Congratulations Adobe Flash team on shipping the Flash Player 9 update on Tuesday!
This Flash update serves as a model implementation for how browser extensions can work with Protected Mode to keep users safe.
As most of you already know, on Windows Vista, IE7 includes a special feature called Protected Mode where the IE process runs with low privileges. This helps IE significantly reduce the ability of an attack to write, alter or destroy data on the user's machine or to install malicious code. These defenses also limit legitimate actions like saving browser settings, which is why Protected Mode includes broker processes to handle IE’s elevated actions. Similarly, yesterday’s Flash update includes a broker process to handle Flash’s specific elevated actions.
Broker processes are the best way to safely handle elevated actions because they’re built to help contain an attack in the low privilege process. When developing a broker process for your extension, you should always assume that your extension is running in a compromised process. This means you should design your broker as if calls coming from your extension may be hijacked. You can safely handle hijacked calls by validating all input and by asking the user to make a trust decision in UI appropriate scenarios. For example, the IEUser.exe broker launches the Internet Options dialog when it gets a known call from Protected Mode. This prevents the Protected Mode process from silently changing the user’s browser settings such as the homepage or security slider.
Although most extensions are fully functional when running in Protected Mode’s low privilege process, some of these extensions work because Protected Mode’s compatibility layer redirects file and registry writes to a virtual store. We created the compatibility layer to get previously released extensions working. If you haven’t already done so, now is a good time to update your extensions to work with Protected Mode
Many thanks to the Adobe team for their close partnership and hard work in getting a Windows Vista-ready Flash Player 9 out.
Marc SilbeyProgram Manager