Windows XP Service Pack 2: What's New for Internet Explorer and Outlook Express

Published: August 4, 2004

Safer Browsing with Internet Explorer

With Internet Explorer in Windows XP SP2, you'll get some very noticeable new benefits such as fewer pop-up ads and greater protection against harmful downloads. Internet Explorer makes it easier for you to make informed decisions and take action to help reduce security risks to your computer.

Less visible, but just as important, are some powerful new security defenses for your computer. With an improved security infrastructure, Internet Explorer blocks unruly windows and helps to defend your PC by drawing tighter security around it. In addition, there are several other security enhancements that help to protect your computer—although you might need to be a developer to fully understand the details. These security enhancements include things such as zone elevation blocks and changes to object caching—serious sounding names for serious security protections.

Tip To learn more about any of the features mentioned in this section, you can read more technical information on the TechNet site.

Block Pop-up Ads

The Pop-up Blocker, new to Internet Explorer in Windows XP SP2, can prevent most unwanted pop-up (or pop-under) windows from appearing. The Pop-up Blocker is smart enough to not block pop-up windows that you open deliberately by clicking a link—for example, if you were on a travel reservation site and you clicked a link to open a pop-up window containing your confirmation details, this pop-up window would not be blocked because you opened it intentionally.

When a pop-up ad is blocked, you'll see a notification in the Information Bar, which is also new to Internet Explorer. When you click the Information Bar, you'll have access to the pop-up blocker settings that let you view the pop-up or configure other options.

Information Bar showing a blocked pop-up

The Information Bar in Internet Explorer lets you know when it has blocked a pop-up

Click the Information Bar to open pop-ups and change Pop-up Blocker settings

Tip Read Block Pop-up Windows with Internet Explorer to learn more about what you can do with it—for example, you can adjust the settings to turn off the sound when Internet Explorer blocks a pop-up. You can get more technical background about the Pop-up Blocker on the TechNet site.

Help to Protect Your PC from Potentially Harmful Downloads

If a site attempts to download a program to your computer without your authorization, Internet Explorer in Windows XP SP2 uses the Information Bar to let you know. The Information Bar shows up to notify you, and then it disappears when you move on to another Web page.

Information Bar showing a blocked download

The Information Bar appears when a Web site tries to download a file that you did not request

To find out what actions you can take, simply click the Information Bar to bring up a context-sensitive menu (as shown in the following image). The menu contains a link to Help where you can find more information about the notification.

Click the Information Bar to see what actions you can take

Tip To learn more about the Information Bar, read Use the Internet Explorer Information Bar. You can also get more technical background about the Information Bar on the TechNet site.

Help to Protect Your PC when Saving Potentially Damaging Files

A file you download from the Web—for example, a game, a picture, or even a program—can be just what you bargained for, or it can be a vehicle for more malevolent intent. For this reason, Internet Explorer has stepped up its scrutiny of any file you begin to download, open, or save from the Web. Internet Explorer checks to see whether the file is the type of file it says it is and provides strong warnings if there are irregularities in how the file describes itself or if there seems to be a potential for harm based on the particular type of file (as shown in the following image). Internet Explorer also offers more concise information to help you understand the implications of opening or saving a file.

Example of an Internet Explorer security warning

1.	As in previous versions of Internet Explorer, you can see what type of file you are trying to download. In Windows XP SP2, you will also see the size of the file along with what type of file it is.
2.	As in previous versions of Internet Explorer, you can see the source of the download—in other words, where the software comes from.
3.	Internet Explorer also offers guidance about the type of file you are downloading.
4.	You can click the How can I decide what software to run? link to make a more informed decision about what to do.

Block Downloads from Specific Publishers

Some publishers will go to great lengths to have users install their programs. You may have experienced a situation in which you were repeatedly prompted to install a program that you didn't want or didn't trust. Perhaps you even installed the program just to get the prompts to go away.

Now, Internet Explorer helps you to avoid this situation. With a simple click of the mouse, you have the option of automatically preventing certain programs from being installed or run on your computer. This includes an option to block all software from a specific publisher.

Example of a security warning asking if you want to run software

Now you can tell Internet Explorer how to handle downloads from a specific publisher

Control Add-ons Using Add-on Manager

Add-ons are special programs that extend the capabilities of Internet Explorer, such as search toolbars, games, or programs that let you view Web sites offline. In many cases, they are useful and can enhance your Web browsing experience.

But add-ons can also be annoying or even invade your privacy, particularly when they are installed without your consent. For example, an advertising company can use an add-on to display pop-up ads or to track your browsing behavior. Add-ons can also be a source of Internet Explorer crashes and performance issues. But until now, it's been difficult for users to take action.

The Add-on Manager tackles these issues by providing a list of add-ons already installed on your computer and used by Internet Explorer, including add-ons that may be otherwise difficult to detect. You can use this list to enable or disable each add-on individually.

Use the Add-on Manager to disable or enable individual add-ons

The Add-on Manager also detects add-on-related crashes in Internet Explorer. When Internet Explorer successfully identifies one, you'll get the option to disable the add-on, which could help to improve the overall stability of Internet Explorer.

Tip For more information about how to enable, disable, and otherwise manage Add-ons, read Help Block Dangerous Content with the Internet Explorer Add-on Manager. You can also get more technical background about the Add-on Manager on the TechNet site.

Prevent Unruly Browser Windows

Have you ever been in a situation where a browser window covered up everything on your screen, including the Internet Explorer controls, and you weren't sure what to do? Perhaps you even turned off your computer because you were rightfully concerned that something malicious was going on.

Internet Explorer has put a stop to this behavior by prohibiting Web sites from running scripts that resize or reposition your browser windows. (A script is a program or sequence of instructions that another program carries out.) So no matter how the script directs a window to behave, Internet Explorer overrides the script's direction and fits the window neatly into your screen with all its usual controls.

Tip You can get more technical information about these restrictions on browser windows on the TechNet site.

Help to Protect Your PC with Stronger Zone Defense

As a security measure, Internet Explorer corrals all Web sites on the Internet into a single zone—the Internet zone—and applies a certain level of security protection which helps you to browse more securely. Internet Explorer will prompt you before you download content that it identifies as potentially unsafe.

Internet Explorer also specifies four other zones, including Trusted and Restricted zones, to which you can assign Web sites either that you trust completely, such as Microsoft Update, or that arouse your suspicion. It also assigns your hard disk to the Local Machine zone (although this zone is not displayed in the settings for Internet Explorer).

When you open a Web page, Internet Explorer restricts the actions a page can take based on the zone of the Web page—Internet, Restricted, and so on. For example, Web pages that are located in the Internet zone (as most pages are, by default), might not be able to perform some operations, such as accessing information from the local hard drive.

In previous versions of Internet Explorer, your hard drive (or Local Machine zone) was considered to be secure, and content in this zone was allowed to run with relatively few security restrictions. However, attackers often tried to take advantage of these low restrictions to compromise computers.

In Windows XP SP2 this changes. Internet Explorer applies strong security settings to the Local Machine zone to help protect against some common types of attacks, such as the running of a harmful download or a malicious script.

Tip Read more about security zones and how you can use them to increase your browsing security in Working with Internet Explorer 6 Security Settings. You can also go to the TechNet site to get more technical information about how Internet Explorer helps to secure your machine.

Top of page

Safer E-Mail Handling with Outlook Express

Outlook Express in Windows XP Service Pack 2 (SP2) helps you assess the likely safety of attachments. It also helps to keep you from unwittingly validating your e-mail address to spammers by blocking images in e-mail.

Defend Against Suspect Attachments

Millions of people opened an e-mail that said "I love you" even though it came from business associates they barely knew. Millions of people opened what they thought was an image of a tennis star. And, as we know, millions of people infected their computers, their networks, and their friends' computers with viruses which, when activated, mailed themselves to many of the contacts listed in the infected computers' address books.

Many viruses (and their ugly relatives, worms) spread through file attachments in e-mail messages. Virus writers capitalize on people's curiosity and willingness to accept files from people they know or work with, in order to transmit malicious files disguised as or attached to benign files.

New security technologies in Windows XP SP2 help to reduce the spread of viruses through e-mail. Now, Outlook Express calls upon the Attachment Manager to help you make smarter choices when you receive e-mail attachments.

•	If an attachment is considered safe, Outlook Express makes it completely available to you, displaying apparently safe images and making it possible to open apparently safe attachments. Examples of attachments in this category are text files (.txt) and graphics files such as JPEGs (.jpg) and GIFs (.gif).
•	If an attachment is potentially unsafe—an executable program, for example—Attachment Manager will block it so you won't be able to open it without taking explicit action, but you will see a notice of the blockage (as shown in the following image). Examples of attachments in this category include executable files (.exe), screensavers (.scr), and script files (including .vbs). Example of how Attachment Manager handles potentially unsafe attachments
•	If the safety of an attachment is undetermined, you'll see a warning (as shown in the following image) when you try to move, save, open, or print the file. If Outlook Express can't determine the safety of an attachment, you would see this message

Another benefit of Attachment Manager is that it is built on public code (API) that is available to any programmer to use to add safe, consistent attachment handling to the software programs they create. This can benefit you by providing a more consistent experience with attachments and minimizing the potential for confusion.

Increase Protection from Spam

Pictures and images embedded in HTML e-mail messages can be adapted to secretly send a message back to the sender. These are often referred to as Web beacons. Spammers rely on information returned by these images to confirm active e-mail addresses. Some spam messages contain Web beacon images so small that they are invisible to the human eye—but not to Outlook Express.

An improved defense against Web beacons is to stop pictures from downloading until you've had a chance to review the message. Outlook Express in Windows XP SP2 will now block images automatically in messages from people who are not in your address book. This goes a long way in preventing the verification of your e-mail address for spammers. It makes your e-mail name less useful to spammers and may result in your getting less spam over time.

Example of how Outlook Express shows blocked pictures—you can click to open them if you trust the source, for example an airline newsletter or an electronic invitation from a friend

This feature also minimizes a common annoyance for those using dial-up network connections. In earlier versions of Outlook Express, if you read an HTML e-mail message with a picture embedded in it, Outlook Express would automatically try to connect to the Internet to retrieve any reference images. With image blocking in Outlook Express, this will no longer happen.

Tip The issues with embedded pictures occur for those reading messages in HTML mode. You also have the option to read or preview incoming messages in plain-text mode to avoid some of these security issues. (Note, however, that you lose the ability to change the look of text—font, color, font size, and so on—when you are in plain-text mode.) To find out how to do this, read Use the New Security Features in Outlook Express. Also, you can read E-Mail Handling Technologies for more technical information.

Conclusion

Windows XP Service Pack 2 with Advanced Security Technologies is all about helping you take a proactive approach to improving the protection of your computer, your information, and your privacy. The Internet Explorer and Outlook Express enhancements, including pop-up ad blocking and protection from potentially harmful downloads and attachments, will help you to enjoy new, easier ways to protect your computer while you browse the Web and use e-mail.