Although Microsoft's Internet Explorer (IE) Web browser has lost market share to worthy competitors over the last few years, it is still the market leader and remains the browser to beat. IE has many significant security features and enterprise options that cannot be easily discounted. Unfortunately for its many users, IE's dominance and complexity have made it the browser to attack. IE is also the only browser natively vulnerable to ActiveX control exploits.
From a security standpoint, it doesn't pay to be popular. IE has had at least 70 announced vulnerabilities over the last two years, a frequency rivaled only by the second most popular browser, Mozilla Firefox. Firefox 3.0 has seen at least 39 vulnerabilities in six months. By contrast, Opera 9.x has seen 45 in two years, while Apple's Safari and Google's Chrome have 26 and 10 announced vulnerabilities, respectively, in their short lives.
[ Seealso " How secure is Google Chrome?" and " How secure is Firefox?" as well as " How secure is Opera?" | Tomorrow: "How secure is Safari?" | For more on browser security and protection against Web-borne threats, see Security Adviser and " Test Center: Browser security tools versus the evil Web." ]
For this security review, I tested IE 8 Beta 2. As IE installs, it runs an anti-malware detection tool (the only browser to do so) and downloads the latest updates. On Vista, the installer asks for User Account Control privilege elevation, and the IE application (Iexplorer.exe) runs one parent process with medium integrity, as well as multiple rendering processes with low integrity in Protected Mode. This is a change from IE 7, where a single process runs with low integrity in Protected Mode, along with additional broker processes (ieuser.exe and ieinstal.exe).
On Vista, all IE 8 processes run virtualized, with DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) enabled. Rendering processes are started in Protected Mode by default for all Web sites except those in the Trusted Sites security zone. Protected Mode brings many additional protections to the browser, including running all default browser components (toolbar, history, favorites, temporary download areas, and browser helper objects) with restricted privileges and lower integrity. They cannot access the command prompt or write to system areas. Google's Chrome has a more restrictive base security model for the main browser instance but doesn't offer nearly the same protections for further components and add-ons.