Disabling automatic site checking is an option. However, this option will cause the browser to flag most of the sites you visit because the list of legitimate sites in the local file is fairly limited. Over time, many people might simply ignore the warning or overlook it as just another icon in the bottom of the browser. However, even if automatic checking is disabled, you can manually check a site's legitimacy against Microsoft's database at any time by right-clicking the phishing icon and selecting Check This Website. Even with the phishing filter, training and educating users remains important so they continue to think twice before clicking links to EBay or E*Trade—two companies that unfortunately have been targeted by phishing attacks in the past.
I searched the Internet for the word "bank," and IE 7.0 recognized most of the top 10 US banks as legitimate, but it didn't recognize many others—especially international banks. Although Microsoft will update its list frequently, the list will never include the huge range of sites that people visit. Time will tell how people receive this security feature. It's a step in the right direction, and I'm glad Microsoft is trying to do something to combat phishing, even if it's the first of several iterations of a solution that everyone can live with. For more information about the phishing filter in Beta 1, see the Microsoft white paper "Microsoft Phishing Filter: A New Approach to Building Trust in E-Commerce Content" at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/IETechCol/dnwebgen/MSPhishingFilterWP.asp or on the official IEBlog at http://blogs.msdn.com/ie.
Getting a Handle on IE Add-Ons
Many spyware applications infest and hijack IE by using Browser Helper Objects (BHOs), which extend the functionality of an Internet browser. Many BHOs enable useful, legitimate services. For example, Adobe Acrobat and Windows Messenger are two common applications that interface with IE by using a BHO. However, spyware and other malicious software lure users into installing BHOs for other wicked purposes. By tweaking the Manage Add-ons dialog box, IE 7.0 lets users see what BHOs are installed in the browser without removing any useful functionality. You access the Manage Add-ons dialog box from the Tools, Manage Add-ons menu. Then, you can view add-on status or delete add-ons. In the same dialog box, you can show add-ons that IE has used, show add-ons currently loaded in IE, show add-ons that load when IE starts, and show downloaded ActiveX controls (32-bit). These options are too advanced for casual users, but they provide direct access for technical support staff members so that they can troubleshoot problems. By using this feature, you can see at a glance any programs that users might have installed in IE that could interfere with the system. Plus, this feature provides a direct way to remove unwanted programs from IE.
Architecture Changes
IE 7.0 also includes several under-the-hood architectural security improvements. You'll see improvements in how IE programmatically handles URLs and a cross-domain barrier feature. The consolidate URL (cURL) feature-lets programmers specify cURLs as objects instead of strings, which increases security by improving how IE parses the URL. A cross-domain barrier provides additional security, prohibiting one site or code from accessing another site's data.
Although the phishing filter is the most obvious security upgrade to IE 7.0, Microsoft has enhanced many features that improve the security of this product. Time will tell whether these improvements reduce the number of IE security exploits and restore the IE marquis. Regardless of the new release's other improvements, its security improvements make upgrading to IE 7.0 a must.
Jeff Fellinge (jeff@blackstatic.com) is a contributing editor for Windows IT Pro and the director of information security and infrastructure engineering at aQuantive. He is the author of IT Administrator's Top 10 Introductory Scripts for Windows (Charles River Media).