Microsoft now plans to release release its anti-phishing filter for IE in a matter of weeks instead of (as originally planned) next year as part of IE7.
This looks like a concession, but is probably not. Judging from the companys own white paper on the topic, Microsoft has worked out its thinking on how such a security feature should work, and having (apparently) bought in the software from a third-party probably has it up-and-running in a usable form anyway.
The core of what Microsoft means by anti-phishing is to build in a basic reputation service into IE. This will check a domain against a list of known troublespots, with intervention depending on severity rating. Its not perfect, but it is a start. If youre prepared to use the MSN Toolbar youll soon be able to do this much very soon.
Less clear is how the company plans to address leading-edge security threats such as key-logging and screen-capture Trojans. These dont just relate to the browser layer, of course, but they do have to hook into it in order to execute data theft.
It is sure that the new prevalence for domain checking technology in browsers will push even more criminals towards the illicit lure of the stealth Trojan.
But what if the security billing for IE7? The idea that emerging security threats can be addressed by the usual release schedules for software is outdated. IE7 will be billed as a big deal, but the inescapable conclusion is that major point releases are a thing of the past.
Security is changing software in interesting ways.