Of the major features to be added to Internet Explorer 7, possibly the most
noteworthy is the addition of tabbed browsing. On the surface, this seems
like an obvious addition, since this was the feature that more than anything
else has led Firefox to its current position as a worthy competitor for
IE. It also fits with Microsoft's long-held strategy of incorporating the
best features of the competition into their products, making it easy for users
to choose Microsoft. We'll go further into how the company's version of
tabbed browsing will work later in the article.
Built-in RSS support is another feature first introduced
by Internet Explorer's competitors now slated to become part of the Microsoft
browser. The company's timing is just about perfect, as RSS is only
going to get more popular in the next couple of years.
The last in the trifecta of 'Firefox updates' that IE 7 is slated to receive
is its very own search bar, finally integrated into the Internet Explorer
toolbar by default instead of requiring an add-on or extra command. We'd
assume that this will (unfortunately) use MSN search by default, but this should
be easy to change.
The security status bar: no phishing
The Internet scam method known as phishing has become increasingly common
over the last couple of years, almost reaching epidemic status in the United
States. The most insidious form of phishing attack involves the creation
of an authentic-looking version of a legitimate web page, like that of a bank or
other secure institution. Users will be lured to this page through an
email link or a false link placed elsewhere on the web. Any information
entered into the false web page will be captured by the perpetrator for their
Identifying and preventing these types of scams can be very difficult if the
phishing materials (the false site and email/link) are well created.
Phishing does not attempt to crack any of Internet Explorer's security
procedures, so the browser is quite happy to let users enter their personal data
into a phony site. The trouble is, IE has no built in method for
distinguishing an 'authentic' website from a phony one without outside
reference. The new Security status bar built into both versions of
Internet Explorer 7 (to the immediate right of the address bar) aims help users
avoid this problem.
Essentially, the Security Status Bar brings the certificate information
dialog that appears when you enter a secure web page (as represented by the
little padlock in the lower right hand corner of the screen in current versions
of Internet Explorer) front and centre, making it harder to miss and easier to
check. It also will indicate if the site's security certificate is in any
way suspect (if the date is wrong, for example, or the certificate does not come
from a commonly trusted authority) by using a red background to the lock which
indicates a secure connection. Certificate information can now be viewed
with a single click and is a fair bit more friendly to novice users who may not
understand the nature of security certificates and their implications.
The second and more powerful ability of the Security Status Bar is an active
website filter called the Microsoft Phishing Filter (Philter?). This
feature institutes an active scan of each website the user visits, checking it
against three separate lists. The first is a 'whitelist' of approved sites
stored on the user's system which (we assume) will be user editable. The
second check analyzes the website for attributes common to phishing sites,
looking for danger signs. The third check compares the website to a
Microsoft maintained list of known phishing sites, in much the same way that an
anti-virus or anti-spyware application works. Presumably, Internet
Explorer 7 will also include a mechanism for reporting such sites.
The Security Status bar will turn
yellow if the Phishing filter detects features consistent with a phishing site,
and will pop up a message informing the user of the risk they
may be taking by entering personal information on the site. If
the site matches one on Microsoft's 'blacklist' of known phishing websites, the
Security Status Bar will turn red and the browser will automatically bring up an
internal page informing the user of the
nature of the site and advising them to close the connection.
Overall, the Security Status Bar seems like an excellent addition to Internet
Explorer's features. By adding phishing protection to the list of nasties
that every computer should be proofed against, Microsoft may have accomplished
the difficult task of protecting its users from themselves. We can't help
thinking that this feature could be and should have been added with the Service
Pack 2 updates to Internet Explorer for Windows XP though.