If my application works setting OpenCredentials=yes, is it more secure than opening full PStorage ie. OpenProtectedStorage=yes?
yes much more secure, in fact OpenCredentials is a rather unsecure preset as it is only enforced in user mode, OpenProtectedStorage has a drvier based enforcement and can those not be bypassed.
I think I don't quite understand your answer. Your answer tells me OpenCredentials=yes is less secure than OpenProtectedStorage=yes Gonna rephrase my question: Is it OpenCredentials=yes more secure than OpenProtectedStorage=yes? Cause opening full PStorage ie, OpenProtectedStorage=yes implies OpenCredentials=yes Take a look In my logic OpenCredentials=yes is less secure not more secure.
What I tried to say is that the restrictions provided by OpenCredentials is not enforced on the driver level, meaning a malicious application can bypass the user mode limitation in SbieDll.dll no mater what OpenCredentials is set to. So setting OpenCredentials=y is fine as it did not offer much protection in the first place anyways. While OpenProtectedStorage is driver enforced and setting OpenProtectedStorage=y reduces the isolation.
