According to a Microsoft IE Web log written by engineers Vishu Gupta, Rob Franco and Venkat Kudulur, the company has been working on improvements to IE, so as to prevent the browser from running malicious code in less restrictive security zones.
The engineers say that the local intranet zone is not really relevant for home users; as such a change has been made to IE 7, so that when a PC is not on a managed corporate network, IE will treat apparent intranet sites as if they are on the Internet. This, the engineers think, will remove the attack surface of the intranet zone for home PC users.
However the Web log says if a machine is running on a domain, IE 7 will automatically detect the intranet sites and revert to the intranet zone settings. Network administrators will be able to set group policies, to ensure the browser runs as desired. Further, in Windows Vista, the Internet zone will run in what the company calls “protected mode” to help protect against attacks that IE has faced in the past.
IE 7 will sport another feature, ActiveX Opt-In, which promises to reduce potential damage from malicious Active X controls in the Internet zone. This change will reflect in terms of a new setting for the Internet zone, dubbed “medium high”. In addition, the “Trusted sites” zone in IE 7 will be different; it will feature a “medium” default security setting similar to the Internet zone in IE 6.