• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 21. Implementing Windows Vista’s... > Protected Mode: Reducing Internet Ex...

Protected Mode: Reducing Internet Explorer’s Privileges

Windows Vista’s antispyware initiatives aren’t restricted to Windows Defender. Because spyware often leeches onto a system through a drive-by or pop-up download, it makes sense to set up the web browser as the first line of defense. Microsoft has done just that by introducing Protected mode for Internet Explorer. Protected mode builds on Vista’s new User Account Control feature that I discussed earlier in this book (in Chapter 6, see “User Account Control: Smarter User Privileges”). User Account Control means that Internet Explorer runs with a privilege level that’s high enough to surf the Web, but that’s about it. Internet Explorer can’t install software without your permission (see Figure 21.10), modify the user’s files or settings, add shortcuts to the Startup folder, or even change its own settings for the default home page and search engine. The Internet Explorer code is completely isolated from any other running application or process on your system. In fact, Internet Explorer can write data only to the Temporary Internet Files folder. If it needs to write elsewhere (during a file download, for example), it must get your permission. Therefore, Internet Explorer blocks any add-ons or other malware that attempts a covert install via Internet Explorer before they can even get to Windows Defender.

Figure 21.10. Internet Explorer 7 implements Protected mode to prevent covert spyware installs.



PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint