Security Experts:

Zscaler Releases HTTPS Everywhere for Internet Explorer

Cloud-based Internet security provider Zscaler on Monday released an early version of HTTPS Everywhere for Internet Explorer, a free tool that forces the Web browser to use HTTPS connection requests whenever possible.

ZScaler’s new tool is based on the original HTTPS Everywhere browser extension for Chrome and Firefox developed by The Tor Project and the Electronic Frontier Foundation.

“Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use,” the EFF explained in a blog post. “For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using a clever technology to rewrite requests to these sites to HTTPS.”

“HTTPS Everywhere redirects users to HTTPS URLs based on a set of rules,” Zscalers’s Julien Sobrier noted in a blog post. “Switching from HTTP to HTTPS is still not as easy as it should be and many domains have not designed their websites to be accessed securely.”

While privacy is an important reason for using secure HTTPS connections, security is even more of a reason to utilize the added layer of protection. For example, using HTTPS connections can help prevent man-in-the-middle attacks and secures web site cookies and session IDs that if exposed can be used to hijack user accounts by essentially “stealing” browser session IDs.

The extension works with most recent 32-bit versions of Internet Explorer running on Windows XP SP3 to Windows 8 and on Internet Explorer 6 to 10. A version that supports Internet Explorer 64-bit will be available soon, Zscaler said.

“As the version number suggests, this is a very early release. I have been using the extension for several weeks without any problems, but it should be considered an alpha release. Version 0.0.0.1 translates URLs from HTTP to HTTPS according to the EFF rules and secures cookies,” Sobrier said. “It does not currently support HSTS, not does it provide support for custom rules.”

“[Documentation] details how the extension works and describes its architecture. Some of the behaviors are not obvious, so I strongly suggest that you read it,” Sobrier added.

More information on HTTPS Everywhere for Internet Explorer along a download link can be found here.

Subscribe to the SecurityWeek Email Briefing
view counter