21 Aug, 2013 No Comments Bobby Software Security

Note: IE10 is no longer the most secure version. It has been superseded by IE11.

Internet Explorer 10 Logo

If you must use the Internet Explorer browser, then the least you could do is make sure it’s upgraded to the latest version. Internet Explorer (IE) has a poor reputation for security. This is largely because of the millions of users who are still using old, out-of-date versions. I see clients who are still running IE6, which was introduced with Windows XP in 2001. Twelve years is far too long to be using a browser these days.

If you’re still using Windows XP or Vista, this will not apply to you as IE10 is only available for Windows 7 and 8. Vista users are stuck at IE9 and XP at IE8. But if you are using Windows 7 or 8, and still using IE9, you should upgrade.

IE10 Security Features

Here are several security features included with IE10 to make it safer than older versions. Most of these are not actually new, but only upgrades to old features.

InPrivate Browsing

This was first introduced in IE8. When enabled, it prevents the browser from remembering your passwords, search history, and webpage history when you close the browser. Now, with IE10, you can enable InPrivate browsing per tab instead of per window.

Internet Explorer 10 Security

Do Not Track

This is not a new feature, but is now turned on by default in IE10. Do Not Track tells data brokers, who track what you do online and sell that data to marketers and ad agencies, that you do not want them to track your activity. Unfortunately, the trackers can choose not to honor the request. As of this writing, there are no laws that prevent companies from ignoring Do Not Track. A good feature, but of questionable value for the time being.

Internet Explorer 10 Security

Enhanced Protected Mode (Sandboxing)

Further extends the Protected Mode introduced in IE7, which runs IE with restricted privilages so it has limited access to the rest of your computer. It helps to curb malware from taking root on your computer through the browser.

Internet Explorer 10 Security

Enhanced memory protection

The first change, known as ForceASLR is an upgrade to ASLR (address space layout randomization) released with IE7. It helps to protect you from malicious code that gets injected into memory by randomizing where the modules are stored.

The second upgrade is called HEASLR (high entropy address space layout randomization). A fancy term but it performs a similar function to ASLR except it only applies to 64-bit applications, taking advantage of the higher number of memory addresses.

IE10 also adds other security features that are available to web developers to put in their code.

HTML5 iframe sandbox support

The newest version of HTML allows native sandboxing in iframes. IE has added support for this feature if the webpage has been programmed to use this HTML5 feature. Of course, we’d all be better off if iframes just went up in iflames.

Should I Use Internet Explorer?

That’s up to you. I would recommend switching to a different browser like Firefox or Chrome, or even Opera – the quiet underdog that has an impressive history of good security habits. IE has made great strides in security, but it still manages to fall short in some fundamental ways, such as making it extremely difficult to fully disable the Java plugin, and deliberately allowing an organization to fake a secure EV certification.

What’s really most important is to make sure you have the latest version of whatever browser you’re using. Do that and you’re well on your way to a safer web experience.

Related Articles