IE 7 on Vista: Mostly secure

When is your shiny new Windows Vista protected against evil Web threats? Not as often as we were all led to believe in all those Microsoft Windows Vista ads. I ran across this post from Microsoft's Internet Explorer blog site shortly after the software giant patched the animated cursor flaw in Windows Vista with the release of MS07-017. Microsoft has said that users running IE 7 under Windows Vista are better protected from the malicious effects of Web exploits such as the animated cursor exploit than users running IE 7 under Windows XP IE 7 due to the introduction of a new "sandbox" element (called Protected Mode) within the new operating system. For example, in the case of the animated cursor attack, with Protected Mode enabled, remote attackers can only view files on an infected Windows Vista machine, not run malicious code. Now it seems there are exceptions.

Microsoft says that Protected Mode for IE 7 under Windows Vista is enabled by default only for sites within the Internet, Intranet, and Restricted zones. It is not enabled for Trusted Sites or Local Machine zones. Thus, you are likely to see the Protected Mode icon switch from On to Off and back again as you move between sites that fall within different Internet Explorer zones. To remedy this, Microsoft says you must enable or disable Protected Mode for Trusted Sites or Local Machine zones yourself.

To do so, choose Internet Options, Security tab, select the appropriate zone, then check/uncheck the "Enable Protected Mode" check box as appropriate.

There are other times when Microsoft says Protected Mode is disabled within IE 7. Here's a summary:

• If you turn off User Account Control within Windows Vista, you automatically lose Protected Mode protection.

• If IE 7 in Windows Vista is launched by right clicking on the IE icon and selecting "Run as administrator" or when IE is launched with administrative privileges from another application, Protected Mode is disabled. Such as during some software installations.

• When viewing an HTML file on your hard drive (as opposed to the Internet), Protected Mode is disabled. The exception being an HTML saved from the Internet when Protected Mode was enabled, Protected Mode will still be enabled cached on your hard drive.

But the best part of the Microsoft blog comes at the end: "If you visit a page whose zone has Protected Mode enabled and you see the status is 'Protected Mode: Off', you will want to close and restart a new instance of IE to visit the page."

[helio9000]

Um, Firefox is vunerable to the ANI exploit too

I think it is a better browser but there are lots of exploits for firefox too. Google is your friend:

http://www.eweek.com/article2/0,1895,2111290,00.asp

[wweadam]

Let me sum this up

If you are careless and stupid enough to disable protections, neither IE or Vista will serve as your babysitter.

[TURNERO]

Trusted sites?

The whole reason for having a trusted zone is that you put sites in there that you trust. Presumably if you put a site in the trusted zone you trust the content on that site. It's not like Microsoft is hiding anything from you, I don't see why this is big news!

Enjoy the ride on the big long Microsoft bashing bandwagon!!

[vinnyamatucci]

I have vista. It is the worst piece of **** yet. You are better off with XP. Better yet, go get an apple computer. It is 10000 times better than any crappy windows program. I also had mozilla. A collosal waste of time. It keep freezing, was slow and had problems with it. Stick with IE7(Not IE8beta, that REALLY, REALLY SUCKS!!!)