Throughout the beta testing phase of Internet Explorer, and the days and weeks leading up to its official launch, much has been made of the blazing performance of IE9's hardware accelerated graphics, and the overall immersive experience of the new browser. Another facet of IE9, though--which has received less attention--is the improved security of the browser. Here are four features of IE9 that make it safer and more secure:
1. Tracking Protection. If you are concerned with the privacy of your online browsing activities, Microsoft's hybrid approach to the "do not track" dilemma seems to be the best option currently on the table. Microsoft combines Tracking Protection Lists in IE9--which essentially blacklist specific sites to block them from gathering tracking data--with the more proactive approach of alerting sites to your privacy wishes using information in the HTTP header of your Web traffic. Between the two approaches, unwanted tracking of your browsing session should be minimized.
2. SmartScreen Application Reputation. You have probably seen at one time or another the Microsoft warning that "this type of file may harm your computer" when downloading files from your browser. The problem is that the warning is too generic and applies to virtually all downloads. With IE9, Microsoft strives to reduce the number of frivolous warnings, and provide more information for downloads that are truly potential threats. The SmartScreen Application Reputation protection assesses the reputation of a given file or download based on whether it has been signed by its author, the established reputation of the author, and the number of times it has been previously downloaded by others to determine the relative trust the file should be given.
3. Browser Segregation. When you use the pinned sites feature of IE9 and Windows 7 to access a website, the site opens in its own browser session, independent of the desktop browser. The browser session segregation means that session cookies are not accessible by other tabs or windows in the main desktop browser, and are safe from any compromise or abuse from other sites.
4. Stripped Down. Another function of running a site as a pinned site in IE9 and Windows 7 is that the browser session opens without any browser helper objects (BHO) or add-on toolbars that might be installed in the desktop browser. With fewer extraneous apps running within and alongside the browser session, the potential attack surface is minimized and there are fewer opportunities for malicious exploits to attack.
There are other features and functions of Internet Explorer 9 that provide a safer and more secure Web surfing experience. IE9 also includes protection such as DEP and ASLR which have been proven to be vulnerable, but still provide additional layers of protection that can prevent the vast majority of Web-based attacks. These four simply represent some of the more important changes in my opinion.