Rumor Busting: IE 7.0 Reduced Privileges? Not So Fast

Discussion in 'other security issues & news' started by diginsight, Jun 13, 2005.

Thread Status:
Not open for further replies.
  1. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    225
    Location:
    Netherlands
    Source: WinInfo Daily UPDATE--Short Takes--June 10, 2005

    Several reports suggested this week that Microsoft Internet Explorer (IE) 7.0, which will ship this year for XP SP2, will include a feature called low rights that lets the browser operate in a safer, lower-privileges mode. That news would be wonderful, but it's not true. "While most IE 7.0 security features will be available in IE 7.0 for Windows XP SP2, low-rights IE will be available only in Longhorn because it's based on the new Longhorn security features that make running without Administrator privileges an easy option for users (User Account Protection)," Rob Franco, lead program manager for IE Security, wrote in the IE blog this week in an effort to clear up the confusion. "The primary goal of low-rights IE is to restrict the impact of a security vulnerability while maintaining compatibility. Low-rights IE doesn't 'fix' vulnerabilities, but it can limit the damage a vulnerability can do."
     
  2. iwod

    iwod Registered Member

    Joined:
    Jun 25, 2004
    Posts:
    708
    Actually we could already do reduced privilages with current XP. ( I did a post on it long time ago using a script from someone in M$ ) it is just that i can't be bothered figure out which level of user access is best for the browser.

    To my testing it would be something you self config.... but that is too much hassle. Since i use firefox anyway :D
     
  3. diginsight

    diginsight Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    225
    Location:
    Netherlands
    I also favour Firefox. For my project to harden XP I'll take a look at the MS script. AFAIK it reduces privileges for the administrator account. The IE 7.0 for Longhorn looks more like IE running in a sandbox which reminds me of Finjan's SurfinGuard.
     
Loading...
Thread Status:
Not open for further replies.