XSS)


* ActiveX opt-in - Disable nearly all pre-installed ActiveX controls to prevent potentially vulnerable controls from being exposed to attack. You can easily enable or disable ActiveX controls as needed through the Information Bar and the Add-on Manager. (IE)
* ActiveX opt-in - Disable nearly all pre-installed ActiveX controls to prevent potentially vulnerable controls from being exposed to attack. You can easily enable or disable ActiveX controls as needed through the Information Bar and the Add-on Manager. (IE)
* Security Status bar - Color-coded notifications appear next to the address bar to make you aware of website security and privacy settings. The Address Bar changes to green for websites bearing new High Assurance certificates, indicating the site owner has completed extensive identity verification checks. Phishing Filter notifications, certificate names, and the gold padlock icon also appear next to the address bar for better visibility. You can easily display certificate and privacy detail information with a single click on the Security Status bar. (IE)
* Address bar protection - Every window, whether it's a pop-up or standard window, will show you an address bar, helping to block malicious sites from emulating trusted sites. (IE)
* International domain name anti-spoofing - In addition to adding support for International Domain Names in URLs, Internet Explorer also notifies you when visually similar characters in the URL are not expressed in the same language—protecting you against sites that could otherwise appear as known, trustworthy sites. (IE)


* URL handling security - Redesigned URL parsing ensures consistent processing and minimizes possible exploits. The new URL handler helps centralize critical data parsing and increases data consistency throughout the application. (IE)
* URL handling security - Redesigned URL parsing ensures consistent processing and minimizes possible exploits. The new URL handler helps centralize critical data parsing and increases data consistency throughout the application. (IE)
* Fix My Settings - To help protect you from browsing with unsafe settings, Internet Explorer 7 warns you with an Information Bar when current security settings may put you at risk. Within the Internet Control Panel, you will see certain critical items highlighted in red when they are unsafely configured. The Information Bar will continue to remind you as long as the settings remain unsafe. You can instantly reset Internet security settings to the "Medium-High" default level by clicking the "Fix My Settings" option in the Information Bar.  (IE)
* Protected mode Internet Explorer 7 in Windows Vista runs in isolation from other applications in the operating system. It restricts exploits and malicious software from writing to any location beyond Temporary Internet Files without explicit user consent. (IE)


== Pain Points ==  
== Pain Points ==  
Galen
455

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/62931"

Navigation menu