IEBlog : Protected Mode in Vista IE7

Protected Mode in Vista IE7

Hi, I’m Mike Friedman. I work on the IE team in the area of security. You may remember me from my previous IE blog post. We here on the IE team have a continuing focus on making web browsing safe from a variety of outside threats. Microsoft Windows Vista introduced an enhanced security model that we were able to build on in Vista's version of IE7. I want to tell you about a new major IE defense-in-depth security feature called Protected Mode. Defense in depth is a security principle that a system should provide multiple layers of defense, in case one layer is ever breached. Protected Mode takes advantage of three key new technologies in Vista's security model:

User Account Control (UAC), which implements the Principle of Least Privilege.

UAC will help users run Vista without requiring administrator privileges to be productive. Administrators can also run most applications with a limited privilege, but have "elevation potential" for specific administrative tasks and application functions.
Mandatory Integrity Control (MIC), a model in which data can be configured to prevent lower-integrity applications from accessing it. The primary integrity levels are Low, Medium, High, and System. Processes are assigned an integrity level in their access token. Securable objects such as files and registry keys have a new mandatory access control entry (ACE) in the System Access Control List (ACL).
User Interface Privilege Isolation (UIPI) blocks lower-integrity from accessing higher-integrity processes. For example, a lower-integrity process cannot send window messages or hook or attach to higher priority processes This helps protect against "shatter attacks." A shatter attack is when one process tries to elevate privileges by injecting code into another process using windows messages.

Internet-facing applications such as browsers are inherently at a higher security risk than other applications because they can download untrustworthy content from unknown sources. IE7’s Protected Mode leverage's Windows Vista’s UAC, MIC and UIPI features to boost browser security. In IE7’s Protected Mode—which is the default in other than the Trusted security zone—the IE process runs with Low rights, even if the logged-in user is an administrator. Since add-ins to IE such as ActiveX controls and toolbars run within the IE process, those add-ins run Low as well. The idea behind Protected Mode IE is that even if an attacker somehow defeated every defense mechanism and gained control of the IE process and got it to run some arbitrary code, that code would be severely limited in what it could do. Almost all of the file system and registry would be off-limits to it for writing, reducing the ability of an exploit to modify the system or harm user files. The code wouldn't have enough privileges to install software, put files in the user's Startup folder, hijack browser settings, or other nastiness.

In Protected Mode IE writes/reads special Low versions of the cache, TEMP folder, Cookies and History:

Cache: %userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low
Temp: %userprofile%\AppData\Local\Temp\Low
Cookies: %userprofile%\AppData\Roaming\Microsoft\Windows\Cookies\Low
History: %userprofile%\AppData\Local\Microsoft\Windows\History\Low

When IE runs outside of Protected Mode (the default for the Trusted security zone), it does not cross the security boundary to read the Low versions. However, the Favorites folder is shared between the modes.

In a similar vein insulating higher integrity processes from lower integrity processes, Protected Mode leverages UIPI to block window messages to higher-integrity processes and other forms of lower-to-higher access, to guard against web-based shatter attacks.

Conforming to the security concept of “least privilege,” web browsing and other routine functionality takes place at Low integrity level. Protected Mode does occasionally need to have functions performed at Medium and High integrity levels. For this purpose, Protected Mode uses the security concept of “separation of privilege.” Medium level functions are carried out by a separate User Broker process. High level functions are carried out by a separate Admin Broker process. An example of a function requiring an admin's High rights is the installation of an ActiveX control or a “setup.exe” type of installation. The Admin Broker carries out the ActiveX installation on IE’s behalf. The Admin Broker always gains the user’s consent before acting. An example of a function requiring Medium rights is a SaveAs operation to the user’s user profile folder. Here the medium-level User Broker assists. For most operations the User Broker requires user consent.

Because Low rights is such as restrictive environment, Protected Mode includes compatibility features. These features allow most add-ins to run unaffected. Protected Mode provides a “compatibility layer” that consists of a set of shims that intercept certain system API calls. There’s the File & Registry Shim, which virtualizes file system operations; the CreateProcess Shim, which allows an add-on to launch another process at Medium, with user consent; and the CoCreateInstance Shim, which allows an add-on to launch a COM server at Medium, again only with user consent.

Since a Low process lacks the privilege to write to most locations in the file and registry, the File & Registry Compat Shim virtualizes some common file system folders and registry keys. Those file and registry locations are redirected to per-user Low-integrity virtual locations where they can’t affect the real versions. The virtualized file system is in the Temporary Internet Files (TIF)—the same general place IE caches web files. If an add-in attempts to append to an existing file, the shim applies a “copy-on-write” approach, first copying the file to the corresponding virtual location, with the actual append happening only to the virtualized version. If the add-in attempts a file and a real version of a file and a virtualized version both exist, the shim makes the add-in read the virtualized version. The shim does not otherwise affect reads. Registry virtualization works similarly. Note that Vista's UAC virtualization does not apply to Protected Mode; if an add-in attempts to write to sensitive areas will not be redirected and they will just get an Access Denied error.

For example, the Compat Shim virtualizes the UserProfile folder (real location %userprofile%) to the TIF location %userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\{system drive letter}\Users\{username}.

An example of a file system location to which an add-in is simply denied access is %userprofile%\AppData\Roaming\Microsoft\Windows\Cookies

As an example of the registry virtualization, the Compat Shim virtualizes the real registry key HKCU\Software to HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\{SID}\Software . (A SID is the user's security identifier.)

An example of a registry location where an add-in is simply denied access is HKCU\Software\Classes.

The CreateProcess Shim intervenes when an add-in attempts to launch a process using CreateProcess() or equivalent API. The shim presents an “elevation dialog” to the user, asking the user whether they want to run the app at a higher privilege level than IE. If the user assents, the app is allowed to launch at Medium level. If the user says no, the app is not launched. The CoCreateInstance Shim works similarly but kicks in when an add-in attempts to launch a COM server.

To optimize user experience, the registry has Elevation Opt-In Lists for CreateProcess and COM (at HKLM\Software\Microsoft\Internet Explorer\Low Rights; there's also a per-user version in HKCU). These allow-lists can enable Protected Mode IE to silently launch specified apps or COM servers at elevated privilege levels, among other options. When it’s necessary to launch a non-IE process with admin privileges, you would include the RequestedExecutionLevel marking in the application manifest.

The compatibility layers should allow most legacy add-ons to just work without requiring any modification. Protected Mode provides a set of APIs that new and existing add-ins can make use of to work natively in Protected Mode. For example, IEIsProtectedMode() lets an add-in find out if IE is running in Protected Mode. The IEGetWriteableFolderPath() and IEGetWriteableHKCU() functions find low-integrity locations to which the add-in can write. To save a file outside the TIF so that users and apps can later find the file, an add-in employs a two-step procedure, first calling the IEShowSaveFileDialog() function to get the user's consent and desired user profile location, and then calling IESaveFile() to write to that location. Add-in writers also can create their own broker processes if needed for custom elevated operations.

For further information:

Introduction to the Protected Mode API

Understanding and Working in Protected Mode Internet Explorer

User Account Control White Paper

- Mike

Update: Updated to fix a minor error.

Published Thursday, February 09, 2006 3:05 PM by ieblog

Filed under: General IE Information, Developers, Security

Comments

# re: Protected Mode in Vista IE7

Thursday, February 09, 2006 7:00 PM by Nick Presta

Sounds good. I am glad security has been taken into such great consideration.

# re: Protected Mode in Vista IE7

Thursday, February 09, 2006 7:47 PM by Spikey206

This doesn't particularly adress one main area of security concerns. That being, as useful as the new "Use *** as your new Search" feature is, End Users will more often than not accept, and that's *still* script execution that could, and most likely will, be manipulated.

# re: Protected Mode in Vista IE7

Thursday, February 09, 2006 7:56 PM by Xepol

Is there a way to prevent third party apps from forging "Elevation Opt-In Lists for CreateProcess" entries in the registry?

Otherwise, it is all for naught. One trojan will just open holes for the rest.

# re: Protected Mode in Vista IE7

Thursday, February 09, 2006 8:02 PM by dude

firefox 1.6

# re: Protected Mode in Vista IE7

Thursday, February 09, 2006 8:18 PM by dchan1936

I don't see much difference from Firefox other than it is a Microsoft product

# re: Protected Mode in Vista IE7

Thursday, February 09, 2006 8:20 PM by Petknep

The registry entries will most likely be set to high integrity so they will be difficult to write to. For a process to run at high integrity, you would need to opt in at the elevation dialog. Any security loophole would leave code executing at hopefully low integrity and at worst medium integrity, still unable to mess with the registry entry.

# re: Protected Mode in Vista IE7

Thursday, February 09, 2006 8:43 PM by mocax

GUI version of the "sudo" command in *nixes?

# re: Protected Mode in Vista IE7

Thursday, February 09, 2006 9:05 PM by Peter

How will this affect Web info managers like Onfolio, ContentSaver, or NetSnippets? These programs save contents from IE into database files, which can be located anywhere the user specified during installation.

# re: Protected Mode in Vista IE7

Thursday, February 09, 2006 10:13 PM by EricLaw [MSFT]

@Xepol: "One trojan will just open holes for the rest."

The point is to prevent you from getting the first trojan in the first place, since Low Integrity processes cannot write to the list. If a bad guy has a trojan on your system, he doesn't need to attack IE anymore. He can just use his trojan.

@dchan1936: "I don't see much difference from Firefox other than it is a Microsoft product"

Current versions of Firefox do not offer Protected Mode style features. Any bug in Firefox that allows for code execution permits the code to execute with the user's permissions.

@Peter: "How will this affect Web info managers"

In general, the web info managers' files will be virtualized into the the virtual folder system. Alternatively, the extensibility could be coded to use a custom broker to save data in the original location.

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 2:01 AM by Ron

I tested my pages in IE 7 beta 2 preview as the IE team requested and discovered that conditional comments don't work correctly in IE7 or IE6.

Please open this page in IE to see what I mean: http://rowanw.com/tests/conditional_comments_broke.htm

IE7 only displays half the data it should, while IE6 doesn't return anything. I have used the <comment> tag, because I've used it on a live page combined with conditional comments to make something work in IE6. That particular page doesn't render in IE7.

So have a look at my example page and tell me I made a mistake. I used two separate windows machines with diffierent versions of IE to test this.

# broken link

Friday, February 10, 2006 3:31 AM by wks

The "User Account Control White Paper" link doesn't work....

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 3:32 AM by Lordmike

@Ron--
Nothing shows in IE6 for me.

I get this is FF 1.5.0.1
This should be visible only in IE 7 or 5
end of ie 6 comment
This should be visible only in IE 6 or 5
end of ie 7 comment

I'm not a webdeveloper, but shouldn't this work in ff as people always try to tell me that ff follows all the standards (which I find hard to believe)?

My guess is that I should only see one of the texts in IE6 and one of the texts in ff or both.. I dunno. :-)

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 3:39 AM by Ron

Lordmike, the <comment> tag is not part of the recommendation by W3, it's IE propietary HTML. That's why any browser except IE will ignore that tag.

Maybe it should be removed from IE7 to make my life easier?

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 4:23 AM by Lordmike

@Ron--
Aha ok!
It should be removed completely if it's not part of W3C recommendation.
Why I think this is because if IE use it too much, then W3C will one day make one of its own and calling it something else and will then render <comment> non-standard completely.
They have done this before... or so I've read on this blogg.

What else can you use to do what you want?

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 4:33 AM by Ron

Firefox, Opera, Safari, Konquerer, even IE7, but working between IE6 and IE7 will prove to be difficult.

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 7:53 AM by Ravi

is it better than mozilla firefox? if so, in what way?

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 8:00 AM by H.Y

It might be good to make the translation function installed in TOOL.

E-Mail h-h-a-y@mvd.biglobe.ne.jp

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 8:04 AM by Lordmike

@Ravi--
Well FF wont work in protected mode, only IE will work that way. Meaning IE will be more secure on Vista then any other browser.

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 10:18 AM by Santosj

Well, I was wondering a few weeks back when I heard of the protected mode and I was wondering if any other software applications can place themselves in Protected Mode also? As a sort of, kind of software developer in C++, I was wondering if I could create a program that didn't need all kinds of access and could use the sandbox (protected mode) while connecting to the Internet to protect the user from themselves and protect the user from my program because I don't have a lot of security experience.

I also ask because it would be something that Opera or Mozilla may want to take advantage of when Vista comes out. I don't know how Mozilla would take advantage of the new systems, but they could probably be working on it, doubt it as I haven't heard anything and the tools for Vista have been out for quite a while. Could be on Bugzilla but I rarely check that.

I should also note that I didn't read the above whitepapers as I'm tired (which isn't a good excuse, I'm just lazy).

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 10:46 AM by curious

@EricLaw [MSFT]
"Current versions of Firefox do not offer Protected Mode style features. Any bug in Firefox that allows for code execution permits the code to execute with the user's permissions."

That is also true for current versions of IE. I assume It will also be true for IE7 on Windows XP.

So is Protected mode a Vista feature or an IE feature?

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 11:24 AM by Andrew Eberhard

"The compatibility layers should allow most legacy add-ons to just work without requiring any modification."

This seems like a dangerous attitude. It seems to me (and this isn't meant to be rude) that you've assumed you can plug all the possible holes with your three pronged approach but that barring the rules imposed by those specific changes, ActiveX still runs pretty much the same as always. It seems to me that a keyboard recorder or an annoying control that launches dozens of new IE windows (in the same process) would still run just fine. Maybe the approach shouldn't be tilted as heavily toward keeping current software running in this case.

Lastly, I have to ask you if you honestly believe webmail newbie grandparents or a child desperately trying to download a game all his friends have would know or care about access levels. In the case of the former, they'll probably just type in their password (if indeed one's required) without understanding the dialog at all. In the case of the latter, if clicking ok is all that’s required, consider it done.

In these cases, it's tempting to say that fault for the infection would lie with the users themselves, but that's just an excuse for software that overestimates user’s familiarity with the technical underpinnings of IE. Please consider reducing functionality where ActiveX controls are concerned rather than merely adding more dialogs to the user experience.

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 2:42 PM by Greg

@EricLaw
Re: "Current versions of Firefox do not offer Protected Mode style features. Any bug in Firefox that allows for code execution permits the code to execute with the user's permissions."

This is true, however there are a few differences.
1.) Firefox may be running on multiple OS's therefore, attempting to look in "Program Files" on a Mac, or Linux would be pointless.
2.) No VBScript in Firefox
3.) No ActiveX in Firefox*
4.) Limited range of hacking opportunities since JavaScript doesn't support any MS JScript "extensions"
5.) No "significant" integration into other applications. E.g. not embedded in Windows Media player. Its very strange how all the free funny video clips around the net (and, yeah, the adult ones too) all seem to need to download a CODEC, that requires opening up a website. This one is particularly disturbing, since it can call a *specific* browser! (e.g. even if Firefox or Opera is listed as my default browser, it's "scary^H^H^H^H^interesting" how it can open up an Internet Explorer window.

@Lordmike:
I believe the answer to that, is time will tell. I would like to believe that this will be the Fort Knox version of IE, but I think that users may foil themselves on that. (E.g. when a typical user now, enters a site, that the "information bar" pops down, I often see them blindly clicking it, because it shows up for harmless javascript. They understand, that it is there, for their protection, but JavaScript is a significant requirement for basic functionality of many sites.)

Also of note, I pressume in Vista, that if a user has "low rights", but has had Firefox installed for them to use, that *some* of the benifits are passed onto Firefox, Opera and the like, simply because windows is more secure.***

*Yes, i am aware, if the user has installed an extention to override this, they have dealt their own cards.

***Note, if I'm mistaken here, in the Windows Vista approach to get users to run as users, not admin, and to get software to "run" in a secure fashion, then please advise. As it stands at the moment, I'm "admin" on every box I touch, out of necesity (sorry, done the low rights thing in 9x,NT,XP,2K3, and it ain't pretty)

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 7:37 PM by Rob Franco [MSFT]

@curious

Protected Mode is only available on Windows Vista because it depends on the new privilege restrictions in Windows Vista called Mandatory Integrity Control.

@Greg

I agree with you that reducing complexity can help improve security. As you may already, in addition to running IE in Protected mode, we're also disabling most of the ActiveX controls on your system from begin used by Internet sites and removing some legacy features all together. We’re doing that while still maintaining compatibility with the scenarios that customers use today. You can read more about those features in at the end of the IE7 release notes: http://msdn.microsoft.com/ie/releasenotes/default.aspx

To your second question, all applications on Windows Vista will run with User permissions and therefore have some protection. Internet Explorer in Protected Mode runs with even less permission and therefore enhanced protection for your personal files and settings on your system.

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 9:23 PM by Dean Harding

What happens when you have one page in the Trusted Zone on one tab and another page in the Internet Zone on another tab? Since they're both running in the same IE process, how does that work?

# re: Protected Mode in Vista IE7

Friday, February 10, 2006 11:39 PM by Sp

Why is it that no IE version thus far actually deletes history wwhen you tell it to? If you select to keep history for 1 day it will still show up one week from now.

# re: Protected Mode in Vista IE7

Saturday, February 11, 2006 2:52 AM by Sam

Dean: Pages in non-Protected Mode zones open in their own browser window.

# MogBlog » Protected Mode in Vista IE7

Sunday, February 12, 2006 7:39 AM by MogBlog » Protected Mode in Vista IE7

PingBack from http://dancmorgan.wordpress.com/2006/02/10/protected-mode-in-vista-ie7/

# re: Protected Mode in Vista IE7

Monday, February 13, 2006 9:26 AM by Mike

My goodness, I haven't seen so many acronyms since the last Sun Microsystems press release!

Geez... I can't imagine what it'd be like around the office. "Quick! The TIF must have UAC to the ACL with ACE and ensure the integrity of the UIPI!" :/

# re: Protected Mode in Vista IE7

Monday, February 13, 2006 11:50 AM by LeRoyK

My "browser helper" dll uses WriteFile() to a Mailslot. Will the user be asked for permission to do that? How often will the user be asked? Each write, or once for each instance of IE, or once for the first write by the helper.

# re: Protected Mode in Vista IE7

Monday, February 13, 2006 6:33 PM by Simply Awesome

With all these benefits of "Protected Mode", why don't you set IE7 to run this way by default?

I am not convinced that novices would be confused if there were SIMPLE, BUT DETAILED explanations for errors, risks involvd for making exceptions, and how to avoid them in the future.

# re: Protected Mode in Vista IE7

Wednesday, February 15, 2006 11:13 AM by LarryOsterman

Simply Awesome, from what I've seen, it IS the default (on Vista).

If you're surfing in the internet zone, then you're running in protected mode (it says so in the status bar :))

# re: Protected Mode in Vista IE7

Wednesday, February 15, 2006 5:31 PM by Simply Awesome

LarryOsterman, gg; should have tested it on the beta Vista and not just on XP.

Glad Microsoft is as keen on security as I am.

# Blah, Blah, Blahg

Monday, March 06, 2006 12:59 PM by Blah, Blah, Blahg

PingBack from http://www.blahblahblahg.com/2006/03/06/malware-defense-run-applications-as-a-limited-user/

# Running as Limited User - the Easy Way

Wednesday, March 08, 2006 6:30 PM by Farstrider's Place

Running as Limited User - the Easy Way

Malware has grown to epidemic proportions in the last few years....

# Security tweaks in IE7

Wednesday, March 15, 2006 4:50 PM by IEBlog

As we’ve described
previously, we’ve made some major architectural improvements to improve browsing...

# Safety First at Mix06

Monday, March 20, 2006 8:25 PM by IEBlog

I’m really excited for my talk tomorrow here at Mix06. This conference feels more like a party than work....

# Either I don't get it or Cringely is over the top wrong

Friday, April 07, 2006 2:40 PM by Doubt's Log

# 您必须知道的Windows Vista高级安全特性－IE保护模式

Sunday, July 23, 2006 8:59 AM by Windows Vista专题文章[http://vista.itecn.net]

如今这世上，可谓真假莫辨，真的可以变成假的，假的也可以宣称自己是真的。这不，这几天笔者就遇到了一个非常怪异的问题，差点被IE保护模式功能的虚拟重定向功能给搞糊涂了。不过总算藉此机会好好了解一下IE保护模式，对于Windows...

# „Month of the browser bug“ und IE7

Tuesday, August 01, 2006 6:57 AM by OutOfCoffeeException

# Revised IE7 Naming in Windows Vista

Friday, August 04, 2006 6:34 PM by IEBlog

I had mentioned a while back that we planned to call the version of IE7 in Windows Vista “Internet...

# A bit about WinInet's Index.dat

Friday, August 04, 2006 6:56 PM by Windows Network Development

Since a recent digg article and its underlying Wikipedia entry seems a little confused about index.dat,...

# 微软把IE7…重新命名为IE7

Saturday, August 05, 2006 7:28 AM by hongquan

在五月底的时候，微软的IE开发小组曾说过要将Windows Vista中的IE命名为“Ineternet Explorer 7 ”。但现在他们又改变了注意，放弃了“ ”的称谓，没有后缀，没有.x，就只是“Internet Explorer 7”。

# Mandatory Integrity Control in Vista

Tuesday, September 05, 2006 8:25 PM by Mike Taulty's Blog

I picked up this post on Vista's new Mandatory Integrity Control feature by way of Steve's blog. The...

# RSS Secure by Design

Monday, September 11, 2006 3:31 PM by IEBlog

One of the reasons we went to Blackhat last month was to show how the Security Development Lifecycle...

# Soci blog » Blog Archive » Vista IE protected mode

Wednesday, October 18, 2006 8:25 AM by Soci blog » Blog Archive » Vista IE protected mode

PingBack from http://soci.hu/blog/index.php/2006/10/18/vista-ie-protected-mode/

# Internet Explorer 7.0

Thursday, October 19, 2006 7:03 AM by Erwyn van der Meer

Since I don't feel like packing my moving boxes yet, I am trying out IE 7.0 RTM for Windows XP SP2 in

# Windows Vista is Out The Door!

Wednesday, November 08, 2006 3:13 PM by IEBlog

As you may have seen on the Windows Vista blog , we released Windows Vista to manufacturing today! Wahoo!!!

# XP or vista? help please - Page 2 - PC Help Forum.com - Computer Tech Support

Thursday, November 30, 2006 6:27 PM by XP or vista? help please - Page 2 - PC Help Forum.com - Computer Tech Support

PingBack from http://www.pchelpforum.com/windows-vista/24168-xp-vista-help-please-2.html#post158569

# Stress » Vista so far

Saturday, December 23, 2006 11:18 AM by Stress » Vista so far

PingBack from http://thestressblog.com/2006/12/23/vista-so-far/

# 100 Million IE7 Installations!

Friday, January 12, 2007 2:52 PM by IEBlog

I’m pleased to report that on January 8th, we had the 100 millionth IE7 installation. However, even more

# Andres-Homepage - 100 Millionen IE7 Downloads

Sunday, January 14, 2007 9:21 AM by Andres-Homepage - 100 Millionen IE7 Downloads

PingBack from http://www.andres-homepage.ch/?p=25

# 100 million IE installations..

Tuesday, January 16, 2007 6:56 AM by Nick Mayhew - Reaching out to partners in Australia

Wow - that's a great milestone. From the IE Blog : http://blogs.msdn.com/ie/archive/2007/01/12/100-million-ie7-installations.aspx

# IE7 설치수 1억건 돌파

Thursday, January 18, 2007 1:21 AM by bkchung's WebLog

IEBlog : 100 Million IE7 Installations! IE7의 설치가 1억건을 돌파했다는 소식입니다. GPM인 Tony Chor의 이야기를 그대로 옮겨 번역해보겠습니다:

# IE7 reaches 100 Million Installations | Logicbank Media

Thursday, January 18, 2007 11:25 AM by IE7 reaches 100 Million Installations | Logicbank Media

PingBack from http://logicbank.com/2007/01/18/ie7-reaches-100-million-installations/

# Windows Vista IE保护模式深度剖析

Saturday, March 17, 2007 8:15 AM by 东风坡

深度剖析了IE保护模式为什么能够帮助Windows Vista 达到前所未有的安全级别(甚至大大超过UAC能够达到的保护程度)，同时还介绍了IE保护模式是如何利用文件虚拟重定向帮助老的IE加载项解决兼容性问题，真正完美实现既安全、又方便、且兼容的目的。最后还将介绍如何利用建立NTFS软链接的方法巧妙解决IE保护模式的兼容性问题，让不兼容的输入法插件可以顺利地在IE 7中顺利运行。 ...

# New vulnerability targets IE6 and 7 on Windows XP SP2

Thursday, March 29, 2007 2:50 PM by TechBlog

You know those cutesy animated cursors you see on some Web sites? Suddenly, they're not so cute anymore. Ryan Naraine at ZDNet reports a flaw in the way Internet Explorer 6 and 7 handles animated cursors in Windows XP running...