The next version of Microsoft's much criticized Internet Explorer browser is being built to resist hijacking attempts by spyware and other malicious software, according to a Microsoft developer.
Rob Franco, lead program manager for IE Security at Microsoft, wrote in a blog entry on Thursday that Internet Explorer 7 for Longhorn will contain a feature called "low rights IE." The feature essentially removes administrator rights, so that the system will not allow unknown applications, such as spyware and other potentially dangerous code, to be installed without express permission from the user.
"When users run programs with limited user privileges, they are safer from attack than when they run with Administrator privileges, because Windows can restrict the malicious code from taking damaging actions...Any programs that the user downloads and runs will be limited by User Account Protection, unless the user explicitly gives the program Administrator privileges," wrote Franco, whose authorship of the blog was confirmed by a Microsoft representative.
Franco said that by restricting administrator rights for Web surfers, users will be protected even if a malicious Web site tries to exploit a vulnerability in the browser.
"The Web site's code won't have enough privileges to install software, copy files to startup folder, or hijack the settings for the browser's homepage or search provider. The primary goal of Low Rights IE is to restrict the impact of a security vulnerability....It can limit the damage a vulnerability can do," Franco wrote.
James Turner, security analyst at Frost & Sullivan Australia, said restricting admin rights is a very important development and one that Microsoft has been extremely slow to pursue.
"A Unix administrator would not dream of working in root as standard. We only logged in as root when something special/unusual needed to happen. It's been an issue for Windows administrators for years that standard users just shouldn't have local admin power," Turner said.
Microsoft's Franco confirmed that though IE7 will be made available for Windows XP SP2, the low rights browsing feature will be available only on the next version of Windows, code-named Longhorn.
Finally they get it, and it only took roughly 8-10 years for them to figure it out. Way to go!
Hopefully they will implement it in an intelligent manner. The blame for the internet being such in unsecure place can be laid directly in front of Microsofts' doorstep. It is about time they start taking security seriously.
Time will tell, but I am not holding my breath. How many times have they said something, only for it to be implemented half-assed or not at all? But at least they are talking in the right direction. Yes, I know MS is 90% talk, but maybe this will pan out.
Now they sell a webbrowser - that hasn't been programmed yet with an argument other FREE webbrowsers had for years: low on spyware - with a version of windows which lacks almost all good features they announced to be in it with a loud voice and removed silent.
Changed to Mandrake/Mandrive 3 months ago for security, speed and most of all stability after working with DOS/Windows from the beginning, needs some work to make the change, but never been more comfortable now. Windows XP just lacks a lot of handy features where you need 3th party SW for, that are standard in linux. And I have a thousand other reasons not to turn back.
Windows/IE/Office are allready years behind on opensource on features, speed, stability and security But can maintain just by marketing/making loose promisses and keeping users locked in by changing open standards and their own standards every 5 foot (recent examples: XML/TCP/IP/... - SMB/Office formats/...)
And now they promiss something with great bravour that's better implemented in java anyway. Java runs in a sandbox, this means => NO interference with the PC instead of some rights The first thing someone 'with a bad attitude' searches is a little securityhole, and now they still leave one: still not enough
Why do do people even care about a broswer that will be released in 2036 with Longhorn??? Sure thier next one is due out this summer, but it's a rush job since FF is on the hunt...
Far too much third party software for Windows was written which ignorantly assumed that Administrative Rights were present and too few of those third party software vendors have ever gone back and fixed their lousy programs. This is a carryover effect from the Win9x/ME days when there was no concept of administrative vs user rights.
MS needs to withhold their "Logo" certification for any program that doesn't run without adminitrative rights unless it's a utility that properly requires such rights.
Apple says it's got a third-party group looking for issues at manufacturing partners it uses. Read CNET's FAQ to find out how we got here, and what the next steps are.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
There are a lot of things that AT&T's humongous Samsung Galaxy Note smartphone is, like a digital memo pad, a medium-size-reader, and a great photo companion.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Hopefully they will implement it in an intelligent manner. The blame for the internet being such in unsecure place can be laid directly in front of Microsofts' doorstep. It is about time they start taking security seriously.
Time will tell, but I am not holding my breath. How many times have they said something, only for it to be implemented half-assed or not at all? But at least they are talking in the right direction. Yes, I know MS is 90% talk, but maybe this will pan out.
- with a version of windows which lacks almost all good features they announced to be in it with a loud voice and removed silent.
Changed to Mandrake/Mandrive 3 months ago for security, speed and most of all stability after working with DOS/Windows from the beginning, needs some work to make the change, but never been more comfortable now.
Windows XP just lacks a lot of handy features where you need 3th party SW for, that are standard in linux. And I have a thousand other reasons not to turn back.
Windows/IE/Office are allready years behind on opensource on features, speed, stability and security
But can maintain just by marketing/making loose promisses and keeping users locked in by changing open standards and their own standards every 5 foot (recent examples: XML/TCP/IP/... - SMB/Office formats/...)
And now they promiss something with great bravour that's better implemented in java anyway.
Java runs in a sandbox,
this means => NO interference with the PC
instead of some rights
The first thing someone 'with a bad attitude' searches is a little securityhole, and now they still leave one: still not enough
Mac + Intel + Firefox and i'm happy!
MS needs to withhold their "Logo" certification for any program that doesn't run without adminitrative rights unless it's a utility that properly requires such rights.
I want real competition in OSes.
Maybe MacIntels?