IE7 being developed to resist hijackers

IE7 being developed to resist hijackers

Summary: The next version of Microsoft's much criticised Internet Explorer browser is being built to resist hijacking attempts by spyware and other malicious software, according to a Microsoft developer.

SHARE:
2
The next version of Microsoft's much criticised Internet Explorer browser is being built to resist hijacking attempts by spyware and other malicious software, according to a Microsoft developer.

Rob Franco, lead program manager for IE Security at Microsoft, confirmed in a blog entry on Thursday that IE7 for Longhorn will contain a feature called 'low-rights', which essentially removes admin rights so that the system will not allow unknown applications, such as spyware and other potentially dangerous code, to be installed without express permission from the user.

"When users run programs with limited user privileges, they are safer from attack than when they run with administrator privileges because Windows can restrict the malicious code from taking damaging actions... Any programs that the user downloads and runs will be limited by User Account Protection, unless the user explicitly gives the program Administrator privileges," said Franco.

Franco said that by restricting admin rights for Web surfers, users will be protected even if a malicious Web site tries to exploit a vulnerability in the browser.

"The Web site's code won't have enough privileges to install software, copy files to startup folder, or hijack the settings for the browser's homepage or search provider. The primary goal of Low Rights IE is to restrict the impact of a security vulnerability... It can limit the damage a vulnerability can do,' said Franco.

James Turner, security analyst at Frost & Sullivan Australia, said restricting admin rights is a very important development and one that Microsoft has been extremely slow to pursue.

"A Unix administrator would not dream of working in root as standard. We only logged in as root when something special/unusual needed to happen. It's been an issue for Windows administrators for years that standard users just shouldn't have local admin power," said Turner.

Microsoft's Franco confirmed that although IE7 will be made available for Windows XP SP2, the low rights browsing feature will only be available on the next version of Windows, codenamed Longhorn.

Topics: Malware, Browser, Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • want to hav suppport for windows 98 also
    anonymous
  • Longhorn? - MARKED AS SPAM BY AKISMET

    Thats funny, so they just decided to use Long tail solutions and change it to Horn? Wow NO ONE is home at Microsoft. What a dinosaur that whole name is becoming. Think for your selves, don't just copy the paper next to you. Don't get in bed with every software co to make your job easy... They will exploit your codes again, and you will be the same dumb vista guys. I also worked on an app that was adware related called long horn 3 years ago... Funny stuff
    Visit we wish media
    http://www.weeklywishingwell.org

    Or www.mysitesonfire.com
    anonymous