Microsoft has unveiled a set of security enhancements aimed at providing more ways to manage Internet surfing and Java applets but acknowledges that more must be done to ensure network safety.
Plagued in recent months by security questions about its Web browser, Internet Explorer, and other products, Microsoft has also released Version 2.0 of the Authenticode software-signing technology.
The steps include creation of "security zones" that will, at the desktop level, let administrators define and lock down trusted zones and potential security risks on the World Wide Web. The most trusted domain would be an intranet, followed by a trusted extranet, a general Internet, and an untrusted Internet.
That support will be in the next Internet Explorer 4.0 beta version and the Internet Explorer Administration Kit (IEAK) 4.0. The next Explorer beta version is due in eight weeks; the final release is scheduled for late this quarter.
Analysts say Microsoft should address security at a higher level in the network: at the server, network, or firewall.
"They need to work on centrally administrated browser-based security," says Dave Folger, an analyst with the Meta Group. "This is only a temporary patch to do [it] at the client. The right place for this is somewhere else, on the server or on a firewall. But it is better than nothing."
Product manager Cornelius Willis agrees. "It makes sense to do this at the network and server level," Willis said. "We are looking into that."
Microsoft's "capabilities-based" Java security system lets applets that have been digitally signed roam outside the protective sandbox. The IEAK will let administrators determine what tasks Java programs are allowed to perform, Willis says.
Microsoft's Java security setup is similar to a feature in Netscape's Communicator. Sun Microsystems promises similar technology in its Java Development Kit 1.2.
Authenticode 2.0 includes automatic status checking and revocation of digital IDs. The new version can be downloaded by Explorer 3.x users from the Microsoft Web site.
A certificate-management feature to specify which ActiveX controls and Java applets run on a computer will also be included in Explorer 4.0.