Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security Internet Explorer The Internet

Zone-Spoofing Fixed for IE 7 Home Users 115

Posted by Zonk from the i-can-sleep-better-tonight dept.
BeanBunny writes "The IE 7 dev team has essentially removed the intranet zone for Home users, resulting in a Web browser that is effectively invulnerable to a zone-spoofing attack. This security feature does not exist, however, on any installation that is part of a managed network. It also does not exist if you manually change the permissions on your Internet zone. However, in Windows Vista, both zones will be run in a 'protected mode,' something that allegedly prevents the invisible installation of code."
This discussion has been archived. No new comments can be posted.

Zone-Spoofing Fixed for IE 7 Home Users More

Zone-Spoofing Fixed for IE 7 Home Users

Comments Filter:

  • So . . . (Score:4, Funny)

    by Hey Pope Felcher . . ( 921019 ) on Friday December 09, 2005 @12:46PM (#14220509)
    Everybody will be safe and secure, except of course for every single business in the known world?

    • Re:So . . . (Score:1, Informative)

      by cytoman ( 792326 )
      You do realize that businesses which run windows operating system usually have a systems admin who takes care of locking down the computers and preventing unauthorized attacks, etc. So, the problem has always been for home users who manage their own systems, and are easily fooled into the many frauds/spoofs/phishing attacks. Good that this is being taken care of in IE7.
      • does he allow authorized attacks? i don't think I would.
      • businesses which run windows operating system usually have a systems admin who takes care of locking down the computers

        Bwahahaha! Good one! /me wipes a tear from my eye

        Thanks, I needed that.

        If you were being serious, I think you need to do a s/usually/sometimes/ on that sentence.

  • Protected Mode (Score:3, Informative)

    by BobPaul ( 710574 ) * on Friday December 09, 2005 @12:47PM (#14220529) Journal
    Protected mode sounds kind of like the security wrappers Firefox Deer Park places around extensions.

  • Remove the Internet Zone too (Score:5, Funny)

    by 4D6963 ( 933028 ) on Friday December 09, 2005 @12:47PM (#14220534)
    They should also remove the Internet Zone too. if they do so, they'll have the most unvulnurable browser in the world.

    No browser is safer that IE if you prevent it from accessing a network!

    • "No browser is safer that IE if you prevent it from accessing a network!"

      Oh, I'm sure someone will still find a way.
    • Who actually uses that convoluted Internet Zone setting in the first place?
      I remember seeing it in IE4 thinking that it was a good idea but how damn complicated it is to actualy use. AND, it's not portable so on each Win98 re-install, all your settings had to be rebuilt.
      Plus98 was more fun to reinstall and setup than that.
      • > Who actually uses that convoluted Internet Zone setting in the first place?

        "Zones" were quite possibly the dumbest design flaw in the history of web browsers, arguably exceeding even the decision to "integrate" the browser with the OS.

        > I remember seeing it in IE4 thinking that it was a good idea but how damn complicated it is to actualy use. AND, it's not portable so on each Win98 re-install, all your settings had to be rebuilt.

        I said the same thing you did - except that instead of thinking

        • "Zones" were quite possibly the dumbest design flaw in the history of web browsers, arguably exceeding even the decision to "integrate" the browser with the OS.

          It's a big benefit to us at work (I do systems engineering).

          Obviously we want our users to be very well protected from external websites, but for ones on the company intranet or ones that belong to partner companies, it's great to be able to relax the security so that businesspeople don't have to worry about unsigned code warnings when they use some
        • [...] arguably exceeding even the decision to "integrate" the browser with the OS.

          Amazing how such a "dumb idea" has since been copied by OS X, KDE and GNOME.

          • Neither Finder nor Nautilus provide web access. Konqueror is more of a suite of programs (file manager + web browser), but it's also far more secure than IE.
            • Neither Finder nor Nautilus provide web access.

              This feature is completely independent of "browser integration". All four platforms have the same browser-as-a-shared-component style architecture (and of them, Windows had it first). That some choose to have a shell that loads various components as required (Windows and KDE) and some offer only a simple shell (OS X and GNOME) does not change the fundamentals. The browser is still "integrated" into the "OS" by being available as a reusable component.

              Konqu

      • It's worked fine for us for since our initial Windows 2000 deployment. Just set it once in group policy, and don't worry about it again.
    • No browser is safer that IE if you prevent it from accessing a network!

      I had something similar happen with a recent update a client of mine did. They updated their version of PC-cillin and it completely blocked them from getting on the Internet. It sure was secure though!
    • Shut off from the outside world I think IE is still executed frequently, even on a box encased in three feet of concrete and nothing but a monitor, keyboard and mouse.

      *We get blue screen. AI turn on.*

      //IE starts hallucinating and spoofs what it imagines the world must be like.

  • Essentially... allegedly... I smell BS. (Score:3, Insightful)

    by Ruff_ilb ( 769396 ) on Friday December 09, 2005 @12:50PM (#14220566) Homepage
    The OP doesn't seem too sure of this new security ploy - I don't know how they plan to implement this, but I think claiming to have a completely secure way of doing things doesn't help your security in the long run. Immune to today's typical attack, maybe, but if/when vista takes over as the OS of choice for most computers, its vulnerablilities will be found and exploited. I remember how SP2 was supposed to be some sort of security godsend, and when I first tried to install it it BSOD'd my computer every startup until I reformatted & reinstalled windows. That's slightly off topic, but it's an example of how good-intentioned 'security' fixes can do little more than break something that's been manually secured in the first place.
    • The OP got it all screwy, and must not have read (or at least understood) the IEBlog [msdn.com] entry that explains it pretty well.

      Basically, they are removing the intranet zone for XP Home users because they don't believe it's needed, and having it creates another attack surface. You'll be able to get it back if you want, the first time you use what would be an intranet zone address IE will show the yellow Information Bar and you can click to restore it.

      Zone spoofing will still be possible by using Trusted Sites zone
      • Zone spoofing will still be possible by using Trusted Sites zone

        How, exactly? I've searched for a few minutes on google and could not find any working examples of spoofing the zone. If you know it's possible then you must already know of an example then, right?

      • As the OP, I take exception to that. ;)

        I applaud Microsoft for identifying that user confusion has caused a lot of inadvertent invulnerabilities.

        The idea of trusted and untrusted sites seems good on the surface, since it is a balance between open access to the Web and unplugging your DSL modem. Nevertheless, allowing the intranet zone to return means that there can still be zone spoofing, as you stated. Maybe less likely, but the problem with security is that a hole is a hole. Once you find it, it's now

    • I remember how SP2 was supposed to be some sort of security godsend, and when I first tried to install it it BSOD'd my computer every startup until I reformatted & reinstalled windows.

      Probably, your computer was infected with something like a rootkit that tried to take over the machine on startup to conceal itself. Installing SP2 likely changed the system enough that the rootkit's patches were invalid, giving you the BSOD. By reformatting you removed the malware, so SP2 did its job.

  • Code signing will finally be more effective (Score:3, Interesting)

    by stonebeat.org ( 562495 ) on Friday December 09, 2005 @12:53PM (#14220600) Homepage
    I like this move. Code signing of Active X controls will be more effective, since all code will have to signed before execution. Plus I.E. 7 has capability to create Whitelist of certain trusted signers, and reject everything else. See Do you Code Sign ??? [xml-dev.com] for more details.
    • Hmmm,

      Maybe you fix one or two weaknesses, but there's so many others in windows it amounts to broken anyway. All this security blathering by MS is part of their "security" media message. What happens when Longwait gets here? More of the same.

      Code signing has it's own troubles, the biggest of which is the PHB or consumer that doesn't know or care.

      Who's the signer and how much will they charge? Annually? You squelch innovation as the entry barrier into the desktop just got raised. Not to mention if you m
    • the details you are enlightening sound secure, but do you think that microsoft's sign check is 100% bulletproof ? on buffer overflow there and all the signed "gang" who have enabled signed scripts will be f-d ....

      i'm against all extensions. if you can't fit it in html, it's not supposed to be in a browser in the first place ...

      yep, i use ff

    • I like this move. Code signing of Active X controls will be more effective, since all code will have to signed before execution. Plus I.E. 7 has capability to create Whitelist of certain trusted signers, and reject everything else. See Do you Code Sign ??? for more details.

      Digital signatures are only a security feature in that the publisher can guarentee that their data has not been modified in transmittion to you. It does not indicate the quality of the data. It was never meant to seperate software from

  • Hmmm.. (Score:3, Insightful)

    by slashes ( 930844 ) on Friday December 09, 2005 @12:54PM (#14220613)
    Sounds like a good start for IE7. If vista comes around, I still won't use IE7 anyway. It's reputation is tarnished and no matter what Microsoft does, it won't bring back us Firefox, Opera, Safari and etc users.

    If I was Microsoft, I'd implent IE competely away from shell and work with it individualy. I think it'll solve the majority of the problems.
    • I think you are wrong there. I glady welcome a more secure IE, so i dont have to deal with a memory leaking randomly crashing(disappearing with no error) firefox client anymore.
      • You can already solve that problem by switching to Mozilla. ;)
        • Or Opera. Even though I don't like Opera, it's still better than IE.
          • Have you tried it since 8.0? 8.x represents a vast improvement over the entire 7.x line. I stopped using Opera when 7 came out. I couldn't stand it, and switched fully to Mozilla. I also can't stand Firefox, but love Mozilla. It's the little things...and I don't have nearly as many problems with Mozilla (read: -any-) as Firefox users complain about.
            • I have. I just don't like the user interface, which of course is just a personal preference. And I love the fox's customizability.
      • You got me there =(

  • Vista is taking a page from *nix (Score:3, Interesting)

    by wyckedone ( 875398 ) on Friday December 09, 2005 @12:54PM (#14220614) Homepage

    IE7 is supposed to run in a fully protected mode by default. The protected mode is similar to a non-root user in *nix so that non-admin user programs do not have access to modify system files or settings. This is supposed to prevent spyware/adware that hooks into Windows processes and keep something one user may install from affecting other users of the system.

    Slowly but surely MS is learning a few good tricks from the Linux crowd.

  • Why do we need zones? (Score:4, Insightful)

    by Anonymous Coward on Friday December 09, 2005 @12:56PM (#14220636)
    I still fail to understand why IE needs zones at all. If the security settings were less complicated and more reasonable, this wouldn't be a problem. Instead of trusted/intranet/internet, etc... why not a 'whitelist' and 'blacklist.' Simple and easy. Zones are complicated and confusing for most users, and many people end up setting the internet zone to low security so they can access their favorite Java/Flash/JS/ActiveX-addled whiz-bang website anyway.
    • Well, duh. The zones are needed because they are neat-o and they are infinitely extensible. As you probably know, programmers value those two things way more than usability.

      Now, the only thing that's missing is hierarchy. Imagine having categories of zones. Corporate network, division, department. Internet, with sub-categories shopping sites, news sites, and so on. Each with their own customizable settings!

      The left side of the dialog would be a treeview showing the different zones (there might be hundreds o
  • But where is the innovation?

    I'll be honest, I haven't followed the Vista track that closely, but I have yet to hear of any evolutional or even revolutional features that I can look forward to. I read the slashdots and the diggs of the internet so, are these sources too Google and Apple happy to report on the Windows front? Or is there simply nothing to report?

    Other than Metro and their attempts at making their OS work like Tiger, what is left?

    Don't say security.

    • Formula for Posting (Score:2, Insightful)

      by Lee_in_KC ( 816490 )

      {Rhetorical question}

      {Admit you don't know anything about what you are about to talk about but think your way is better}

      {Slam Microsoft}

      Does that about cover it? I think I can rig up some rotating cookies to accrue good karma here if I can just get curl to work in Cygwin correctly. :-)

      Seriously though, IE is the browser MANY companies choose and need to use so I think changes to improve security are good, doesn;t everyone else? If you want to contribute get on the Beta team. If you just want to c

    • I'll be honest, I haven't followed the Vista track that closely, but I have yet to hear of any evolutional or even revolutional features that I can look forward to.

      I don't think Slashdot is the best place to ask this question on, as you'll no doubt get the "no, Vista is reskinned XP".

      Personally, I don't think an evolutionary OS have to be "innovative", just better. Goes for Linux just as it goes for Vista.

      Anyway, here's an Vista edition comparison [winsupersite.com] and here's a more detailed list [winsupersite.com] of planned features.
    • But where is the innovation?

      This posted to a site where every incremental improvement in an OS app still in Beta gets trumpeted like the Second Coming and the True Believers recompile their kernel every night.

      • That's pretty much what I was going to say. I used Linux for about 6 years, installing and using everything form slackware 3 (on floppies) to Mandrake 10.

        KDE's ioslaves was an innovative idea; being able to slot in a CD, browse to a virtual mp3 folder and drag 'n' drop the mp3s to the hard drive, thus triggering the ripping of them? Inspired.

        I can't think of anything else that was truly innovative. Lots of good stuff, sure, but nothing that wasn't an incremental improvement on the status quo.
    • Judging from screenshots and info: the ability to control audio volume per application from the OS. It's as if every app now has its own dedicated Master channel that the OS then mixes together for output.

      I've been wanting that for years due to certain apps that think they are divine and simply take over/mute my global Master/Wave channel when they feel like it (AIM and Winamp, I'm looking at you!). In Windows Vista, those intolerant apps will not be able to take over.

      Lazy app writers who simply use the glo
    • They've made some neat changes, and the details are here:
      http://channel9.msdn.com/tags/Windows+Vista [msdn.com]

      The Slashdots and the Diggs are too Apple and Linux happy.

  • How about... (Score:3, Interesting)

    by nurb432 ( 527695 ) on Friday December 09, 2005 @01:03PM (#14220706) Homepage Journal
    How about they just fix the damned holes instead?

    This is about as bad as putting duct tape over the rusted out holes in an old car: "see, its all better now"

    • Re:How about... (Score:2, Insightful)

      by wyckedone ( 875398 )
      This is an attempt at fixing a hole. Zone-spoofing is a threat and MS realized that. It may not be the best fix but it is a start.
      • This is an attempt at fixing a hole. Zone-spoofing is a threat and MS realized that. It may not be the best fix but it is a start.

        It is far from a fix, adding extra code to provide extra protection is not fixing the problem. This whole 'protected mode' stuff will likely have enough bugs of it's own, it is the software equivalent of duct tape.

        It may still work to some extend, my car stopped leaking after some work with duct tape. Are you impressed now? Or should i call it 'brand-new' and 'utra-reliable'
        • Microsoft has not yet learned that more onion layers != security.

          I thought the Microsofties were supposed to be really smart, however, it seems to me that whenever a security problem emerges, Microsoft's first solution is an extra 'security management app' that watches the code in question.

          AFAIK, that never, ever works. You'll never get _anywhere_. Each additional layer of protection code=more bugs.

      • ...just fixing the damn holes instead? [...] duct tape ...

        This is an attempt at fixing a hole. Zone-spoofing is a threat and MS realized that. It may not be the best fix but it is a start.

        As usual when marketing hype muddies up the terminology, quality suffers and confusion results.

        In this case, "zone" is used by Microsoft marketing to mean one thing, and by DNS to mean something else. A DNS "zone" is a particular inherited slice of domain - a group of machines under the same management. An MS

    • They aren't placing IE in a virtual machine or anything, they're trying to fix zone spoofing by changing the feature. It is a design problem after all.
    • I held the trunk on my old '77 Buick Century on with duct tape for almost 2 years you insensitive clod!

    • The holes they know of are fixed. This is an attempt to make sure new inevitable holes (which all large programs have, Firefox is no exception) won't be nearly as serious.
  • The funny thing is all corporate networks that have no windows domain fully deployed yet will be in big trouble, unless the admins deploy some extra security policy that switches back intranet sites to the local zone. Otherwise no activeX, stuff will get broken, etc...

    (from the IE blog: only pc;'s connected to a domain will have a local zone enabled)

    Looks more like a ploy to force all corporate users to move to active directory asap...
    • all corporate networks that have no windows domain fully deployed yet will be in big trouble, unless the admins deploy some extra security policy that switches back intranet sites to the local zone
      [...]
      Looks more like a ploy to force all corporate users to move to active directory asap...

      Umm, no.

      They are removing the intranet zone from the home edition, and leaving the intranet zone in the pro version. And the intranet zone has less security than the internet zone to allow all of the insecure activex crapp

  • Always Trust Content From This Provider (Score:5, Insightful)

    by Nom du Keyboard ( 633989 ) on Friday December 09, 2005 @01:27PM (#14220911)
    Always trust content from this provider.

    Everyone should know that checkbox well -- and leave it alone and unchecked.

    But where is the Never trust content from this provider ever again checkbox? The one I want to check every time I go to a site (all seemingly signed by the same certificate provider) that tries to install the 24-hour Time Manager, or You Must Click Yes to View This Site's Content when all trying to do is get out of a site I hadn't wanted in the first place.

    That's what I want my browser to offer me -- along with an inability for any web-site to affect my browser's basic functioning, like disabling the right mouse key. When is that patch coming?

    • But where is the Never trust content from this provider ever again checkbox?

      Good point. Instead of wasting time on "zones", let the user decide what is and isn't trusted content. Build site-blocking right in, and then allow the user to set levels of blocking, so you could for example browse a site but accept no cookies or downloads or ActiveX from that site. Basically, migrating a firewall into the browser to set an extra level of protection.

    • Comment removed based on user account deletion
    • wouldn't it be better to carefully examine the certificate, verifying that it is really valid and making sure the issuer (and all of the certificates in between if any) are trustworthy. After determining that the certificate is trustable, then check 'Always trust this provider' ?

      My reasoning for this is if you do trust the certificate, and you always click 'yes' each time without doing the 'always'. Some day, a website might spoof the real website, using its own carefully crafted certificate that LOOKS si
    • Good post, but can you explain why not? Presumably the ability to spoof a digital certificate was a security hole and I've patched it. It's difficult not to check that box, when even Microsoft pops up azillion of those ActiveX boxes. By the way, have you updated to SP2? The new "Information" bar is slightly less annoying, though still not what you want. --Sam

  • Misleading article title ? (Score:3, Insightful)

    by Chaffar ( 670874 ) on Friday December 09, 2005 @01:35PM (#14221001)
    Microsoft To Beef Up Internet Explorer 7 Security

    Shouldn't it be something along the lines of "Microsoft removes yet another feature that proved to be a security threat"? It's not like they added a new security measure that beefs up Internet security. They just disabled the intranet zone, not too different than that feature that doesn't let you access /programfiles/ or /windows/ from the local network (dunno if you can circumvent that, but it is what happened to me by default)->(I think it's from SP2), which IMO is extremely annoying, because it makes me HAVE to change rooms to copy something from those folders.

    Ah, spin doctors, you never cease to amaze me...

  • ...for users to figure out. Its all "Internet" as far as they can figure out: Very few can define let alone know what a "Local Intranet" is or rarely have a reason to browse there (most home users have 1 maybe 2 machines which don't usually host web pages + hardware with Web Control interfaces). Both "Trusted Sites" and "Restricted Sites" are backwards concepts because you don't know if a "new site" is trustworthy or not till you get there which at that point maybe too late.

    Very few home users can underst

  • My idea (Score:3, Insightful)

    by Spy der Mann ( 805235 ) <`moc.liamg' `ta' `todhsals.nnamredyps'> on Friday December 09, 2005 @02:01PM (#14221257) Homepage Journal
    1) add to the file system the origin of the file, like an "evil bit". Local (0) = good, internet (1) = bad. Let's call this the "unsafe" bit.

    2) Files created by scripts / java applets / your internet browser will ALWAYS have their "unsafe" bit set to 1. Copying files (even with floppies) will also copy their internet bit.

    3) Never execute files with the "internet bit" set to one.

    So what about executables installed from the internet? You set their internet bit to 0. But here's the catch: They CANNOT set or unset other files' unsafe bits, that's something only the admin can do, with a program by the operating system.

    4) applets / scripts / etc cannot read or write files with the "internet bit" set to 0. They can only alter "internet" files.

    This will allow applets or scripts to use caches, etc, but they can't make a script and later tell windows shell to run it. This will trigger a security warning, and possibly ban the originating applet / script.

    Perhaps adding another bit "operating_system / user program" might improve this even further. os programs can create and alter os or user files, but a user program cannot modify an os file.

    Of course, this is only an idea, and i really haven't thought how viable it is.
    • Some security folks had a similar idea a couple years ago. Setting an "evil" bit in all network packets that were malicious. For some reason it has had difficulty gaining acceptance and buy-in from administrators:

        - http://www.faqs.org/rfcs/rfc3514.html [faqs.org]
      • Yeah, I took the idea from there. But my approach was the operating system setting the evil bit on program files, not packets. In any case that evil bit joke was awesome :)
    • add to the file system the origin of the file, like an "evil bit"

      But then how would we be able to load windows itsself! ;)
    • Hey, here's a start. It doesn't have some of the automatic cleverness you've mentioned, but it's managed to keep most OSes safe for 30-40 years or so.

      Instead of an "Internet" bit, how about an "executable" bit. The default would be "not executable". Then, to run it, the user would explicitly "change the mode" of the file. This would prevent things from running or even being run automatically.

      If only someone would prototype this and see if an OS with this features suffers less from trojans and viruses.

      (P
    • SP2 added a feature like this.. have you downloaded an EXE and ran it? It will warn you that it came from the internet.
  • Hey, MS took out a feature! If they continue to do this, they might actually become secure...

    Of course when it's actually secure, it'll be because MS took out program execution as a feature.

    (Announcer: Windows Bottomless Canyon, our most secure operating system yet. It's completely inveunerable to all forms of security risk. When you want to watch your mouse pointer move around the screen, but don't want the gaping security holes in Linux, look no further than Microsoft. (Program execution plugin may ad

  • Sadly, the slashdot crowd WANTS IE to be insecure (Score:5, Interesting)

    by I'm Don Giovanni ( 598558 ) on Friday December 09, 2005 @02:28PM (#14221540)
    All of the snide remarks in this thread indicate that most of you hate any improvement in IE for fear of losing some of your anti-M$ ammo. Deep down in your hearts, you WANT IE to be insecure, you WANT Windows to be insecure, you WANT Vista to bomb, just like you LOVED Win9x crashes. The fact is, Microsoft is addressing their security problems, just as they did their stability problems, and that scares you guys to death.

    You lost your stability argument, and slowly but surely, you're losing your security argument (the last major security outbreak happened back in 2003, and things will only get worse for you in Vista, where the default accounts are non-admin). Face the facts that you're going to have to find another argument ("free, as in beer", I suspect).
    • The fact is, Microsoft is addressing their security problems, just as they did their stability problems, and that scares you guys to death.

      Not really... I'm very happy with my *nix box and I haven't actually cared for whatever M$ has done lately for security, and I bet a lot of other *nix and Mac users don't give a damn whether Windows ever becomes secure. What you're accusing us is for rooting (ro0ting?) for the underdog, which last time I checked WASN'T a crime.

      You lost your stability argument

      I disa

    • Re:Sadly, the slashdot crowd WANTS IE to be insecu (Score:4, Informative)

      by freeweed ( 309734 ) on Friday December 09, 2005 @07:09PM (#14224303)
      the last major security outbreak happened back in 2003

      Hahahahahahahaha (x1000)

      The last catastophic, taking-down-millions-of-systems, DoSing-the-Internet, making-headlines-all-over-the-world-for-days-after wards outbreak happened in 2003.

      Several major outbreaks have happened this year, Zobot for one. The only thing that saved the day was the uptake in XP installs; otherwise, we would have had another Code Red on our hands.

      Incremental improvement. A good thing for Microsoft, a good thing for average users, a good thing for the internet, yes. But "slowly but surely, you're losing your security argument"? Call me when a million Linux webservers get infected. Call me when desktop Linux starts spreading automatically executed worm code.

      Most importantly, call me when Linux sees as many viruses and/or outbreaks as its marketshare would imply. Not the almsot nonexistent numbers we see today. That always seems to be the argument, that it's a marketshare thing. So just keep in touch, and let me know when 5% (or whatever Linux is at) of viruses/worms/spyware is targetted at, and infecting, Linux. Then you might actually have a point.
    • "Deep down in your hearts, you WANT IE to be insecure, you WANT Windows to be insecure, you WANT Vista to bomb, just like you LOVED Win9x crashes."

      Of course. This is why they wills till go on and on about the "blue screen of death" long after ti became an extremely rare occurance. They need things to stay the same because OSS can't match the rate at which a large company can bring resources to bear.

      They will contineu to tell stories about old versions of Windows and comfort themselves with superiority that

  • Interesting Security Moves with IE7/Vista (Score:3, Informative)

    by ThinkFr33ly ( 902481 ) on Friday December 09, 2005 @05:46PM (#14223527)
    IE 7 on Vista will run in sandbox that isn't really like anything out there today. (That I know of, anyway.) Even if you're an admin user, IE 7 is contained in such a way that it is not able to access anything outside of its sandbox without explicit permission.

    This helps even when non-admins are running IE 7 because it doesn't just prevent system changes (like adding a program to the startup folder), it also prevents changes to anything outside of the sandbox... including files that the non-admin user has full access to.

    They accomplish this by using the concept of a broker which IE 7 has to ask to do pretty much anything to the local system, independant of the privledges of the user running the browser. Want to save a file to your desktop? IE 7 must first ask the broker for permission. When the broker gets this request it then asks the user using a dialog. If the user approves, the broker then gets the appropriate information from IE 7 and saves the file for IE 7. At no point does the IE 7 process have access to the desktop or any of the users files.

    The net effect is isolating all dangerous code in the broker, which is far simpler and easier to audit and debug than IE 7, thereby decreasing the attack surface dramatically.

    For a detailed description of all this, check out the channel 9 [msdn.com] video about it.

Slashdot Top Deals

If you have a procedure with 10 parameters, you probably missed some.

Close