I really enjoyed the clarity of the graphics and video on the web pages I visited (not every website supports IE9 right now, but in time most if not all will). One particular lovely feature is the ability to pin tabs to your Taskbar (the site uses the website ‘favicon’ as the icon), so now every app appears as a Web app. Very cool. 🙂
Now lets take a look at my subject area – the security and privacy of IE9. The download manager now scans each download file for malware (using SmartScreen), with IE SmartScreen having been updated to block malicious files even on trusted webpages which deliver third-party ads for example. Nothing new here, but still a very useful layer of protection. Now, what about ActiveX and sandboxing? The browser does indeed run sandbox plugins and uses ActiveX filtering (which isn’t a default setting) for added security as well as the useful InPrivate mode which by default hides a websites activities from third-party websites.
Worth pointing out, that IE9 is the only browser by default that stops third-party site tracking. IE9 goes one step further with InPrivate mode – it is called Tracking Protection, which provides users with the ability to control and block tracking websites from following your web activity. There are two Tracking Protection options – the first assumes you know the websites you want to block – I’d suggest using the automatic option (or downloading the Tracking Protection List or TPLs) which creates a list of third-party sites that phone home from the websites you visit. There are currently five TPL lists available: one each from Abine, EasyList and TRUSTe, and two from PrivacyChoice. The list clearly defines whether or not to block information sent to specific third-party sites.
Update 21/03/11: Which? Computing in the UK has found a flaw in the TPL rules. If there are copies of the same rule with both “allow” and “block”,”allow” has a higher priority than “block”. If a user has blocked a content provider then this means tracking information will be sent. Is it a bug? I’m not so sure. Users are now aware that they need to check their TPL rules before being certain they don’t have duplicate “allow” and “block” entries for the same content provider. Microsoft may issue a patch for this in time.
To find out how to use the IE9 privacy and security settings:
- Click the ‘Tools’ sprocket symbol (Alt+X) on the top right of the browser
- Highlight ‘Safety’ and the following 8 options will be presented:
Lastly and importantly the downside of IE9: I couldn’t find one right now. That said it’s worth noting that it only works with Windows 7 and Vista. So if you still use Windows XP, you will be unable to benefit from the improved browser and privacy experience.
IE9 security: It has been reported in the press (from the CanSecWest Pwn2Own challenge) that an ethical hacker found a remote code execution security flaw in IE9. Microsoft have confirmed that there is no remote code execution flaw with IE9. This flaw does affect previous IE versions which Microsoft says it will be patching in due course.
Safe surfing folks!