Browser enhancements in XP SP2

   With an improved security infrastructure, Internet Explorer blocks

unruly windows and helps to defend your PC by drawing tighter security around

it. These security enhancements include things such as zone elevation blocks

and changes to object caching-serious sounding names for serious security

protections. Let us explore the features one by one.

   Pop up windows.

   The biggest intruder in recent times when browsing was the famous

pop up window. Whenever a website was opened, the activity on the page would be

delayed because the pop up window would obstruct the opening of the page. And

this caused a great discomfort to the user because the pop up window would open

every time a page was loaded and there was no control over this pop up window.

Many third parties provided pop up blocking tool bars but that was a pain to

download the same and it was difficult to limit the pop up windows which had to

be allowed. And these tool bars could not differentiate between a window that

popped up by itself and a pop window which opened with a user's click.

   Earlier when a user was working on an application and he would

accidentally dismiss any dialog box that obtruded on the way and he wouldn't

realize that he had clicked on a dialog box and wouldn't be aware what the

dialog box was all about. Remember that in an earlier article on Longhorn, I

had written how Longhorn would change the way users worked with dialog boxes

and the side bar would contain the history of all previous dialog boxes and

alerts that appeared on the desktop. Well the same thing has been done to

Internet Explorer. If the pop up was blocked without any indicator to the user,

the user wouldn't have any indicator that a pop up window appeared. Hence

Internet Explorer had to do something to give some indicator to the user. This

is done with the Information bar. This is a new feature provided with Service

Pack 2 and appears below the toolbar at the top and gives different messages

depending on the security setting. We shall see more of the Information bar in

the next few paragraphs. The information bar also provides with settings to

tweak with.

   What happens when a pop up window is blocked.

   When a site opens a pop-up window that is blocked by Internet

Explorer, a notification appears in the Information Bar and status bar and a

sound is played. Clicking on the notification in the Information Bar or status

bar, displays a menu with the following options:

• Temporarily Allow Pop-ups.
  
  Reloads the page, allowing pop-up windows. This can be used in scenarios where
  
  the user wants to see what kind of pop up window appears and whether it is
  
  informative or not. This setting lasts only for the life time of that instance
  
  of the browser window. When the browser window is closed, the settings are
  
  reset to the default.
• Always Allow Pop-ups from This Site.
  
  This allows the user to add the current site to the “Allow list”. The sites
  
  that appear in the “Allow List” will always allow the pop up window and the
  
  Information bar will not appear for these web sites.
• Settings.
  
  Shows more Pop-up Blocker settings menu items and gives access to the Pop-up
  
  Blocker Settings window.

   There are some scenarios in which the pop up window will appear

even if the pop up blocker is enabled.

   Internet Explorer Window Restrictions

   Earlier Internet Explorer provided the capability for scripts to

programmatically open additional windows of various types, and to resize and

reposition existing windows.

   When visitors visited certain web sites, they had peculiar

problems when handling pop up windows. These methods of opening the pop up

window were called by scripts and used to spoof a user interface or desktop or

to hide malicious information or activity by one of the three following

methods:

   When these elements are hidden from view, the user might think

they are on a more trusted page or interacting with a system process when they

are actually interfacing with a malicious host. Malicious use of window

relocation can present false information to the user, obscure important

information, or otherwise “spoof” important elements of the user interface in

an attempt to motivate the user to take unsafe actions or to divulge sensitive

information.

   The Window Restrictions security feature, formerly called UI

Spoofing Mitigation, restricts two types of script-initiated windows that have

been used by malicious persons to deceive users: popup windows (which do not

have components such as the address bar, title bar, status bar, and toolbars)

and windows that include the title bar and status bar. As a consequence

script-initiated windows with the title bar and status bar are constrained in

scripted movement to ensure that these important and informative bars remain

visible after the operation completes.

   The visible security features of Internet Explorer windows provide

information to the user to help them ascertain the source of the Web page and

the security of the communication that uses that page.

   Internet Explorer Add-on Management

   Add-ins are small programs that are embedded in the browser and

help the user to get certain functionality when browsing the Internet or using

particular applications. Example of add-ins are:

   Add-ons are installed from a variety of locations. The different

process of installing the add-ins are :

   Examples of popular add-ins that are used by the majority of

browser users are:

   The problem with add-ins are that they are also equally deceptive

in nature and can perform a variety of tasks which are not known to the user.

For example, a user might unintentionally install an add-on that secretly

records all Web page activity and reports it to a central server. These kind of

deceptive add-ons could only be identified by specialized software and deep

technical knowledge was required to identify and remove that add-on.

   Internet Explorer Add-on Management provides an easier way to

detect and disable particular add-on's. It also allows the user to view the

add-ons that have been installed on his computer and give more control over

particular controls that might be harmful to his computer. Internet Explorer

Add-on Management allows users to view and control the list of add-ons that can

be loaded by Internet Explorer with more detailed control than before. It also

shows the presence of some add-ons that were previously not shown and could be

very difficult to detect. These add-ons might provide undesired functionality

or services and, in some cases, might present a security risk.

   Managing Add-ons

   Users can enable and disable each add-on individually and view

information about how often the add-ons have been used by Internet Explorer. To

do this, use the following procedure to open Manage Add-ons.

   You can also open Manage Add-ons through Control Panel by

following these steps:

   Manage Add-ons has several options that allow you to change your

add-on configuration. You can use Show to control the way in which the add-ons

list is displayed. It has two options:

   Add-ons currently loaded in Internet Explorer. This option

lists the add-ons that have been instantiated (or loaded into memory) within

the current Internet Explorer process and those which have been blocked from

instantiating. This includes ActiveX controls that were used by Web pages that

were previously viewed within the current process.

   Add-ons that have been used by Internet Explorer. This option

lists all add-ons that have been referenced by Internet Explorer and are still

installed. The list of add-ons shows all installed add-ons of the types

mentioned earlier in this document. To enable or disable an installed add-on,

click the add-on in the list, then click Enable or Disable.

   If you click an ActiveX control in the list, then click Update

ActiveX, Windows searches for an update at the location where the original

control was found. If a newer version is found at that location, Internet

Explorer attempts to install the update.

   The list of add-ons also contains signed add-ons that were blocked

from installation because their publisher was untrusted. After selecting one of

these controls, the user can unblock the control by clicking Allow. Caution

should be exercised when doing this, because clicking Allow removes the

publisher from the Untrusted list. There are indicators to view add-ons that

were blocked by the user or add-ons that comes from untrusted publishers. We

will discuss about untrusted publishers in a future article.

   Indicators of blocked add-ons.

   Blocked Add-on status bar icon: A Blocked Add-on icon

appears in the status bar when a Web page attempts to instantiate an ActiveX

control that is disabled or blocked because its publisher is untrusted. You can

double click the icon to open Manage Add-ons. The status bar icon is

accompanied by a balloon tip the first five times it appears.

   Add-on notification balloon tip: When a Web page attempts

to instantiate a disabled add-on and there is no current Blocked Add-on status

bar icon, a message appears to tell the user that the current Web page is

requesting an add-on that is disabled. The user can click the message for more

details on blocking add-ons.

  We have covered a lot today and saw how the browser has been

revamped in SP2. But that is not all that has been enhanced in the browser.

There is more to be seen and we will see in the next article.

  To be continued...