Rob Franco and team - IE 7 Security

Posted By: scobleizer | Sep 15th, 2005 @ 6:24 PM | 89,635 Views | 24 Comments
There's a ton of new things in Internet Explorer 7.0 that'll improve your security. Meet the IE team and learn what they are doing to protect computer users against phishing and malware and other kinds of attacks. For more about IE 7.0, visit the IE team's blog.

The interviewer here is Joshua Allen, IE evangelist, and he is well-known because he was Microsoft's first blogger.
Media Downloads:
Rating:
1
0
#Sep 15th, 2005 @ 9:30 PM
DevilsRejection
DevilsRejection
addicted to rss
Is it safe to confirm that IE7 will be the moset secure browser?

The sheer fact that it can't write a single thing to the hd without user approvable is enough for me to get me to switch back from Firefox.
#Sep 16th, 2005 @ 2:16 AM
nektar
nektar

In the video you show your evil activex control and what it does is issue the "format c:" command. Actually, this command will fail since the C drive is in use by the operating system and cannot be formated and since the format command needs confirmation before it formats a harddisk, although the latter might be bypassed I guess. However, you are the IE Security Team and I hope that you know this. After all, hacker do much worse things and I hope that you know much more than you are telling us on their methods and on all the harmful senarios that are out there. Because a simple format c: is nothing and you should know that. I hope that your internal testing examples are much more sofisticated than what you say publicly.

#Sep 16th, 2005 @ 3:25 AM
johnbrien
johnbrien
HARRIER

"Need to get a camcorder with a light"


[6]ROBERT


#Sep 16th, 2005 @ 3:40 AM
Escamillo
Escamillo
nektar, I believe that the evil ActiveX control didn't execute the "format c:" command, it installed into the user's startup folder a batch file that executed "format c:".  The demo showed how the ActiveX control was blocked from installing the batch file.
#Sep 16th, 2005 @ 3:54 AM
Wells
Wells
nektar wrote:

In the video you show your evil activex control and what it does is issue the "format c:" command. Actually, this command will fail since the C drive is in use by the operating system and cannot be formated and since the format command needs confirmation before it formats a harddisk, although the latter might be bypassed I guess. However, you are the IE Security Team and I hope that you know this. After all, hacker do much worse things and I hope that you know much more than you are telling us on their methods and on all the harmful senarios that are out there. Because a simple format c: is nothing and you should know that. I hope that your internal testing examples are much more sofisticated than what you say publicly.



That was just a trivial example - it didn't matter what was in the file, just the fact that the control tried to write a file but IE7 didn't let it.
#Sep 16th, 2005 @ 4:57 AM
TheAsher
TheAsher
Just A Guy

The pure evil movie, I have no idea, but this thing might know...
I can thing of one of the ghost busters sequels or Newman (from Seinfeld... he is pure evil)

#Sep 16th, 2005 @ 8:19 AM
CRPietschmann
CRPietschmann
Chris Pietschmann
Why is his phone off the hook, and the reciever is unplugged?
#Sep 16th, 2005 @ 9:02 AM
Kollner
Kollner
Nicolai A. Kollner is the C#deSamurai
500MB download.. OMG!!! Embarassed
#Sep 16th, 2005 @ 11:28 AM
mycroft
mycroft
Are there any plans to get rid of the registry altogether in the future? Always seemed like a bad idea, once somethings done the damage in there you're a bit screwed. Peoples registrys become such a mess of leftover keys from uninstalled software, hopefully Jim Allchins plans on keeping the performance up over time includes something on this.

Microsoft Communities