Clarifying Low-Rights IE

re: Clarifying Low-Rights IE

forgetfoo — Thu, 09 Jun 2005 23:11:52 GMT

"We hope you will download the upcoming Betas to see more and provide feedback on all of our work."

okay, now i'm curious... can you give us a clue/hint when the new IE7 beta will be out for us to checkout? *curious as always*

re: Clarifying Low-Rights IE

Mark El-Wakil — Thu, 09 Jun 2005 23:14:38 GMT

This is definately a step in the right direction. I'm hoping that Low-Rights IE in Longhorn is secure enough to prevent any sort of malware from being transparently installed.

Having said that, I'm still not sure if this solves the problem.

1) How hard will it be for a user to give administrator rights to a downloaded program / ActiveX script? Will anyone who isn't in-the-know be able to do it?

2) What about malicious scripts that tell/trick the user into saying yes anyway?

Hope this is taken into account.

re: Clarifying Low-Rights IE

PatriotB — Thu, 09 Jun 2005 23:22:42 GMT

How is "low-rights" IE different than, in XP, running as a regular (limited) user? At home, I use a limited user account--is there anything about low-rights IE that is different than my situation?

re: Clarifying Low-Rights IE

Chris — Thu, 09 Jun 2005 23:30:07 GMT

Very nice post. Sounds like Microsoft is finally doing stuff about security. I hope IE 7 can turn out to be good so people that don't know how to install alternatives like Firefox can have a safer time when surfing than they do now.

re: Clarifying Low-Rights IE

Peter — Thu, 09 Jun 2005 23:31:33 GMT

The tabbed browsing released today for IE6 is really bad.

Please improve it before IE7!

re: Clarifying Low-Rights IE

Joe — Thu, 09 Jun 2005 23:40:26 GMT

That's MSN Tabbed browsing... it isn't part of IE.

re: Clarifying Low-Rights IE

piecu — Fri, 10 Jun 2005 00:31:26 GMT

"As a result, even if a malicious site attacks a vulnerability in IE, the site’s code won’t have enough privileges to install software, copy files to Startup folder, or hijack the settings for the browser’s homepage or search provider."
Firefox and other modern browsers have it from scratch. What's innovative in it?!

re: Clarifying Low-Rights IE

Peter — Fri, 10 Jun 2005 00:36:51 GMT

Joe, what difference does it make to me whether its its IE or MSN?

And if they are different then why do they have 2 different teams working on the same feature?

re: Clarifying Low-Rights IE

Plop — Fri, 10 Jun 2005 00:44:34 GMT

> Firefox and other modern browsers have it from scratch. What's innovative in it?!

Nothing except the numerous subjects we can read here are just entries that tell us Microsoft is copying features that already exists in other browsers "PNG alpha layer, tabs, etc...".

What I'm really waiting for now is a post that talks about the really thing IE lacks about (I let you guess what I'm talking about).

re: Clarifying Low-Rights IE

jrp — Fri, 10 Jun 2005 01:04:03 GMT

Judging from history, chances are either than

1) that your increased security will make it impossible to use many webpages under default rules, requiring increased 'trust' which can be subverted, and very possibly normal users will get fed up and override security entirely, and

2) your "Low-rights IE does not prevent users from downloading and installing software that turns out to be malicious." is going to just be another gateway for hackers.

The only way I can envision MS successfully securing IE is to have it run in it's own virtual environment, with it's own little filesystem and everything - just enough to do it's work. Sort of like using VirtualPC, except just for one or a small cluster of programs. You give it everything it needs to run, but make it less possible for someone to climb out to the real OS by restricting all the calls to a virtual environment. Java just does this.

Really, though, what one wants is several virtualPC-like environments running concurrently, where their only shared apeture is though user IO (screen output, keyboard input) and allow users to just snapshot environments. A user would just see this as 'modes': I have my browsing mode, which occasionally gets corrupted and I can bring it back to sane by pushing a button. I have my 'office' mode, where I work on documents. I have my 'games' mode, where it just has the games bins installed. The only way to move data in between modes is to do some willful operation, akin to a file transfer over a well-known, well-secured network protocol. You could make it less obvious through simple shortcuts and different UI aperatures (and make it impossible to move data across boundaries without user interactivity - and, normally, you wouldn't have to, since I never need to move my word docs into my games space, or my web stuff into my word docs or vice versa without a cut-and-paste user-actuated manipulation), but the underlying mechanism would be the same.

The outter environment should be held pristine, the inners are the ones that get fooled-around with.

This would be sort of like, oh, I don't know, every multi-user timeshared operating system ever. MVS. VMS. Unix. VOS. If you ever manage to do this, then you'll catch up to where the mini platforms were back in 1978. Yay, innovation!

Part of the problem is being locked into the dos mindset and windows 3 pseudo-file/folder/object manipulation paradigm (and the optimization thereof). If you guys were really more innovative, then you wouldn't be stuck laden with old technologies and could transcend their conceptual limitations.

It's a truism that the OS mediates the behavior of the application on top of it, and the applications dictate the requirements of the OS. What's less obvious is that the OS influences the design of the applications on top: and this is where you're left holding the bag: attempting to write a secure application on a busted-ass old OS model.

re: Clarifying Low-Rights IE

PatriotB — Fri, 10 Jun 2005 01:53:00 GMT

piecu: "Firefox and other modern browsers have it from scratch. What's innovative in it?!"

Firefox has nothing of this sort. If there's a security hole in Firefox that would allow code execution, its going to run in whatever context the user is--Administrator, power user, etc. It has just as much potential to install software, hijack settings, etc., as IE.

What I gather "low-rights" IE means is that, even if you are an administrator, specific privileges will be dropped when you run IE so that the process doesn't have permission to install software, etc. Defense in depth means that even if there is a bug in IE (or Firefox), a layer below it (e.g. NT security tokens) is preventing bad things from happening.

re: Clarifying Low-Rights IE

PatriotB — Fri, 10 Jun 2005 01:57:19 GMT

"Joe, what difference does it make to me whether its its IE or MSN? And if they are different then why do they have 2 different teams working on the same feature?"

It makes a big difference. The MSN team has been working very hard and putting out many new features over the past several years, while other teams (e.g. IE) have not. I just tried out the MSN tabbed browsing and I think it's bad too. It is a total hack--it does the best it can with existing technology (IE 6).

Also, the MSN team could (or at least, should) only use public APIs to develop tabbed browsing. In other words, they can't use any inside knowledge about how to hook into IE that a non-Microsoft developer wouldn't have access to. This is a requirement of the DOJ settlement.

Tabbed browsing in IE7 will be completely different and not cobbled together like MSN's.

re: Clarifying Low-Rights IE

Maurits — Fri, 10 Jun 2005 02:09:15 GMT

I wonder... if privileges are dropped so that IE can't mess with user settings... does that mean that the Windows Explorer codebase is beginning to divorce from IE? If so, good. Or will Windows Explorer not be able to do certain things as a result of the dropped privileges?

re: Clarifying Low-Rights IE

ady — Fri, 10 Jun 2005 10:11:36 GMT

Some individual developers implemented tab browing far better MSN Team did in years.

http://www.avantbrowser.com

re: Clarifying Low-Rights IE

David Naylor — Fri, 10 Jun 2005 10:56:41 GMT

"it does the best it can with existing technology (IE 6)"

Hmm. I doubt it is doing the best it can, seeing that there are several other tabbed addons for IE6 which do a much better job...

Les droits restreints pour IE7 seulement disponibles dans Longhorn

l'XPditif... Le weblog Bleu-Blanc-Belge qui d — Fri, 10 Jun 2005 11:31:28 GMT

re: Clarifying Low-Rights IE

Michael Ward — Fri, 10 Jun 2005 11:40:03 GMT

Low-rights IE sounds like a step in the right direction.

The User Accound Protection in longhorn sound good as well. I currently run at home with Adminstrator privelages - why? It's just too damn hard not too.

It's time that the attitude was to give users as little power as possible, and have expert users enable the more powerful/dangerous features on their own. Hopefully then we can prevent the massive installed base of zombie pc's from becoming ever bigger.

Of course, MS is just playing catch-up here - but I'd rather they play catch-up than not-bother-at-all.

re: Clarifying Low-Rights IE

piecu — Fri, 10 Jun 2005 12:37:53 GMT

PatriotB: "even if you are an administrator, specific privileges will be dropped when you run IE so that the process doesn't have permission to install software, etc."
Ok, I didn't understand it. Now, it sounds great for me, but try to do everything so that "Low-Rights" won't have to be used ;)

re: Clarifying Low-Rights IE

Erwyn van der Meer — Fri, 10 Jun 2005 12:59:42 GMT

There already is a partial solution for Windows XP to run IE6 (and Outlook or FireFox or other programs) with fewer privileges, even if you are logged on as an administrator. It is a tool called DropMyRights. If you launch IE6 through this tool, it prevents malicious software from exploiting security holes in IE6 to install software etc. by denying certain administrative rights. DropMyRights was written by Michael Howard. He works on security at Microsoft. Check out his blog post and the comments for more information: http://blogs.msdn.com/michael_howard/archive/2004/11/18/266033.aspx.

re: Clarifying Low-Rights IE

Brian — Fri, 10 Jun 2005 15:11:06 GMT

Ah, another blog entry, another 50 comments from clueless Firefox nerds making snide remarks about IE "catching up" with features their wonderful browser doesn't even have. Please explain how Firefox restricts the permissions of executed code when an exploit is discovered. It doesn't? Never mind, go back to creating new "I use Firefox!!!" buttons to put on your web page.

re: Clarifying Low-Rights IE

PatriotB — Fri, 10 Jun 2005 15:22:15 GMT

Ady / David Naylor: There's a big difference between the MSN Toolbar's tabbed browsing and apps like Avant Browser, Maxthon, etc. The latter are completely separate applications, which wrap the web browser and provide their own menus, toolbars, etc. It is very easy for this type of application to do tabbed browsing.

On the other hand, MSN takes the existing IE application and uses a lot of hacks to try to make it seem that it contains separate tabs. Hence the less-than-stellar performance.

Why didn't MSN take the "separate application" approach? Well, they do have MSN Explorer (or whatever it is they provide to MSN customers) which is essentially that. It would be easy for that product to have good tabbed browsing.

re: Clarifying Low-Rights IE

Chris Beach — Fri, 10 Jun 2005 16:56:45 GMT

"Ah, another blog entry, another 50 comments from clueless Firefox nerds"

spot on :-) I wish they'd all return to the hive (spreadfirefox.com). It's a shame that this blog is suffering at the hands of Firefox/OSS-promoting idiots, but I guess that was always going to be inevitable

re: Clarifying Low-Rights IE

FlorentG — Fri, 10 Jun 2005 18:08:38 GMT

@Chris Beach : This blog is also suffering from anti-OSS idiots :o

No Low-Rights IE 7 for XP SP2?

Brandon Paddock — Fri, 10 Jun 2005 18:39:29 GMT

Everything I'd heard about IE7 thus far had lead me to believe that IE7 would run in a reduced-privileges state on SP2. You're saying that is false?

It was my understanding that SP2 laid the groundwork for this to be possible. Even Jim Allchin said in an interview that they "almost got it in for IE 6 in SP2" but that it was pushed back to IE 7.

I think that's a grave mistake, if true. IE 7 (and all downloads/activeX controls/etc) should run with limited rights on XP SP2.

That was the feature I was most looking forward to (as I believe nothing else will have such a large impact on malware installations).

re: Clarifying Low-Rights IE

Philip Nilsson — Fri, 10 Jun 2005 19:35:13 GMT

It would likely be a good idea to distribute the low-rights version as the full version. It much less likely that a clueless user would secure his browser that it is that an advanced user knowingly unsecures his browser.

re: Clarifying Low-Rights IE

David Naylor — Sat, 11 Jun 2005 00:09:29 GMT

"There's a big difference between the MSN Toolbar's tabbed browsing and apps like Avant Browser, Maxthon, etc. The latter are completely separate applications, which wrap the web browser and provide their own menus, toolbars, etc. It is very easy for this type of application to do tabbed browsing."

OK. Anyone know why MS didn't do it the 'very easy' way then?

re: Clarifying Low-Rights IE

KRD — Sat, 11 Jun 2005 02:46:10 GMT

I STILL DON'T UNDERSTAND HOW MICROSOFT IS NOT ABLE TO MAKE A SECURE BROWSER FOR ALL ITS OS VERSIONS WHILE OPERA AND FIREFOX CAN........

re: Clarifying Low-Rights IE

Matt — Sat, 11 Jun 2005 06:20:34 GMT

KRD, as clever as the IE team are, there's little they can do to help you with your intelligence problems.

re: Clarifying Low-Rights IE

Mike — Sat, 11 Jun 2005 09:46:25 GMT

Firefox is vulnerable such as IE:

Fixed in Firefox 1.0.4
MFSA 2005-44 Privilege escalation via non-DOM property overrides
MFSA 2005-43 "Wrapped" javascript: urls bypass security checks
MFSA 2005-42 Code execution via javascript: IconURL
Fixed in Firefox 1.0.3
MFSA 2005-33 Javascript "lambda" replace exposes memory contents
MFSA 2005-34 javascript: PLUGINSPAGE code execution
MFSA 2005-35 Showing blocked javascript: popup uses wrong privilege context
MFSA 2005-36 Cross-site scripting through global scope pollution
MFSA 2005-37 Code execution through javascript: favicons
MFSA 2005-38 Search plugin cross-site scripting
MFSA 2005-39 Arbitrary code execution from Firefox sidebar panel II
MFSA 2005-40 Missing Install object instance checks
MFSA 2005-41 Privilege escalation via DOM property overrides
Fixed in Firefox 1.0.2
MFSA 2005-32 Drag and drop loading of privileged XUL
MFSA 2005-31 Arbitrary code execution from Firefox sidebar panel
MFSA 2005-30 GIF heap overflow parsing Netscape extension 2
Fixed in Firefox 1.0.1
MFSA 2005-29 Internationalized Domain Name (IDN) homograph spoofing
MFSA 2005-28 Unsafe /tmp/plugtmp directory exploitable to erase user's files
MFSA 2005-27 Plugins can be used to load privileged content
MFSA 2005-26 Cross-site scripting by dropping javascript: link on tab
MFSA 2005-25 Image drag and drop executable spoofing
MFSA 2005-24 HTTP auth prompt tab spoofing
MFSA 2005-23 Download dialog source spoofing
MFSA 2005-22 Download dialog spoofing using Content-Disposition header
MFSA 2005-21 Overwrite arbitrary files downloading .lnk twice
MFSA 2005-20 XSLT can include stylesheets from arbitrary hosts
MFSA 2005-19 Autocomplete data leak
MFSA 2005-18 Memory overwrite in string library
MFSA 2005-17 Install source spoofing with user:pass@host
MFSA 2005-16 Spoofing download and security dialogs with overlapping windows
MFSA 2005-15 Heap overflow possible in UTF8 to Unicode conversion
MFSA 2005-14 SSL "secure site" indicator spoofing
MFSA 2005-13 Window Injection Spoofing
Fixed in Firefox 1.0
MFSA 2005-12 javascript: Livefeed bookmarks can steal private data
MFSA 2005-09 Browser responds to proxy auth request from non-proxy ssl server
MFSA 2005-08 Synthetic middle-click event can steal clipboard contents
MFSA 2005-07 Script-generated event can download content without prompting
MFSA 2005-05 Input stealing from other tabs
MFSA 2005-04 Secure site lock can be spoofed using view-source:
MFSA 2005-03 Secure site lock can be spoofed by a binary download
MFSA 2005-02 Opened attachments are temporarily saved world-readable
MFSA 2005-01 Link opened in new tab can load local file

re: Clarifying Low-Rights IE

Ekim — Sat, 11 Jun 2005 15:09:54 GMT

Mike, why not to list open bugs and how critical they are, huh?

re: Clarifying Low-Rights IE

Jie Ren — Sun, 12 Jun 2005 00:49:54 GMT

Having an easy-to-use manner for executing IE and its add-ons with less privileges is a great improvement. An ideal solution along this route would be even finer tuning of the comopnent architecture of IE and making every part only communicate securely, a job that is much more complex than a "simple secure protocol".

This task is made more challenging when you have millions lines of of legacy and third-party code to support. If FireFox keeps picking up market share, its vulnerabilities list might well enlarge at the same rate.

And for those think Unix is a "secure" OS by "design", a good hisotrical lesson would be to read some of the very early academic papers that were written when Unix was still a design "alternative" to Multics. At that moment the multitians argued that Unix was "insecure". Simple software and protocols can be proved to be secure, but for any large piece of code, the security comes from careful initial design and disciplined evolution.

re: Clarifying Low-Rights IE

fab — Sun, 12 Jun 2005 04:58:25 GMT

exactly Mike. If you don't watch the severity rating, your statement isn't even worth reading. Quantity != Quantity. And even if it were: (secunia.com security advisories):

Mozilla Firefox 1.x
Currently, 5 out of 18 Secunia advisories, is marked as "Unpatched" in the Secunia database.

Microsoft Internet Explorer 6.x
Currently, 20 out of 81 Secunia advisories, is marked as "Unpatched" in the Secunia database.

re: Clarifying Low-Rights IE

Ed — Mon, 13 Jun 2005 15:41:10 GMT

Supporting a lowered default user level is
how Windows ought to have been designed. It is good that Microsoft meanders in this direction.
IE will take advantage of what new features of Longhorn? Many are actually writing programs that talk to the internet and some of them have GUI's. How should these people modfify their programs? What new API's are assisting with this task? If a programmer uses the Internet Explorer SDK, will his or her programs be effected? How? What changes in the IE SDK are going to break applications?

Without answers to these questions, most of the discussion on "Low Rights" is marketing jibe. Can you give any of us some sort of indication when these question will be answered?

Thank you.

Low-Rights IE available in Longhorn only

Donna's SecurityFlash — Mon, 13 Jun 2005 19:26:32 GMT

Low-Rights IE available in Longhorn only

Donna's SecurityFlash — Mon, 13 Jun 2005 20:27:37 GMT

re: Clarifying Low-Rights IE

Ron Jeremy — Tue, 14 Jun 2005 13:57:30 GMT

Hey, ...

I wonder exactly how much the WinXP SP2 IE7 will differ from the Longhorn IE7 version?
Low rights browsing feature will be available only on Longhorn.

I *really* hope that IE7 will not diverge too much between SP2/Longhorn cause webdevelopers have to test their pagefunctionality in enough many browsers already

Ronny

IE 7 will provide better protection from Spyware

MyITForum - Security — Tue, 14 Jun 2005 16:19:03 GMT

IE 7 will provide better protection from Spyware

Microsoft Most Valuable Professional — Tue, 14 Jun 2005 17:03:57 GMT

re: Clarifying Low-Rights IE

No fanboy — Tue, 14 Jun 2005 17:59:42 GMT

Some of the posts on here, that down play and/or muddy up this security enhancement, show just how blind and ignorant some people can be. For starters, no Browser running on Windows has a feature such as this. All browsers have security holes(whether they get fixed quickly or exploited after the patch). The truely ignorant are the poor users that think they are and will be safe solely because they are not using IE. MS took a while but I like the direction all of this heading. I just wonder what some people will gripe about when they realize from XP SP2 on MS made a big shift in the right direction. But go ahead live in the past.

re: Clarifying Low-Rights IE

fasteddie — Tue, 14 Jun 2005 18:27:02 GMT

Okay, you say that for Low-rights to really work, you will have to install Longhorn. Why can't the Low-rights be made available with XP2? How much re-writing of the XP2 code would it take for that feature to made available now, seeing that every time MS comes with something new, we have to download a new operating system? I,frankly, am getting tired of having to update to a new OS. Haven't you coders heard of "KISS"? And, please, don't tell me that it cannot be done. I work for over 30 years in Data Processing, going back to the days of punch cards and then up the line.

re: Clarifying Low-Rights IE

Sam — Wed, 15 Jun 2005 09:16:18 GMT

To fasteddie... you have two options here:
1. You code the stuffs u've mention yourself
2. Use other OS

re: Clarifying Low-Rights IE

Kenneth Qvarfordt — Sat, 18 Jun 2005 18:54:08 GMT

I would like to know when the kind of code i've got posted at http://flum.se/ie/ WON'T be able to crash your IE & Computer. The latest entry to my crash page puts down both IE 6 SP1 AND WinXP totally!! And what exactly is this? Some naughty ActiveX code? Nope, it's just a normal <img src=... height="9999999999" width="999999999999"> As you can see, totally out of propotion and it even crashes the "beloved" firefox!

When will we see a fix for this and the other crash codes i've got there?

IE Blog

Office Development, Security, Randomness... — Fri, 05 Aug 2005 10:21:21 GMT

For those of you who haven't already heard, the IE team has a blog and recently...

Security strategy for IE7: Beta 1 overview, Beta 2 preview

IEBlog — Fri, 17 Mar 2006 22:01:40 GMT

Security as a feature can be hard to measure. I
want to provide some insight into our security strategy...

Sam’s Blog

Sam’s Blog — Sat, 23 Dec 2006 18:24:12 GMT

PingBack from http://sam.eye-c.co.uk/?p=

IE Security guy at Microsoft talks about IE security | Can Live

IE Security guy at Microsoft talks about IE security | Can Live — Mon, 21 Jan 2008 13:23:17 GMT

PingBack from http://canlive.net/ie-security-guy-at-microsoft-talks.html

IE Security guy at Microsoft talks about IE security | Etixet

IE Security guy at Microsoft talks about IE security | Etixet — Sun, 10 Feb 2008 07:05:47 GMT

PingBack from http://www.etixet.com/ie-security-guy-at-microsoft-talks.html

IE Security guy at Microsoft talks about IE security | Free Software Download

IE Security guy at Microsoft talks about IE security | Free Software Download — Sun, 10 Feb 2008 21:11:48 GMT

PingBack from http://software.hane.us/ie-security-guy-at-microsoft-talks.html

random thoughts » IE7 Beta Chat transcript from today

random thoughts » IE7 Beta Chat transcript from today — Sat, 07 Jun 2008 09:22:58 GMT

PingBack from http://thought.mobiforumz.com/2005/09/02/ie7-beta-chat-transcript-from-today/

Random Thoughts » Blog Archive » IE7 Beta Chat transcript from today

Fri, 11 Jul 2008 13:41:24 GMT

PingBack from http://winzenz.mobiforumz.com/2005/09/02/ie7-beta-chat-transcript-from-today/

Long Horn WIndows will never learn

We Wish Media — Sat, 13 Dec 2008 16:01:59 GMT

Source WOW way to never learn from the past. Share ...

Internet Explorer 7 een ramp voor websites? | hilpers

Internet Explorer 7 een ramp voor websites? | hilpers — Fri, 23 Jan 2009 15:24:07 GMT

PingBack from http://www.hilpers.nl/151491-internet-explorer-7-een-ramp

Geek News Central Podcast #72 2005-06-10 | Geek News Central

Geek News Central Podcast #72 2005-06-10 | Geek News Central — Sun, 19 Apr 2009 01:55:42 GMT

PingBack from http://www.geeknewscentral.com/2005/06/10/geek-news-central-podcast-72-2005-06-10/

IEBlog Clarifying Low Rights IE | Paid Surveys

IEBlog Clarifying Low Rights IE | Paid Surveys — Sat, 30 May 2009 02:29:29 GMT

PingBack from http://paidsurveyshub.info/story.php?title=ieblog-clarifying-low-rights-ie

IEBlog Clarifying Low Rights IE | Cellulite Creams

IEBlog Clarifying Low Rights IE | Cellulite Creams — Wed, 10 Jun 2009 04:50:01 GMT

PingBack from http://cellulitecreamsite.info/story.php?id=3829