Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:10 AM
Connect Directly

IE7 Feature Goes Buggy

If your IE7 browser starts scarfing CPU when you hit Ajax-laden sites, you may need to disable your anti-phishing filter

The new and much-anticipated anti-phishing filter in Microsoft's Internet Explorer 7 browser may slow your PC's performance when you visit some Ajax-heavy sites, according to a Microsoft developer.

The workaround for the problem is to add the affected sites to "trusted sites" and then disable IE7's anti-phishing feature in the trusted sites zone as well if necessary, Microsoft developer Junfeng Zhang said in his Microsoft Software Developers Network (MSDN) blog. Ajax-heavy sites include Windows Live Mail Beta, Yahoo Mail Beta, Google Reader, and Microsoft Outlook Web Access, he says.

Microsoft's IE7 team is looking into the possible performance problem, according to a Microsoft spokesperson. "As a policy, Microsoft does not recommend turning off the phishing filter's protection, but if customers want to customize performance on certain sites they can add sites to the trusted sites zone and turn off the phishing filter in the trusted sites zone," the spokesperson says.

What do you mean, disable anti-phishing in IE7?

Anti-phishing is one of the hot new features Microsoft added to its browser, and it's already considered a must-have in today's phishy Web climate. Randy Abrams, director of technical education for Eset, who has been implementing IE7 himself recently, says you shouldn't disable the anti-phishing filter unless you experience any problems with these sites.

"If disabling the anti-phishing filter does not solve the problem, then re-enable it immediately," he says. "Set up a reminder to re-enable the filter so that if a patch is issued that fixes the problem, you will remember to re-enable the filter."

Given that the complex Ajax technology is still fairly new on Websites, Abrams says, it's not surprising to be finding such glitches with it.

One MSDN blog participant had already suggested that rather than disable the anti-phishing filter, you could add the Ajax-heavy sites as "trusted sites." That would preclude the filter from getting bogged down on the sites.

Disabling the IE7 anti-phishing filter requires restarting the browser as well, according to Zhang's blog.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Microsoft Corp. (Nasdaq: MSFT)

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 9/21/2020
    Cybersecurity Bounces Back, but Talent Still Absent
    Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
    Meet the Computer Scientist Who Helped Push for Paper Ballots
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
    Register for Dark Reading Newsletters
    White Papers
    Latest Comment: Exactly
    Current Issue
    Special Report: Computing's New Normal
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    How IT Security Organizations are Attacking the Cybersecurity Problem
    How IT Security Organizations are Attacking the Cybersecurity Problem
    The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2020-09-22
    In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.
    PUBLISHED: 2020-09-22
    Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page).
    PUBLISHED: 2020-09-22
    All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.
    PUBLISHED: 2020-09-21
    Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.
    PUBLISHED: 2020-09-21
    Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.