Microsoft is due to releaseInternet Explorer 8.0, the latest
version of its internet browser, which now includes technology
called DEP/NX to prevent hackers from using buffer overflow attacks
to take over users' PCs.
Microsoft has combined the so-called no-execute technology in
Intel and AMD microprocessors, which is designed to stop hackers
from inserting virus code into a computer's memory with
DEP (data execution prevention), which prevents computer memory
used to store data being able to run executable code.
The combination of the chip hardware and software support in IE8
should reduce the risk of buffer overflow attacks. But it will not
prevent other types of attacks that compromise database servers,
such as SQL Injection.
As Computer Weekly has previously reported, DEP/NX could impact
many legitimate applications that rely on downloadable ActiveX
components to run.
Computer Weekly looked at the beta release
last month. New features that may save time and effort include
web slices, for fast site searches, Digg top 10, and the weather
report, which appear within the browser window, without the user
having to click to another tab.
Web slices offer web administrators a new application
programming interface that allows web sites to provide extended
searches within IE8's search facility. For instance, a user
watching an item on eBay, will be able to see the status of the
auction without having to visit eBay.