Throughout the beta testing phase of Internet Explorer, and the days and weeks leading up to its official launch, much has been made of the blazing performance of IE9’s hardware accelerated graphics, and the overall immersive experience of the new browser. Another facet of IE9, though–which has received less attention–is the improved security of the browser. Here are four features of IE9 that make it safer and more secure:
1. Tracking Protection. If you are concerned with the privacy of your online browsing activities, Microsoft’s hybrid approach to the “do not track” dilemma seems to be the best option currently on the table. Microsoft combines Tracking Protection Lists in IE9–which essentially blacklist specific sites to block them from gathering tracking data–with the more proactive approach of alerting sites to your privacy wishes using information in the HTTP header of your Web traffic. Between the two approaches, unwanted tracking of your browsing session should be minimized.
3. Browser Segregation. When you use the pinned sites feature of IE9 and Windows 7 to access a website, the site opens in its own browser session, independent of the desktop browser. The browser session segregation means that session cookies are not accessible by other tabs or windows in the main desktop browser, and are safe from any compromise or abuse from other sites.
4. Stripped Down. Another function of running a site as a pinned site in IE9 and Windows 7 is that the browser session opens without any browser helper objects (BHO) or add-on toolbars that might be installed in the desktop browser. With fewer extraneous apps running within and alongside the browser session, the potential attack surface is minimized and there are fewer opportunities for malicious exploits to attack.
There are other features and functions of Internet Explorer 9 that provide a safer and more secure Web surfing experience. IE9 also includes protection such as DEP and ASLR which have been proven to be vulnerable, but still provide additional layers of protection that can prevent the vast majority of Web-based attacks. These four simply represent some of the more important changes in my opinion.