Gates outlines vision for new secure Internet Explorer
Microsoft is to introduce new security enhancements to its next generation browser, Internet Explorer 7. In a speech to the RSA Conference, Bill Gates outlined Microsoft’s thinking for a streamlined method of managing secure transactions over the Internet.
‘Password systems simply won’t cut it; in fact, they’re very quickly becoming the weak link,’ Gates declared in his speech. He admitted that gaining access to sensitive passwords is the prime goal behind phishing attacks and that users often forgot the multiplicity of user IDs and passwords they were required to enter as they travelled the Internet.
Microsoft’s solution is an ‘InfoCard’ which is a method of transferring secure data between the browser and a website. Each user can create their own ‘InfoCard’ with as much or as little information as they want ranging from simple name and email address to more personal data such as credit card numbers.
IE 7 will have a built in ‘InfoCard’ user interface which allows a user to enter whatever information they wish along with the sites it has chosen to use that data with. Multiple cards can be used with multiple sites and would be encrypted during the exchange of information.
During the secure transaction, the desktop will fade to tell the user that they have entered a secure environment as a more visible indication than the traditional small locked padlock which is easily overlooked.
Microsoft is also planning a traffic lights type system for websites to guard against phishing attacks. To add confidence to the user, Microsoft is planning to introduce a High Assurance Certificate. This code will reside on a website and will contact the browser to verify that it is the site it says it is. Once verified, the Internet Explorer address bar will turn green otherwise the bar will turn red.
Gates also announced new ‘protected mode’ area within the Windows Vista operating system that is part of Internet Explorer. In protected mode, Internet Explorer is only able to write to the temporary Internet files folder and its part of the registry. It is unable to write outside that area effectively quarantining any malware that tries to gain access to the system via the browser.