|
|
|
|
||||
|
Security Features The Internet provides a convenient and effective way to communicate and share information with others worldwide. However, many people are increasingly relying on the Web to use new applications such as online banking and shopping. Along with this increased reliance comes a greater need for security on the Internet. With its strong support of standard Internet security protocols, Internet Explorer lets users communicate privately, protect their identity, shield themselves and others from inappropriate content, prevent others from tracking their activities, and have greater control over what software to download. It even enables users to verify the identity of Web servers, and positively identify themselves to those servers when desired. This means conducting transactions and participating in consumer services on the Internet with the same privacy and security as in the real world. Microsoft actively participates in the Internet Engineering Task Force (IETF), the World Wide Web Consortium (W3C), and other groups to develop Internet security standards. Recent Microsoft security initiatives include the code-signing proposal submitted to the W3C and the Transport Layer Security (TLS) efforts through the IETF, aimed at creating a single, secure, channel standard. Microsoft Authenticode TechnologySoftware on the Internet is not labeled or shrink-wrapped like software in retail stores. As a result, users may not know who published a piece of software, what the software will do on their computers, or if the software code has been tampered with. Microsoft developed Authenticode™ technology to help address these concerns. When users download signed code to their computers, Authenticode verifies both the publisher and the integrity of the code (that it has not been tampered with since the author published it). No software can be guaranteed to be 100% safe under all circumstances, but Authenticode gives the user the opportunity to make an informed decision as to whom they trust and be able to selectively block execution of certain code. Authenticode technology works with all common types of downloadable code including Java applets, ActiveX controls, and plug-ins. Microsoft is working with VeriSign, a leading certificate authority, who is issuing digital IDs to be used by software publishers to sign their code. Tools for code-signing are available through the ActiveX SDK. Secure Channel ServicesSupport for Secure Sockets Layer 2.0/3.0 (SSL), Private Communication Technology 1.0 (PCT) ensures that personal or business communications using the Internet or intranet are private. The SSL and PCT protocols create a secure channel, so that no one can eavesdrop on communications. With secure communications guaranteed, users can buy consumer goods, reserve airplane tickets, or conduct personal banking on the Internet. Transport Layer Security (TLS)In the near future, Microsoft will add support for TLS, a new secure channel protocol under development by the Internet Engineering Task Force (IETF), which builds upon existing protocols to create an improved Internet secure channel protocol. Personal Information Exchange (PFX)This set of public key-based security technologies, which is part of the Microsoft Internet security framework, supports Internet standards such as X.509 and PKCS#7 certificate formats. Microsoft has submitted PFX for consideration as a new PKCS standard. Cookie PrivacySome Web sites use cookie technology to store information on a client computer. These cookies are usually used to provide Web site personalization features. With Internet Explorer 4.0, users can choose whether or not to store a cookie. SOCKS Firewall SupportMany corporations provide their employees with access to the Internet through firewalls that protect the corporation from unwanted access. SOCKS is a standard protocol for traversing firewalls in a secure and controlled manner. Internet Explorer 4.0 is compatible with firewalls that use the SOCKS protocol. This support was provided by Hummingbird Communications Ltd., a leading provider of firewalls. NTLM Challenge/ResponseCorporations can take advantage of the Windows NT Server challenge/response authentication that may already be in use on their Windows NT Server network. This enables users to have increased password protection and security while remaining interoperable with their existing Internet information servers. CryptoAPI 2.0CryptoAPI provides the underlying security services for secure channels and code signing. Through CryptoAPI, developers can easily integrate strong cryptography into their applications. Cryptographic Service Provider (CSP) modules interface with CryptoAPI and perform functions including key generation and exchange, data encryption and decryption, hashing, digital signatures, and signature verification. CryptoAPI also provides developers with high-level APIs for authentication, signing, and encryption and decryption services as well as certificate management functionality. CryptoAPI is included as a core component of the latest versions of Windows operating systems. Internet Explorer 4.0 will automatically provide this support for earlier versions of Windows. Microsoft Protected StoreMicrosoft Protected Store supports securely storing important, private information, such as credit cards, electronic drivers license, ATM cards, and electronic cash. No application or person can view this information without a user’s permission. In addition, a user decides where to store the information (on a computer, smart card, or floppy disk). Users only have to enter password or account information once and thus do not have to remember many different passwords. It also gives users complete control over who can see or use this information. The Protected Store allows information to be securely transferred to any computer and used with any application through the use of PFX technology. Designed for the future, the Protected Store supports additional payment methods (such as Internet cash) as well as other credentials and confidential information.
 The Protected Store exposes a set of open APIs that are integrated into the operating system. Microsoft will evangelize these APIs to all third parties as the common, open way of storing personal information. The Protected Store will exist first on 32-bit Windows platforms in a future version of Windows (and downloadable from the Web) and later on Macintosh and Windows 3.1. PICS Standards for Internet ContentParents want assurances that children cannot visit sites that display inappropriate information. Corporations have similar concerns, wanting to block the use of sites that offer no business value to their employees. Microsoft has been working closely with the Platform for Internet Content Selection (PICS) committee to help define standards for rating Internet content.
Sandbox SecuritySupport for sandboxing, the Java security model, was built into Internet Explorer 3.0 and will be enriched in Internet Explorer 4.0. Running a Java applet in a sandbox prevents it from accessing a computer or network resources, but also greatly restricts what it can do. Authenticode provides additional protection for the user, in that they can verify the publisher and integrity of software components, such as Java applets or ActiveX controls. Internet Explorer users can review this information and make an informed decision as to whether running such applets is in their best interest. Internet Explorer 4.0 provides an enhanced capabilities-based sandbox security model, which allows a finer degree of control over access of applets to users’ computer resources, such as their hard disk, network connections, and so on. It presents users with a range of security options, such as allowing a Java applet to access a specific amount of hard disk space on a client computer. What are the Benefits of Internet Security?
|
||||
