The “low-rights” security feature being planned for Microsofts upcoming Internet Explorer 7.0 makeover will be available only in Longhorn.
“Low-rights IE” is a “defense-in-depth feature” meant to back up and support several security-related browser enhancements, but because it piggybacks on the “least privilege” feature being introduced in Longhorn, it wont be available for any other operating system, said Rob Franco, lead program manager for IE security at Microsoft Corp.
Francos disclosure was made on the IE Blog to clarify statements made by a senior Microsoft executive at the Tech Ed conference earlier this week.
Gordon Mangione, corporate vice president of Microsofts security business and technology unit, said in a Tech Ed strategic briefing on security that IE 7.0 has been rearchitected to defend against browser-based exploits and will ship with reduced-privilege mode turned on by default.
But Franco made it clear that while most IE 7.0 security features will be available for supported operating systems—Windows XP SP2, Windows XP Pro x64 and Windows Server 2003 Service Pack 1—”Low-Rights” will be limited to Longhorn because its based on the new Longhorn security features that make running without Administrator privileges an easy option for users.
That feature, known as LUA (Least-Privilege User Account), lets users run programs with limited user privileges, limiting the damage from malicious code attacks.
“We are using the same Longhorn security infrastructure to limit IE to just enough privileges to browse the Web but not enough to modify user files or settings by default,” Franco said.
Even if an attacker attempts to exploit an IE flaw, the code wont have enough privileges to install software, copy files to start-up folder, or hijack the browser home page or search provider settings, he added.
He said the primary goal of low-rights in IE 7.0 is to “restrict the impact of a security vulnerability while maintaining compatibility.”
Franco stressed that the reduced-privilege option will not provide a fix for vulnerabilities. “[Its] like the Local Machine Zone Lockdown feature in XP SP2. That lockdown prevents cross-domain vulnerabilities from installing malicious software on users machines,” he said.
Additionally, Franco said low-rights IE is not meant to prevent users from downloading and installing software that turns out to be malicious. “Any program that the user downloads and runs will be limited by User Account Protection, unless the user explicitly gives the program Administrator privileges,” he said.
“Another issue to clarify is that low-rights IE will not change IE security settings for ActiveX and script as the Enhanced Security Configuration for IE on Windows Server 2003 did. We are considering changes to some default security settings for IE, but that work is separate from low-rights IE and will not impact the user experience in the way that ESC did for Windows Server 2003,” Franco added.The new browser also will feature major changes in the way files are executed, as well as new anti-spoofing and anti-phishing technology to let users identify fake scam Web sites.
Beyond the security improvements, IE 7.0 will add support for IDN (International Domain Names), tabbed browsing, built-in RSS and seamless search that will include choices of search providers. The browser also will improve Web page printing capabilities such as the automatic “fit-to-page” feature.
As previously reported, Microsoft is expected to beef up IE 7.0s security by blocking access to cross-domain scripting, improving the SSL (Secure Sockets Layer) interface and possibly integrating spyware protection via its Windows AntiSpyware service, which is currently in beta.