Protect Processes from Spyware With Windows Integrity Levels

http://blog.zeltser.com/post/3762502297/windows-integrity-levels-for-spyware-protection-processe

 

Very interesting! I am running Chrome with Sandboxie with the option ticked to Drop rights. This has set the integrity of chrome.exe to low and my keyboard drivers have a default integrity of medium. If I understand the article correctly I am therefore afforded some possible protection from my keyboard drivers being read by a malicious piece of software.

 

Nice article, I guess, that that is one difference between LUA (low IL) and admin with UAC (medium IL)? By the way, Chrome runs tabs and plugins with low IL by default.

 

SUA (as it's called in Vista and 7) runs with a medium integrity level, and so does an administrator account with UAC enabled.

By aware that there is a bug in all Chromium based browsers, including Chromium obviously, that under a few conditions it will make these browsers run with the same integrity level as the account they're in. That is, the low integrity level becomes medium/high (the later in an administrator account with UAC disabled).

It has been reported to Google quite some time ago by users Kees1958 and Sully, but Google developers say they can't reproduce it. Yet, those two users, me and one other user were able to reproduce it just fine. Sully was the user who, originally, found it.

I wonder why they can't reproduce it? lol They're only endangering their users. Would it be bad PR?

 

Thanks for clearing it up.