Jaa

Running IE with SAFER

  • Artikkeli

Michael Howard recently did a two part series on MSDN about browsing the web and reading email safely as an Administrator (part 1 | part 2).  Today he's got a Quick Start posted on his blog to get IE setup to run with SAFER.  Personally, I prefer the run as normal user route, but if you've got to be an admin on your machine, this is certainly a big step up from browsing the web with full administrative rights.

Comments

  • Anonymous
    January 31, 2005
    The comment has been removed
  • Anonymous
    January 31, 2005
    I think Opera will be the end of Firefox.
  • Anonymous
    February 01, 2005
    and IE the end of Opera anyway
  • Anonymous
    February 08, 2005
    The thing that bothers me about Mike's approach is that it's subject to all kinds of luring attacks. As an example, unless you're in a job with JOB_OBJECT_UILIMIT_HANDLES, window messages aren't secured between processes running in the same window station. What's to stop the sandboxed application from sending window messages to Explorer? Start | Run | Malicious Code of Your Choice | <enter>.

    I agree with you that running as a non-admin in the first place is the best possible plan. Mike's trick will be useful until someone discovers the 10 lines of code it takes to get around it.

    Another thing that bothers me is neither the Platform SDK nor Mike's article discusses the problem wrt the partial trust SAFER levels. I think people might get a false sense of security from this.
  • Anonymous
    February 08, 2005
    Like I said, running as a non-admin is my prefered way to go as well :-) As to the message attack, Windows people will tell you that the Desktop is the security boundary. In order to do this safely you need to actually run as admin in a seperate desktop.

    -Shawn