SmartScreen Filter & XSS Security features in IE 8.

April 8th, 2009 . Filed under: IE. Tags: Security, smartscreen, xss

Internet Explorer 8 is more secure ! Among its new or enhanced security features are SmartScreen Filter & XSS.

1. The SmartScreen Filter feature.

This feature was introduced in IE7. the idea was to add malware blocking capabilities to its anti-phishing capabilities.

The feature has now been improved upon and enhanced in Internet Explorer 8. The SmastScreen Filter now dynamically determines, whether a website is dangerous or not, by pinging remote servers each time a user tries to reach a web page.

The feature thus warns users if they visit a known or a suspected website and then prevent any downloads from that site or prevent the site from injecting malicious code.

“SmartScreen’s malware protection focuses on identifying and blocking sites on the web that are distributing malicious software. As a reputation-based feature, SmartScreen can block new threats from existing malicious sites, even if those threats are not yet blocked by traditional anti-virus or anti-malware signatures. In this way, the SmartScreen filter complements traditional anti-virus products by providing additional dimensions for both identification and protection. For comprehensive protection from malware, we highly recommend that users also install traditional anti-virus products and keep them up to date. “

2. XSS or Cross site scripting.

“XSS or Cross-site scripting is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users.”

By default, this feature is enabled in IE 8. When the filter discovers a likely XSS in a cross-site request, it first identifies & then neuters the attack, if it is replayed in the server’s response.