IE 8's updated anti-phishing filter, called SmartScreen, now also blocks sites confirmed by Microsoft host malware, regardless of whether phishing is involved. Like the anti-phishing features in Firefox and Opera, SmartScreen is not yet accurate enough to be completely relied upon. You'll still need anti-malware software and common sense.
One of the smallest, but best security improvements is IE 8's highlighting of the true domain name in the address bar when the name is embedded in a much longer URL. Phishers often embed the spoofed target's domain name inside a much longer fake domain name string. This one small change makes it significantly easier to recognize phishing sites Microsoft has not yet confirmed. Chrome has this feature, but in addition to the domain name, it highlights the Web server name, which is often spoofed by phishers as well. Microsoft's choice is more discriminating.
IE 8's new Inprivate Blocking feature attempts to prevent other types of third-party tracking besides the normal cookie tracking techniques. If IE 8 notices a single third party tracking you over 10 Web sites, it will give the user a chance to block the tracking. You can also enable Inprivate Subscriptions, which implements Inprivate Blocking lists updated by Microsoft.
Add-ons and ActiveX
Only IE and Firefox have an add-on manager, and IE's is easily the best. As in Firefox, add-ons can be globally enabled or disabled by clicking a single button. But IE 8 allows add-ons to be restricted to running on a single site or be used by any Web sites. The initial decision is made during the add-on's first download, but can also be modified later. IE's add-on manager will show which add-ons are currently loaded, which have been used, and which have not been used.