The additional security provided by a "low-rights" mode in Internet Explorer 7 will be for Longhorn only, a Microsoft executive said Thursday.
"While most IE7 security features will be available in IE7 for Windows XP SP2, 'Low-rights IE' will only be available in Longhorn because it's based on new Longhorn security features," wrote IE lead program manager Rob Franco on Microsoft's official IE blog.
Longhorn will include a "least privilege" feature that allows users to run Windows and its applications without Administrator privileges. Users logged in as Administrators run greater risk from malicious code, because if a worm or virus does penetrate defenses, it can then give the attacker full access to the PC.
Franco's comments were made to clear up confusion over statements made earlier this week by a Microsoft executive at the Tech Ed conference in Orlando. There, Gordon Mangione, corporate vice president of Microsoft's security group, said that IE 7 had been revamped to defend against browser-based exploits and that it would ship with least privilege mode enabled by default. IE 7 for Windows XP SP2 is set to ship in beta form this summer.
"We are using the same Longhorn security infrastructure to limit IE to just enough privileges to browse the web, but not enough to modify user files or settings by default," said Franco in the blog. "As a result, even if a malicious site attacks a vulnerability in IE, the site's code won't have enough privileges to install software, copy files to the Startup folder, or hijack the settings for the browser's homepage or search."
Franco also rebutted Mangione's statement that IE 7 would somehow "fix" vulnerabilities in Internet Explorer. "Low-rights IE doesn't fix' vulnerabilities, but it can limit the damage a vulnerability can do," Franco said. That makes it similar to the Local Machine Zone Lockdown feature in XP SP2.
"The primary goal of Low Rights IE is to restrict the impact of a security vulnerability while maintaining compatibility," Franco said.
No comments:
Post a Comment