case study: building a more secure browser in ie7 rob franco, lead program manager internet explorer...
Post on 18-Dec-2015
213 views
TRANSCRIPT
![Page 1: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/1.jpg)
Case Study:Case Study: Building a More Secure Browser in IE7Building a More Secure Browser in IE7
Rob Franco, Lead Program ManagerRob Franco, Lead Program ManagerInternet Explorer SecurityInternet Explorer Security
FUNL03FUNL03
![Page 2: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/2.jpg)
Tony
Group Program Manager - IE Laurel
Lead PM, IE Platform
I hope Rob can focus this PDC
session better than his camera!
![Page 3: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/3.jpg)
Who are you?Who are you?
Developer for an internet facing app?Developer for an internet facing app?
Developer of an IE extension?Developer of an IE extension?
![Page 4: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/4.jpg)
About this presentationAbout this presentationIn this presentation, we will cover:In this presentation, we will cover:
The Security Development LifecycleThe Security Development LifecycleGuiding principles for IE SecurityGuiding principles for IE SecurityHigh level browser threat modelHigh level browser threat model
Data flow and Architecture of IEData flow and Architecture of IEData flow and threats for:Data flow and threats for:
User InterfaceUser InterfaceNetwork requestsNetwork requestsPage RenderingPage Rendering
How IE7 addresses the threatsHow IE7 addresses the threatsDynamic protection against web fraud & data theftDynamic protection against web fraud & data theftMore user control over add-onsMore user control over add-onsAdvanced malware protectionAdvanced malware protection
![Page 5: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/5.jpg)
Security Training
Security Kickoff& Register with
SWI
Security DesignBest
Practices
Security Arch & Attack SurfaceReview
Use SecurityDevelopment
Tools &Security BestDev & Test Practices
Create Security
Docsand Tools
For Product
PrepareSecurity
ResponsePlan
Security Push
Pen Testing
FinalSecurity Review
Security Servicing &ResponseExecution
Feature ListsQuality Guidelines
Arch DocsSchedules
DesignSpecifications
Testing and Verification
Development of New Code
Bug Fixes
Code Signing A Checkpoint
Express Signoff
RTM
Product SupportService Packs/QFEs Security
Updates
Requirements Design Implementation Verification ReleaseSupport
&Servicing
Security Deployment Security Deployment Lifecycle Lifecycle Tasks and ProcessesTasks and Processes
ThreatModeling
FunctionalSpecifications
Traditional Microsoft Software Product Development Lifecycle Tasks and ProcessesTraditional Microsoft Software Product Development Lifecycle Tasks and Processes
![Page 6: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/6.jpg)
Recommended ReadingRecommended Reading
Writing Secure Writing Secure Code Second Code Second EditionEdition
Threat ModelingThreat Modeling
![Page 7: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/7.jpg)
Guiding principlesGuiding principles
Balance our customers’ need for Balance our customers’ need for browsing that’s powerful but also browsing that’s powerful but also securesecure
Architectural changes eradicate classes of Architectural changes eradicate classes of vulnerabilities in major releasesvulnerabilities in major releases
Mitigations reduce severity or prevent Mitigations reduce severity or prevent future vulnerabilities in service packsfuture vulnerabilities in service packs
Security Updates address targeted Security Updates address targeted vulnerabilities and variationsvulnerabilities and variations
Every release goes through threat Every release goes through threat modeling, penetration testing and modeling, penetration testing and code analysis toolscode analysis tools
![Page 8: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/8.jpg)
Browser basicsBrowser basicsData flowData flow
Outbound:Outbound:URLs URLs
HTTP requests HTTP requests
Auth & cookie Auth & cookie datadata
Inbound:Inbound:URLsURLs
HTMLHTML
ScriptScript
Non-IE filesNon-IE files
www.BadGuys.com
Cache boundary
User Profile
Internet Explorer
External Helper Applications
Program Files, Registry, etc.
Requests
Content
Documents, Settings,
etc.
ActiveX controlsDownloads, etc.
Helper requests
![Page 9: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/9.jpg)
User Interface IEFrameIEFrame
Network request layer
PageRendering
Browser basicsBrowser basicsArchitectureArchitecture
WinINetWinINet
URLMonURLMon
Browser Browser Helper Helper ObjectsObjects
ToolbarsToolbars
MimefilteMimefiltersrs
MSHTMLMSHTML
ActiveXActiveX
Script Script EngineEngine
BinaryBinaryBehaviorsBehaviors
![Page 10: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/10.jpg)
Sample Threats:Sample Threats:URLs parsed URLs parsed incorrectlyincorrectly
Domain spoofedDomain spoofedbuffer overrunbuffer overrunUser can’t read User can’t read URLURL
Dangerous files Dangerous files launch & installlaunch & install
User clicks “OK”User clicks “OK”Logic error in Logic error in promptprompt
Scripted Windows Scripted Windows trick usertrick user
Overlays UI Overlays UI warningswarnings
User lowers User lowers security settingssecurity settings
User Interface(IEFrame)
Network Requests(Wininet & URLMon)
Page Rendering (MSHTML)
URL Requests
URLs, Files
WindowCommands
Threats from Data FlowThreats from Data FlowUser Interface LayerUser Interface Layer
![Page 11: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/11.jpg)
www.BadGuys.com
Cache boundary
NetworkRequests
(Wininet & URLMon)
Pluggable Protocols
Requests
Content
URLs,HTML
Helper requests
Page Rendering (MSHTML)
User Interface(IEFrame)
URL Requests
URL Requests
URLs,Non-HTML files
Helper requests
Sample Threats:Sample Threats:Auth Credentials Auth Credentials encryption encryption crackedcracked
URL parsed URL parsed incorrectyincorrecty
buffer overrun buffer overrun
Security settings Security settings not enforcednot enforced
Data sniffer Data sniffer buffer overrun or buffer overrun or logic failurelogic failure
Faulty pluggable Faulty pluggable protocol loadsprotocol loads
Threats from Data Flow Threats from Data Flow Network ReqNetwork Req
![Page 12: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/12.jpg)
Network Requests(Wininet & URLMon)
Script Engine
URLs,HTML
Page access
Page Rendering (MSHTML)
URL Requests
Script
ActiveX Controls
COM Calls
COM Calls
URL Requests
COM Calls
Sample ThreatsSample ThreatsURLs parsed URLs parsed incorrectlyincorrectly
buffer overrun buffer overrun
Page Access Page Access rules failrules fail
HTML parser HTML parser buffer overrunbuffer overrun
Faulty COM Faulty COM object loadsobject loads
Page Access Page Access rules failrules fail
Unsafe access Unsafe access defaultsdefaults
Page RedirectsPage Redirects
Threats from Data FlowThreats from Data FlowPage Rendering LayerPage Rendering Layer
![Page 13: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/13.jpg)
About this presentationAbout this presentationIn this presentation, we will cover:In this presentation, we will cover:
The Security Development LifecycleThe Security Development LifecycleGuiding principles for IE SecurityGuiding principles for IE SecurityHigh level browser threat modelHigh level browser threat model
Data flow and Architecture of IEData flow and Architecture of IEData flow and threats for:Data flow and threats for:
UI LayerUI LayerNetwork request layer Network request layer Page Rendering layerPage Rendering layer
How IE7 addresses the threatsHow IE7 addresses the threatsDynamic protection against web fraud & data theftDynamic protection against web fraud & data theftMore user control over add-onsMore user control over add-onsAdvanced malware protectionAdvanced malware protection
![Page 14: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/14.jpg)
In this demo, you will see how In this demo, you will see how IE 7:IE 7:Uses a dynamic Phishing-Filter Uses a dynamic Phishing-Filter
to protect users from phishing to protect users from phishing sites sites
Uses heuristics to detect Uses heuristics to detect suspicious sitessuspicious sites
Highlights the user experience Highlights the user experience for secure sites (SSL)for secure sites (SSL)
Warns users about unsafe Warns users about unsafe settingssettings
Dynamic protection against Dynamic protection against fraudfraudSafer UI for browsingSafer UI for browsing
![Page 15: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/15.jpg)
Tariq, Manav, John and I try to catch the Phishers
![Page 16: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/16.jpg)
The UX team added Address bars to pop-up windows, Unsafe settings warnings and Pop-up
blocking
![Page 17: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/17.jpg)
Problems:Problems:ActiveX controls can expose dangerous ActiveX controls can expose dangerous functions and security bugs to any page on functions and security bugs to any page on the webthe web
Users have no control over the number of Users have no control over the number of controls installed by defaultcontrols installed by default
Users suspect Add-ons have privacy and Users suspect Add-ons have privacy and reliability problemsreliability problems
Solutions:Solutions:Unused ActiveX controls will prompt on first Unused ActiveX controls will prompt on first use the same as downloaded controlsuse the same as downloaded controls
Users can run in Add-ons disabled mode to Users can run in Add-ons disabled mode to shut off more extensions like BHOsshut off more extensions like BHOs
User Control Over Add-onsUser Control Over Add-onsActiveX Opt-in & No Add-ons ModeActiveX Opt-in & No Add-ons Mode
![Page 18: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/18.jpg)
Best practices:Best practices:Threat model controlsThreat model controls
Limit reads and writes, beware Limit reads and writes, beware redirectsredirects
Site-Lock control to only work on one Site-Lock control to only work on one sitesite
Clearly identify your control with Clearly identify your control with signatures signatures
Find more here:Find more here:http://msdn.microsoft.com/library/default.asp?url=/http://msdn.microsoft.com/library/default.asp?url=/workshop/components/activex/security.aspworkshop/components/activex/security.asp
User Control Over Add-onsUser Control Over Add-onsBuilding safer ActiveX controlsBuilding safer ActiveX controls
![Page 19: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/19.jpg)
John, Phoebe and Vidya planning for IE7 Platform and Network features
![Page 20: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/20.jpg)
Advanced malware Advanced malware protectionprotectionUnified URL parsingUnified URL parsingProblem:Problem:
Special characters complicate URL Special characters complicate URL parsingparsing
http://[email protected]://[email protected]
URLs passed as strings maybe parsed URLs passed as strings maybe parsed inconsistently through the stackinconsistently through the stack
Solution:Solution:iURI is IE’s single URL parsing objectiURI is IE’s single URL parsing object
Canonicalizes URLs targeting RFC 3986Canonicalizes URLs targeting RFC 3986
IE passes URLs the pre-parsed object IE passes URLs the pre-parsed object through the stackthrough the stack
Partners can also use the iURI object Partners can also use the iURI object in URLMON to canonicalize URLSin URLMON to canonicalize URLS
![Page 21: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/21.jpg)
Advanced malware Advanced malware protectionprotectionSample using iURI to parse Sample using iURI to parse hostnamehostname
#include <urlmon.h>#include <urlmon.h>
......
IUri *pIUri = NULL;IUri *pIUri = NULL;
HRESULT hr = CreateUri(pwzUrl, Uri_CREATE_ALLOW_RELATIVE, 0, &pIUri);HRESULT hr = CreateUri(pwzUrl, Uri_CREATE_ALLOW_RELATIVE, 0, &pIUri);
if (SUCCEEDED(hr))if (SUCCEEDED(hr))
{{
BSTR bstrHost = NULL;BSTR bstrHost = NULL;
hr = pIUri->GetHost(&bstrHost);hr = pIUri->GetHost(&bstrHost);
if (S_OK == hr) // Host exists. Do something with it.if (S_OK == hr) // Host exists. Do something with it.
{{
SysFreeString(bstrHost);SysFreeString(bstrHost);
}}
else if (S_FALSE == hr) // Host doesn’t exist in this URI.else if (S_FALSE == hr) // Host doesn’t exist in this URI.
{{
}}
pIUri->Release();pIUri->Release();
}}
Early documentation here:Early documentation here:
http://msdn.microsoft.com/library/http://msdn.microsoft.com/library/default.asp?url=/workshop/networking/default.asp?url=/workshop/networking/moniker/reference/ifaces/iuri/iuri.asp?moniker/reference/ifaces/iuri/iuri.asp?frame=trueframe=true
![Page 22: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/22.jpg)
Networking Dev & Test captured on film away from their work
![Page 23: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/23.jpg)
ElemenElementt
<H><H>
IDID CardCard
ColorColor BlackBlack
SizeSize 3232
TextText %Credit Card#%%Credit Card#%
DomainDomain www.MyBank.cowww.MyBank.comm
Script in the Internet Zone has to go through a domain check in order to access the element.
RULE #1 : Only script from the same domain can access an element
ScriptScript Card.color=“RECard.color=“RED”D”
DomainDomain www.MyBank.cowww.MyBank.comm
%Credit Card#%
Advanced malware Advanced malware protectionprotectionCross Domain SecurityCross Domain Security
![Page 24: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/24.jpg)
%Credit Card#%
ElemenElementt
<H><H>
IDID CardCard
ColorColor BlackBlack
SizeSize 3232
TextText %Credit Card#%%Credit Card#%
DomainDomain www.MyBank.cowww.MyBank.comm
ScriptScript Card.color=“RECard.color=“RED”D”
DomainDomain www.evil.comwww.evil.com
Advanced malware Advanced malware protectionprotectionCross Domain SecurityCross Domain SecurityRULE #1 :
Only script from the same domain can access an element
![Page 25: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/25.jpg)
Problems:Problems:Hackers use script protocols to run domain-Hackers use script protocols to run domain-less script in the navigation codepathless script in the navigation codepath
Type this in your address bar:Type this in your address bar:javascript:alert(document.body.innerHTML)javascript:alert(document.body.innerHTML)
Redirects sometimes evade Domain checksRedirects sometimes evade Domain checks
Solutions:Solutions:Migrate the script protocol to run as script in Migrate the script protocol to run as script in the originating pagethe originating page
Deny access to objects that aren’t redirect-Deny access to objects that aren’t redirect-awareaware
Partner code should also enforce Partner code should also enforce secure domain access rules and be secure domain access rules and be redirect-awareredirect-aware
Advanced malware Advanced malware protectionprotectionCross Domain SecurityCross Domain Security
![Page 26: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/26.jpg)
ElemenElementt
<IMG><IMG>
SRCSRC ..\..\BufferOverrun.jpgBufferOverrun.jpg
DomainDomain www.evil.comwww.evil.com
<H1>
<IMG SRC = “xxx…xxxx”>
George
</H1>
Parser
Problem:
•Attacker finds a place where the parser does not check for size of an argument
Solutions:
•IE uses automated code review tools, fuzz testing and safe memory APIs to help prevent buffer overruns
Partners can use the same tools we use to find and prevent buffer overruns. These tools are part of Visual Studio .Net
szImagePath[20];
lstrcpy(szImagePath,szUserInput);
szImagePath[20];
lstrcpy(szImagePath,”xxx…xxxx”);
Advanced Malware Advanced Malware ProtectionProtectionPreventing Buffer OverrunsPreventing Buffer Overruns
![Page 27: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/27.jpg)
IExplore.exeIExplore.exe
Install a driver,
Run Windows Update
Change Settings,
Download a Picture
Cache Web content
Exploit can install MALWARE
Exploit can install MALWARE
Admin-Rights Access
Admin-Rights Access
User-Rights AccessUser-Rights Access
Temp Internet FilesTemp Internet Files
HKLM
Program Files
HKCU
My Documents
Startup Folder
Untrusted files & settings
Advanced Malware Advanced Malware ProtectionProtectionThreats w admin rightsThreats w admin rights
![Page 28: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/28.jpg)
LoRIELoRIE
Install a driver,
Install an ActiveX control
Change settings,
Save a picture
Inte
gri
ty C
on
tro
l
Bro
ker
Pro
cess
Redirected settings & files
Com
pat
Red
irect
or
Cache Web content
Admin-Rights Access
Admin-Rights Access
User-Rights AccessUser-Rights Access
Temp Internet FilesTemp Internet Files
HKLM
HKCR
Program Files
HKCU
My Documents
Startup Folder
Untrusted files & settings
Advanced Malware Advanced Malware ProtectionProtectionProtected Mode IE, UAP contain Protected Mode IE, UAP contain threatsthreats
![Page 29: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/29.jpg)
In this demo, IE for Windows Vista will:In this demo, IE for Windows Vista will:Protect the user from a potentially Protect the user from a potentially
unsafe control unsafe control Run with restrictions to prevent Run with restrictions to prevent
exploits from installing malware on exploits from installing malware on user’s systemsuser’s systems
Still allows users to download files or Still allows users to download files or change settingschange settings
Allow Intranet sites to run without Allow Intranet sites to run without restrictionsrestrictions
Advanced Malware ProtectionAdvanced Malware ProtectionActiveX Opt-in and Protected Mode ActiveX Opt-in and Protected Mode IEIE
![Page 30: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/30.jpg)
Build “Protected Mode” for your app if it Build “Protected Mode” for your app if it handles untrusted datahandles untrusted data
Set any file/registry ACLs that are safe and Set any file/registry ACLs that are safe and needed to LOWneeded to LOW
Eg. %AppData%\%YourAppName%\Untrusted DataEg. %AppData%\%YourAppName%\Untrusted Data
Create your process with the Low Integrity Create your process with the Low Integrity tokentokenCreate a broker process for Medium or High Create a broker process for Medium or High Integrity OperationsIntegrity Operations
Add-ons inside of IE, run “Low” by defaultAdd-ons inside of IE, run “Low” by defaultWrites to the user’s profile will be Writes to the user’s profile will be automatically redirected to a subdirectory of automatically redirected to a subdirectory of the TIFthe TIFExtensions can use the SaveAs APIs to call the Extensions can use the SaveAs APIs to call the broker to prompt the user to save a file to the broker to prompt the user to save a file to the user profile systemuser profile system
Advanced Malware Advanced Malware ProtectionProtectionOptions for running at “least Options for running at “least privilege”privilege”
![Page 31: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/31.jpg)
User consent or “Allow list” let’s User consent or “Allow list” let’s extensions launch Apps at “Medium”extensions launch Apps at “Medium”
An allow-list will let known apps elevate An allow-list will let known apps elevate to medium without user intervention to medium without user intervention
Other processes spawned from IE will Other processes spawned from IE will throw an “information bar” unless throw an “information bar” unless marked for lowmarked for low
Compat logging will help diagnose Compat logging will help diagnose failed or redirected writes and failed or redirected writes and create processcreate process
Advanced Malware Advanced Malware ProtectionProtectionOptions for running at “least Options for running at “least privilege”privilege”
![Page 32: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/32.jpg)
Anantha and Bogdan powering through to code complete
![Page 33: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/33.jpg)
Marc and Robert from the Protected Mode IE team test their code on a demo page
![Page 34: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/34.jpg)
DeanGeneral Manager
IE unmasked?IE unmasked? “You know, I have one simple request.
And that is to have anti-phishing frickin' laser beams attached to the browser! Now evidently my security team informs me that that cannot be done.
Ah, would you remind me what I pay you people for, honestly?
Throw me a bone here!”
![Page 35: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/35.jpg)
Security Development Lifecycle helps Security Development Lifecycle helps mitigate riskmitigate risk
Users count on our industry to be Users count on our industry to be secure and compatible secure and compatible
Tools available for you to useTools available for you to useTrain using Writing secure code and the Threat Train using Writing secure code and the Threat Modeling booksModeling books
Correctly handle URLs with IE7’s iURICorrectly handle URLs with IE7’s iURI
Threat model extensions like ActiveX controlsThreat model extensions like ActiveX controls
Remove Buffer Overruns from your code with Remove Buffer Overruns from your code with tools in Visual Studio Whidbeytools in Visual Studio Whidbey
Run with least privilege using Mandatory Run with least privilege using Mandatory Integrity Control in Windows VistaIntegrity Control in Windows Vista
SummarySummaryTarget: Secure and CompatibleTarget: Secure and Compatible
![Page 36: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/36.jpg)
PRS 203 “What’s new in IE7” PRS 203 “What’s new in IE7” Tuesday, 4:15 (past)Tuesday, 4:15 (past)Halls C&DHalls C&D
FUN 406 “Windows Vista User Account FUN 406 “Windows Vista User Account Protection”Protection”
Wednesday, 11:00 AM (past)Wednesday, 11:00 AM (past)402AB402AB
DAT 320 “Building RSS enabled applications”DAT 320 “Building RSS enabled applications”Thursday, 2:15Thursday, 2:15403AB403AB
FUN 314 “Architecting apps for the future with FUN 314 “Architecting apps for the future with compatibility”compatibility”
Thursday, 2:15Thursday, 2:15408AB408AB
Related Talks at the PDCRelated Talks at the PDC
![Page 37: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/37.jpg)
Questions?Questions?
![Page 38: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/38.jpg)
BACKUPSBACKUPS
![Page 39: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/39.jpg)
In this demonstration, you will see In this demonstration, you will see how Internet Explorer 7:how Internet Explorer 7:
Uses a dynamic Phishing-Filter to protect Uses a dynamic Phishing-Filter to protect users from phishing sites users from phishing sites
Uses heuristics to detect suspicious sitesUses heuristics to detect suspicious sites
Highlights the user experience for secure Highlights the user experience for secure sites (SSL)sites (SSL)
Warns users about unsafe settingsWarns users about unsafe settings
Dynamic protection against fraudDynamic protection against fraudSafer UI for browser settingsSafer UI for browser settings
![Page 40: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/40.jpg)
Dynamic protection against fraudDynamic protection against fraud
Problem:Problem:IP address and misleading URLs IP address and misleading URLs convince users to give away personal convince users to give away personal informationinformation
Solutions:Solutions:Dynamic Phishing Filter blocks known Dynamic Phishing Filter blocks known attacksattacksImproved URL parsing robust against Improved URL parsing robust against encoding tricksencoding tricks
![Page 41: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/41.jpg)
Solution (continued)Solution (continued)Address bar on every pop-up windowAddress bar on every pop-up window
Background Tabs can’t open windowsBackground Tabs can’t open windows
Dynamic protection against fraudDynamic protection against fraud
![Page 42: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/42.jpg)
Solution (continued)Solution (continued)International Domain Names (IDN) must International Domain Names (IDN) must be in a language supported by the user’s be in a language supported by the user’s systemsystem
Multiple languages can’t be mixed in an Multiple languages can’t be mixed in an IDN URLIDN URL
Dynamic protection against fraudDynamic protection against fraud
![Page 43: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/43.jpg)
Security settings per zone
aka URLActions
Note: Windows Server 2003 has stricter defaults Note: Windows Server 2003 has stricter defaults than other versions of IEthan other versions of IE
Dynamic protection against fraudDynamic protection against fraudSafer UI for browser settingsSafer UI for browser settings
![Page 44: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/44.jpg)
IntranetIntranetMachine names in your Machine names in your domain domain MED-LOW, Automatic MED-LOW, Automatic domain logindomain login
InternetInternetFully-qualified domain Fully-qualified domain names names MED, Only uses safe MED, Only uses safe extensibilityextensibility
Restricted sitesRestricted sitesEmpty unless configuredEmpty unless configuredHIGH, only renders HIGH, only renders HTML, HTML, loads no extensionsloads no extensions
Problems:Problems:Users opt to change settingsUsers opt to change settingsMy Computer and Trusted My Computer and Trusted are targetsare targets
----------------------------------------------------------------------My Computer zoneMy Computer zone
Not shown in the UINot shown in the UIAny HTML content on the Any HTML content on the local machinelocal machineLOW--, Unrestricted access LOW--, Unrestricted access to to
scriptable APIsscriptable APIs
Trusted sitesTrusted sitesEmpty unless configuredEmpty unless configuredLOW, sites can silentlyLOW, sites can silentlyinstall signed ActiveXinstall signed ActiveX
Dynamic protection against fraudDynamic protection against fraudSafer UI for browser settingsSafer UI for browser settings
![Page 45: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/45.jpg)
IntranetIntranetDisabledDisabled on Consumer on Consumer PCs PCs MED-LOW, Automatic MED-LOW, Automatic domain logindomain login
InternetInternetFully-qualified domains Fully-qualified domains MED-HIGHMED-HIGH
Restricted sitesRestricted sitesEmpty unless configuredEmpty unless configuredHIGH, only renders HIGH, only renders HTML, HTML, loads no extensionsloads no extensions
Solutions:Solutions:More secure defaultsMore secure defaultsUI to prevent unsafe UI to prevent unsafe settingssettings
----------------------------------------------------------------------My Computer zoneMy Computer zone
HIGH HIGH when used in IEwhen used in IE
Trusted sitesTrusted sitesEmpty unless configuredEmpty unless configuredMEDMED, only uses safe , only uses safe extensibilityextensibility
Dynamic protection against fraudDynamic protection against fraudSafer UI for browser settingsSafer UI for browser settings
![Page 46: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/46.jpg)
Shown under address bar
Dynamic protection against fraudDynamic protection against fraudSafer UI for browser settingsSafer UI for browser settings
![Page 47: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/47.jpg)
In this demo, you will see how In this demo, you will see how Internet Explorer for Windows Vista:Internet Explorer for Windows Vista:
Runs with restrictions to prevent Runs with restrictions to prevent exploits from installing malware on exploits from installing malware on user’s systemsuser’s systems
Still allows users to download files Still allows users to download files or changing settingsor changing settings
Allows Intranet sites to run without Allows Intranet sites to run without restrictionsrestrictions
Advanced Malware Advanced Malware ProtectionProtectionDemo: Protected Mode IEDemo: Protected Mode IE
![Page 48: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/48.jpg)
![Page 49: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/49.jpg)
![Page 50: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/50.jpg)
![Page 51: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/51.jpg)
![Page 52: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/52.jpg)
![Page 53: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/53.jpg)
![Page 54: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/54.jpg)
![Page 55: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/55.jpg)
![Page 56: Case Study: Building a More Secure Browser in IE7 Rob Franco, Lead Program Manager Internet Explorer Security FUNL03](https://reader038.vdocument.in/reader038/viewer/2022110207/56649d255503460f949fc196/html5/thumbnails/56.jpg)