Straight from the source, Microsoft heavily promotes the security features for IE9 with the following key features;
- IE8 is the only browser to block XSS attacks “out-of-the-box.”
- IE8 introduced the first “out-of-the-box” mechanism to allow sites to prevent ClickJacking attacks.
- IE8 introduces new functions which allow sites to build more-secure mashups (toStaticHTML(), XDomainRequest) and supports new standards-based mechanisms (Native JSON support, postMessage()).
- Safer default settings (DEP/NX, per-site AX) mean that users are better-protected than ever before. Group Policy controls (for ActiveX management, enforced SmartScreen blocking, etc) allow IT administrators to reduce the number of trust decisions users face when using IE8.
I am looking forward to the industry response to this report. Will we see Google say that NSS Labs is in the pocket of MS? Will they dispute the source URL's or EXE's? Or, will they get their act together and implement a proper protection system - cloud based, collaborative, crowd-sourced or whatever... Something.
You can find the NSS Labs report in its entirety here: