Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

10/31/2006
06:10 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

IE7 Feature Goes Buggy

If your IE7 browser starts scarfing CPU when you hit Ajax-laden sites, you may need to disable your anti-phishing filter

The new and much-anticipated anti-phishing filter in Microsoft's Internet Explorer 7 browser may slow your PC's performance when you visit some Ajax-heavy sites, according to a Microsoft developer.

The workaround for the problem is to add the affected sites to "trusted sites" and then disable IE7's anti-phishing feature in the trusted sites zone as well if necessary, Microsoft developer Junfeng Zhang said in his Microsoft Software Developers Network (MSDN) blog. Ajax-heavy sites include Windows Live Mail Beta, Yahoo Mail Beta, Google Reader, and Microsoft Outlook Web Access, he says.

Microsoft's IE7 team is looking into the possible performance problem, according to a Microsoft spokesperson. "As a policy, Microsoft does not recommend turning off the phishing filter's protection, but if customers want to customize performance on certain sites they can add sites to the trusted sites zone and turn off the phishing filter in the trusted sites zone," the spokesperson says.

What do you mean, disable anti-phishing in IE7?

Anti-phishing is one of the hot new features Microsoft added to its browser, and it's already considered a must-have in today's phishy Web climate. Randy Abrams, director of technical education for Eset, who has been implementing IE7 himself recently, says you shouldn't disable the anti-phishing filter unless you experience any problems with these sites.

"If disabling the anti-phishing filter does not solve the problem, then re-enable it immediately," he says. "Set up a reminder to re-enable the filter so that if a patch is issued that fixes the problem, you will remember to re-enable the filter."

Given that the complex Ajax technology is still fairly new on Websites, Abrams says, it's not surprising to be finding such glitches with it.

One MSDN blog participant had already suggested that rather than disable the anti-phishing filter, you could add the Ajax-heavy sites as "trusted sites." That would preclude the filter from getting bogged down on the sites.

Disabling the IE7 anti-phishing filter requires restarting the browser as well, according to Zhang's blog.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Microsoft Corp. (Nasdaq: MSFT)

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 6/5/2020
    Abandoned Apps May Pose Security Risk to Mobile Devices
    Robert Lemos, Contributing Writer,  5/29/2020
    How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
    Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: What? IT said I needed virus protection!
    Current Issue
    How Cybersecurity Incident Response Programs Work (and Why Some Don't)
    This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
    Flash Poll
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-13842
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020).
    CVE-2020-13843
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).
    CVE-2020-13839
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).
    CVE-2020-13840
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).
    CVE-2020-13841
    PUBLISHED: 2020-06-05
    An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020).