More details on Protected Mode IE in Windows Vista

Hello, I’m Marc Silbey, a Program Manager focused on IE security. I’m back from my honeymoon and I want to follow-up to Rob’s last post on IE7 Security by providing you with more detail on Protected Mode’s compatibility features and by telling you about a related workaround to a known issue in the first Community Technology Preview (CTP) build of Windows Vista.

As Rob mentioned, Protected Mode helps to eliminate the silent install of malicious code through Windows Vista’s User Account Protection (UAP) technology by blocking writes outside of the Temporary Internet Files (TIF) folder. Protected Mode also leverages UAP’s User Interface Privilege Isolation (UIPI) to help prevent Window messages from being sent to higher privilege processes.

For this release, security is our number one priority and preserving compatibility is a close second priority. To maintain compatibility, Protected Mode launches broker processes at the user and admin privilege levels to accomplish elevated operations like saving web pages and installing ActiveX controls through UAP’s Application Info Service (AIS).

User Account Protection is enabled in the Windows Vista CTP build, but Protected Mode work is not done yet and hence users are unable to install ActiveX controls in the default configuration. To solve this problem, the following procedure can be used to temporarily elevate IE’s permissions:

  1. Start IE with elevated permissions: click Start, point to All Programs, right-click IE, and then select Run Elevated.
  2. Perform the ActiveX installation.
  3. Exit the current instance of IE.
  4. Start a new instance of IE normally (without Administrator permissions).

Protected Mode also includes compatibility features which allow most add-ons to continue running unaffected and which provides impacted add-ons with feasible implementation options. For example, a compatibility layer automatically redirects file writes to the TIF, a new SaveAs API prompts the user with a File Save dialog thus allowing add-ons to write outside of the TIF, and the User-level broker provides a way for add-ons to bypass Protected Mode for certain secured API calls given user consent. 

For more details on Protected Mode including a demo of how Protected Mode helps protect users, check out our Channel9 Interview of Rob Franco and Robert Gu, lead developer for Protected Mode.

I look forward to writing more on this topic in the coming months and to reading your feedback on Protected Mode.

 - Marc

Comments

  • Anonymous
    January 01, 2003
    Nice one Marc...keep updating us with good info

  • Anonymous
    January 01, 2003
    You say it uses Vista's UAP. Does that mean that protected mode will not be available in XP?

  • Anonymous
    January 01, 2003
    Does "Run As Elevated" require that the user enter their user account password before they can continue?

    Or will it require it to install ActiveX controls?

    I'd hate for the final version of Vista to make it so users feel they'll have a better experience when running IE in elevated mode.

  • Anonymous
    January 01, 2003
    Corned Bee, Dean's post from the other day states, about Protected Mode:

    "Because the foundation work to make this possible is in Windows Vista, this feature is not available on the XP version of IE7."

    Al Billings [MSFT]

  • Anonymous
    January 01, 2003
    Rosyna presents a valid point, that is users ALWAYS, or being driven to the point to, using IE in elevated mode.

    Even Windows 2000 users still have a glimmer of hope by using least privilege, and creating a shortcut to Run As IE when elevated privileges are needed.

    Speaking of XP, when can we expect an XP SP2 release of IE7? All you need to do is add tabs and the phishing filter and other minor things, but we won't be seeing all this in IE7 for XP so I thought we would expect a sooner release.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Rosyna: Yes, but you missed the point of Marc's post- running IE elevated to install an ActiveX control is just temporary in the CTP build of Windows Vista. It won't be that way at RTM.

    Redxii: Users in Windows Vista won't need to run in elevated mode. That's the point of Protected Mode, and all the work we're doing to make it functional. And, even if they do, IE still won't have all the priveleges of the user they're running it as (see previous blog posts). As for your question, "when can we expect an XP SP2 release of IE7," well Beta 1 is already out. Folks who are on the Windows Vista beta have access. If your question is "when is a public beta" well-- you'll just have to wait for now. I don't believe there's been any public date released yet.

    -Christopher [MSFT]

  • Anonymous
    January 01, 2003
    Chris, you and your buddies at Microsoft do realize that the IE7 and Vista beta are widely available over the internet... Stop acting like they aren't.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Sounds really cool.

    Is there going to be any chance of blocking downloads by detected MIME in group policy. I know that this would help LOADS of organisations out.

    You already have the technology, now give us the control. :-)

    Cheers,

    Nick

  • Anonymous
    January 01, 2003
    <<the IE7 and Vista beta are widely available over the internet... Stop acting like they aren't. >>

    I don't see anyone acting like the betas aren't illegally available on Warez sites. But do you expect MS to advocate illegal distribution of any product? Furthermore, what odds are there that a warez'd copy contains some "special surprises" added by the crooks who pirated the code?

  • Anonymous
    January 01, 2003
    Even though its not relavant to post this topic here, though ieblog guys should know about this.

    Here is the latest bugs of IE7 on Vista:
    http://www.msvistablog.net/comment.php?comment.news.58

  • Anonymous
    January 01, 2003
    If you're a legitimate tester, why don't you just submit the bugs through Connect like you're supposed to?

  • Anonymous
    January 01, 2003
    Anona, You mention Protected Mode not applying to a host of the WebOC. That's correct, in Protected mode, the IE process is actually launched with lower privileges so it does not apply to the WebOC. It is possible for any ISV to configure their application to launch with lower privileges. Any app that handles data from the network could be made safer by running with lower privilege. Based on the response I got at the PDC, don't be surprised if other products also decide to run with least privilege.

    - Rob Franco [MSFT]

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Developers! Developers! Developers! Developers! Developers! Developers! Developers! Developers! Developers! Developers! Developers! Developers! Developers! Developers! Developers!

    :D

  • Anonymous
    March 29, 2006
    Hej,
    Det finns mycket att skriva om Internet Explorer 7. I denna post t&#228;nkta jag bara n&#228;mna den viktigaste...

  • Anonymous
    May 27, 2006
    PingBack from http://adamcaudill.com/2006/05/27/internet-explorer-7/

  • Anonymous
    May 29, 2006
    PingBack from http://readmaniac.pbworks.net/2006/05/29/internet-explorer-per-vista-col-plus/

  • Anonymous
    December 12, 2006
    One of the big concerns of anyone considering moving to Windows Vista is “How many of my applications

  • Anonymous
    February 11, 2007
    PingBack from http://www.itwriting.com/blog/?p=122

  • Anonymous
    March 05, 2007
    PingBack from http://www.errorforum.com/microsoft-windows-vista-error/11067-cannot-print-pdf-files-acrobat-7-windows-vista-home-premuim-uac-security.html#post13797

  • Anonymous
    July 31, 2007
    http://bathroomdesign.greatnow.com/bathroom-vanities bathroom vanities

  • Anonymous
    August 02, 2007
    http://bathroomdesign.greatnow.com/bathroom-faucets bathroom faucets

  • Anonymous
    August 03, 2007
    http://bathroomdesign.greatnow.com/bathroom-sinks bathroom sinks

  • Anonymous
    August 04, 2007
    http://bathroomdesign.greatnow.com/bathroom-vanity-cabinet bathroom vanity cabinet

  • Anonymous
    August 04, 2007
    http://bathroomdesign.greatnow.com/bathroom-vanity bathroom vanity

  • Anonymous
    January 21, 2009
    PingBack from http://www.hilpers.it/1504827-la-modalita-protetta-di-ie7

  • Anonymous
    May 29, 2009
    PingBack from http://paidsurveyshub.info/story.php?title=ieblog-more-details-on-protected-mode-ie-in-windows-vista

  • Anonymous
    May 31, 2009
    PingBack from http://outdoorceilingfansite.info/story.php?id=530

  • Anonymous
    June 13, 2009
    PingBack from http://outdoordecoration.info/story.php?id=410

  • Anonymous
    June 16, 2009
    PingBack from http://topalternativedating.info/story.php?id=6898