Application Compatibility Logging - What all is Logged by Internet Explorer 7
Most of the items that the Internet Explorer 7 reports in the log file are the mal-functioning or malicious URLs owing to its enhanced security features. Let us take a bird’s eye on what all can a web application developer find useful in the Event Viewer.
1 URL Parsing
Whenever a user enters or clicks a link to open a website, the security features in Internet Explorer 7 and 8 check for the URL’s compatibility with the RFC’s guidelines. RFC, or Request for Comments was an attempt to create a standard for several aspects of Internet computing. Though many features of the RFC are already being used as a standard, the drafts are still awaiting a clearance for worldwide adoption.
Plenty of fake websites use URLs that are almost similar to the real ones. For example, if you misspell a letter in bank’s URL, you are taken to a site that resembles the actual bank’s website. You might have received several links in your emails wherein you were asked to update your credit card or bank information by clicking on the link. These are mal-formed or malicious URLs that try to fool the Internet Explorer 7 and thereby you into believing that you are at the right place. However, the security features of Internet Explorer are smart enough to detect the fake URLs.
Generally, when you enter an URL in the address bar of the Internet Explorer 7, it creates a log in the event Viewer if it finds the URL to be malicious. It has its own technique to identify a malicious URL. The most common method is to re-create the URL and navigate to it. If the URL fails to be re-constructed, it is logged to the Event Viewer. The Event Viewer will contain both the URL and the reason why the reconstruction failed.
Note: Sometimes a URL creation may also fail because of insufficient memory. The reason can be detected by using the Microsoft Application Compatibility Logging Toolkit.
2 Website Certificate Problems
If the Internet Explorer finds that a website has an invalid certificate, it will log the URL and the problem with the certificate. The problems with a website’s certificate can be one of the following: Invalid date; Invalid Domain; Name and Domain Mismatch; Unknown Certification Authority; and a host of other reasons.
3 Cross Domain Scripts
Whenever the Internet Explorer 7 finds a script on a webpage that attempts to navigate you to another page without your knowledge, it will create a record of the event in the Event Viewer. You might have seen a bar at the top of your browser saying that a script was blocked, which often relates to this problem/threat. Though some of such scripts are safe, plenty of scripts attempt to take you to a page where they can download malicious software to your computer or procure confidential data using any methods.
4 Active X Scripts
If the Internet Explorer finds any Active X Control on the page that is not created by the first party application vendor, it blocks the script and logs the event. It notes down the script name, date and time, publisher of the script, and reason why it was blocked.
5 Phishing Filter
Internet Explorer 7 invested a lot in creation of a list of phishing websites. The list keeps on growing each day. Apart from restricting or warning the user about the characteristics of the site, Internet Explorer also alerts the user of any website it finds suspicious. All this is again logged into the Event Viewer.