Changes to Functionality in Microsoft Windows XP Service Pack 2
Part 5: Enhanced Browsing Security
Microsoft Corporation
Published: September 15, 2004
Authors: Starr Andersen, Technical Writer; Vincent Abella, Technical Editor
This document is Part 5 of “Changes to Functionality in Microsoft® Windows® XP Service Pack 2,” and provides detailed information about the technologies included in Windows XP Service Pack 2 that help to make Web browsing safer. These technologies are designed to help to provide improved security when compared to previous versions of Internet Explorer. You can obtain the other parts of the paper in the Microsoft Download Center, at http://go.microsoft.com/fwlink/?LinkId=28022.
This document applies to Microsoft Windows XP Service Pack 2 (SP2) for the 32-bit versions of Windows XP Professional and Windows XP Home Edition. It does not describe all of the changes that are included in the service pack, but instead highlights those changes that will have the most impact on your use of Windows XP SP2 and provides references to additional information that may be available.
Changes to Functionality in Microsoft Windows XP Service Pack 2 Part 5: Enhanced Browsing Security 1
Download, Attachment, and Authenticode Enhancements
What do the download, attachment and Authenticode enhancements do?
Who does this feature apply to?
What existing functionality is changing in Windows XP Service Pack 2?
Internet Explorer File Download Prompt
Outlook Express E-mail Attachment Prompt
Add-on Install Prompt
What settings are added or changed in Windows XP Service Pack 2?
Internet Explorer Add-on Management and Crash Detection
What does Internet Explorer Add-on Management and Crash Detection do?
What new functionality is added to this feature in Windows XP Service Pack 2?
Internet Explorer Add-on Management
Internet Explorer Add-on Management for Administrators
Internet Explorer Add-on Crash Detection
Do I need to change my code to work with Windows XP Service Pack 2?
Internet Explorer Binary Behaviors Security Setting
What does Binary Behaviors Security Setting do?
New Internet Explorer Security Setting
Internet Explorer BindToObject Mitigation
What does BindToObject Mitigation do?
ActiveX Security Model applied to URL object initializations
Internet Explorer Information Bar
What does the Information Bar do?
Information Bar User Interface
Add-on Install Prompts
Pop-up Blocked Notification
Automatic Download Prompts
Active Content Blocked
ActiveX Blocked Due to Security Settings
Internet Explorer Using Feature Control Registry Settings with Security Zone Settings
What do Feature Control Registry Settings and Security Zone Settings do?
Feature control registry settings
Do I need to change my code to work with Windows XP SP2?
Internet Explorer Feature Control Settings in Group Policy
What does Internet Explorer Feature Control Settings in Group Policy do?
Group Policy Internet Explorer Settings
Internet Explorer UrlAction Security Settings in Group Policy
What does Internet Explorer UrlAction Settings in Group Policy do?
Group Policy Internet Explorer Security Settings
Policy values for urlAction
Feature Control Policies
Zone Map Policies
Internet Explorer Local Machine Zone Lockdown
What Does Local Machine Zone Lockdown do?
Changes to Local Machine Zone Security Settings
Do I Need to Change My Code to Work With Windows XP Service Pack 2?
Internet Explorer MIME Handling Enforcement
What does MIME Handling Enforcement do?
MIME-handling file type agreement enforcement
MIME sniffing file type elevation
MIME Sniffing behavior per-zone
Internet Explorer Object Caching
What does Object Caching do?
Security context is invalidated upon navigation to a different domain
Internet Explorer Pop-up Blocker
What does Pop-up Blocker do?
Pop-up Blocker features
Methods: window.open(), window.external.navigateAndFind(), showHelp()
Internet Explorer Untrusted Publishers Mitigations
What does Untrusted Publishers Mitigations do?
Blocked Publisher
Blocking Invalid Signatures
One prompt per control per page
Ellipsis placed on text for application description and publisher name
Internet Explorer Window Restrictions
What does Window Restrictions do?
Script repositioning of Internet Explorer windows
Script sizing of Internet Explorer windows
Detailed description
Script management of Internet Explorer status bar
Internet Explorer pop-up window placement
Internet Explorer Zone Elevation Blocks
What does Zone Elevation Blocks do?
Zone Elevation Blocks
Internet Explorer Network Protocol Lockdown
What Does Network Protocol Lockdown Do?
Changes to Security Settings for Restricted Protocols
Restricted Protocols Feature is OFF by default for Internet Explorer and all Applications
In Windows XP Service Pack 2, the prompts that are used for file downloads, mail attachments, shell process execution, and program installation have been modified to be more consistent and clearer than they were in Service Pack 1 for Windows XP. In addition, the publisher information will be shown before a file type that is signable and can potentially harm the user’s machine is opened. (Common examples of signable file types that can potentially harm the user’s machine are .exe, .dll, .ocx, .msi, and .cab.)
There is a new application programming interface (API) which allows application developers to make use of this new user interface. For more information regarding the API, see “AES API Integration,” in the section of this document on changes to e-mail features in Windows XP Service Pack 2.
Application developers will be able to call the new Attachment Execution Service (AES) dialog box from their Windows applications by using the API that is described in “AES API Integration,” in Part 4 of this document, “E-mail Handling Technologies.”
Application developers should also be aware that, in certain scenarios, such as attempting to open an attachment or downloading a file that is potentially dangerous, file types that can potentiall...
Amiga789