As the Internet continues to play an even greater role in our everyday lives, the dangers of malicious online activities increases. Hackers and other nefarious individuals have continued to introduce very sophisticated, complex and deceptive exploits that can at best ensure a bad experience and at worst expose your banking and personal information to online criminals.

Many of the methods todays hackers and criminals use involve deceptive techniques to convince you to click on a tampered link or download a file that appears to be legitimate, but is actually harmful. These methods include embedded malware, hidden frames, and phishing among many others. So how do you protect yourself from these emerging threats while still enjoying a rich and enhancing Internet experience? Let’s take a look at three new features in Internet Explorer 8 that help you do just that.

SmartScreen Filter

A potentially unsafe site is blocked by the SmartScreen Filter -Click To Enlarge

Many attacks continue to rely on deceptive social engineering tactics such as realistic looking emails that appear to be from your bank, or banner ads promising the hottest new items for free. One thing these attacks all have in common is that they attempt to lure you to malicious sites in an attempt to compromise your systems security or get you to provide personal information.

Microsoft developed the SmartScreen Filter to protect Internet users from browsing to malicious sites and becoming unknowingly compromised. If the SmartScreen filter detects a malicious website, Internet Explorer will block the entire site and display a message warning the user. This blocking behavior can also be strategically applied so that only the malicious content is blocked while legitimate content is still displayed.

The SmartScreen filter also provides protection against malicious file downloads. When a user attempts to download a file, the SmartScreen Filter scans the file to determine if it contains malicious content. If the file is found to contain malicious content, the download is blocked and a warning message is displayed.

Cross Site Scripting (XSS) Filter

Cross site scripting (XSS) is a security exploit in which the attacker inserts malicious coding into a link that appears to be from a trustworthy source. Cross site scripting vulnerabilities enable an attacker to control the relationship between a user and a trusted website. In this attack, you will often be encouraged to follow a tampered link from an email or on a website, but that looks completely legitimate. To make matters worse, when you click on one of these tampered links, you will often be directed to a legitimate website that has been compromised to contain malicious content that can capture keystrokes and record your login and password.

It has been reported that cross site scripting vulnerabilities are now the most frequently reported and exploited class of vulnerabilities. So how do you protect yourself from a cross site scripting attack? Internet Explorer 8 includes a cross-site scripting filter that can detect these types of attacks by analyzing links and embedded objects in websites. When the XSS filter detects a cross-site scripting exploit, it modifies the page to prevent execution of the malicious code and displays a warning.

A cross-site scripting exploit is detected and prevented - Click To Enlarge

Address Bar Enhancements

As websites and web applications become more complex, the web addresses (URLs) also become more complex and sometimes difficult for regular users to understand. This is one of the reasons why phishing scams are so succesful, it is easy to convince users that they are on legitimate websites through a number of techniques that take advantage of obscure web addresses. Let’s take a look at a few examples to understand this better.

One way phishers take advantage of complex web addresses is to use deceptive web addresses that are intended to convince users that they are on a legitimate site when they are in actuality, on a malicious site. For example, a web address properly formatted such as http://www.cnn.com______.stealinyourdata.com/content/default.aspx may appear to be on the www.cnn.com website, when it is actually on the www.cnn.com.stealinyourdata.com domain.

To help combat this technique, Internet Explorer 8 provides a feature called domain highlighting, which looks at web addresses and highlights what it believes to be the owning domain name of the site. This feature is intended to allow users to easily interpret web addresses in order to make informed decisions about the security of the sites they browse. Take a look at what Internet Explorer 8 does with our example web address in the image below. Notice how .stealinyourdata.com is bold and everything else is dimmed.

An example of a deceptive web address

Another address bar improvement in Internet Explorer 8 is the way the address bar handles sites using an extended validation certificate. Extended validation certificates help users confirm the identity of the website owner and let’s users know the site conforms to baseline security standards.

When a user browses to a site that uses an extended validation certificate, the address bar is turned green, providing a quick and easy way for users to know they are on a secure site. In addition to the normal domain highlighting we discussed earlier, the https portion of the web address is also highlighted. Take a look at the image below for an example of these features.

Browsing a site using an EV Certificate