In the starting of march Microsoft releases it’s new version of Internet Explorer. Internet Explorer 8 Beta comes with several new security improvements.Some of the major improvements includes how Internet Explorer handles the ActiveX Add-ons. This is why IE8 Beta 1 features such improvements as Per-User (Non-Admin) ActiveX, ActiveX Opt-In and Per-Site ActiveX. ActiveX is one of the most common avenues for web-based attacks.

Per user ActiveX (Non-Admin): Running IE8 in Windows Vista, a standard user may install ActiveX controls in their own user profile without requiring administrative privileges. This improvement makes it easier for an organization to realize the full benefit of User Account Control by enabling standard users to install ActiveX controls used in their day-to-day browsing.

If a user happens to install a malicious ActiveX control, the overall system will be unaffected, as the control was installed only under the user’s account. Since installations can be restricted to a user profile, the risk and cost of compromise (and, in turn, the total cost of administering users on a machine) will be lowered significantly.

Per-User ActiveX was designed with compatibility in mind—most existing ActiveX controls will not have to be rewritten to benefit from this feature; the only change will be repackaging. As in Internet Explorer 7, when a webpages attempts to install a control, an Information Bar is displayed to the user.

By clicking on the information bar, users can choose to either install the control machine-wide, or install it only for their own user account. The options in this menu will vary depending on the packaging of the control and the rights of the user.

The available options depend on Group Policy settings for per-user ActiveX installations and whether or not the control has been packaged to allow per-user installation.

ActiveX Opt-In: By default, ActiveX Opt-In disables most controls on a user’s machine. When the user encounters a Web page with a disabled ActiveX control, they will see an Information bar with the following text: "This website wants to run the following add-on "ABC Control" from "XYZ Publisher". If you trust the website and the add-on and want to allow it to run, click here …" The user can then choose to enable the ActiveX control from this Information bar.

ActiveX Opt-In allows some controls to run by default:

• A small list of common controls intended for use in the browser.
• Controls which were used in IE on a user’s machine before upgrading to IE8.
• Controls which are installed through IE.

Per-Site ActiveX : When a user navigates to a Web site containing an ActiveX control, IE8 performs a number of checks, including a determination of where a control is permitted to run. This check is referred to as Per-Site ActiveX, a defense mechanism to help prevent malicious repurposing of controls. If a control is installed, but is not permitted to run on a specific website, an Information Bar appears asking the user whether or not the control should be permitted to run on the current website

Users can use the Information bar to allow the control for a specific Web site or allow the control for all Web sites.

IT Professionals administering a system of computers running Internet Explorer 8 may choose to preset allowed controls and their associated domains. Such settings can be configured using Group Policy.

For more information regarding Per-Site ActiveX, please refer to the Per-Site ActiveX article in MSDN’s IE8 Beta 1 Whitepapers.

The Above Post is taken from  IE8 Blog

Share

You may also like to read

• Amitabh Bachchan Started His Own Blog (217)
• Kabhi Kabhi Aditi Lyrics…….For your dear ones… (32)
• Contact Us (20)
• 8 Things that Google Ignores (18)
• Gmail and AdSense Using Invalid Security Certificate (16)