Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Lower Rights' IE 7.0 Coming

Posted by timothy on

blacktop writes "eWeek has official confirmation from a Microsoft vice president that the upcoming Internet Explorer 7.0 browser upgrade will ship with reduced privilege mode turned on by default to help thwart browser-based attacks. In addition to anti-phishing and anti-spoofing features, IE 7.0 will add support for IDN (International Domain Names), built-in RSS and seamless search that will include choices of search providers."

9 of 378 comments (clear)

  1. Interesting by James_Duncan8181 · · Score: 3, Interesting
    So Microsoft are finally properly going at a least-rights solution, but on a per app basis? This is quite a concession, as it shows that the MS campaign to have people not run as admin is not really working at all in the real world. There are still far, far too many shops who are used to coding for 9x to make multiuser practical, even among coders who should know better (I'm looking at you EA/Medal of Honor!).

    The other way that this will be fun is watching all of the *really* bad ISVs who assume that IE is a complete solution for their apps and will of course be able to alter the system config when they use it as a component.

    And you thought SP2 broke things? *laughs evily*

    --
    "To any truly impartial person, it would be obvious that I am right."
  2. IDN or IDNA by Ded+Bob · · Score: 2, Interesting

    After checking information on IDN, I noticed that there are two variations of international domain names. Anyone know whether Microsoft will actually be using IDN or Internationalizing Domain Names in Applications (IDNA)?

    I apologize in advance for my anti-Slashdot action of reading a little before commenting. :)

  3. Will only work if ActiveX is disabled by default by Motherfucking+Shit · · Score: 4, Interesting
    From TFA,
    The enhancements will build on the Security Zones feature in current versions of IE that allows customers to prevent untrusted Web sites from invoking ActiveX controls.
    Sounds to me like ActiveX will still be enabled by default, they're just going to improve on the ability to block it on a per-domain basis instead of a per-zone basis. This isn't enough. IMO, ActiveX is the biggest (non-bug) avenue by which users become infected with all sorts of shit. It needs to be outright disabled out of the box if IE is going to get serious about security.

    The conundrum is that so many sites now require ActiveX that if IE were to ship with it disabled, Joe Sixpack's favorite websites wouldn't work.
    --
    "BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
  4. Ok... by http101 · · Score: 3, Interesting

    Who the hell titles these articles? Lower rights and Lower permissions mean completely different things...

    If MS is adding support for IDN, I'm really going to stick with Mozilla. Does anyone remember the IDN spoofing exploit from Firefox on February 7, 2005? http://secunia.com/multiple_browsers_idn_spoofing_ test/

    Let's hope MS caps this hole before it happens. Unfortunately, MS has a reputation for adding bugs along with new features.

    --
    -- Game Developers: Stop porting badly-textured games from crappy console systems!
  5. the real problem with IDN by petermgreen · · Score: 2, Interesting

    is money grabbing registries.

    until those who run the major domain registries can come up with sensible rules for IDN (which imo means no international stuff in .com/.org/.net and only stuff appropriate to the language in question in the cctlds) then IDN is just going to be a paradise for troublemakers

    of course the regsitries don't care because all they care about is selling as many domains as possible which the current don't care policy promotes.

    if i were running a dns server i'd be very very inclined to set it up to simply block requests to IDN urls.

    --
    note: i'm known as plugwash most places but i screwd up registering that here somehow in the past and now can't register
  6. MS should ship Windows with Lower Rights by mindaktiviti · · Score: 2, Interesting

    When I installed Debian for the first time, it really urged me to have a regular user account, and to only use super user for things that require it, but otherwise I would just log in regularly. In Windows when you install it, you're an administrator automatically. How about they ship Windows with lower rights as well? I'm not being a troll or anything, but damn it - they need to do this for the greater good (i.e. internet).

  7. Re:So basically ... by Anonymous Coward · · Score: 1, Interesting

    RUNNING IE in a "runas limited user class" sandbox effect:

    It is actually possible to run IE securely: just create a throwaway restricted user account for IE use alone. The restricted account user can't install software and can't access files of other users, so even if IE autoexecutes any nastiness, it can't do any damage.

    Of course, it's a hassle to log in as a different user just to browse the web. So we'd want to use "runas" to run just IE as a different user.

    Unfortunately, MS has made running IE as a different user a little harder than necessary. Rightclicking and using "Run as" doesn't seem to work. What did work for me was the following.

    Say the limited account is called "IEuser". Then create a shortcut to "runas /user:IEuser cmd". on your desktop. Double-clicking this will open a command prompt that runs as IEuser. Now you can manually start IE with "start iexplore". Or create a batchfile c:windowsie.bat that just contains the line "start iexplore" and you can start IE by just typing "ie". Remove all shortcuts to IE from you normal desktop and only run it from the restricted account. This way you can use IE without worry about any IE exploits

    APK

  8. Re:WHAT?? by The_Wilschon · · Score: 2, Interesting

    From the jargon file:

    Also, note that all nouns can be verbed. E.g.: "All nouns can be verbed", "I'll mouse it up", "Hang on while I clipboard it over", "I'm grepping the files". English as a whole is already heading in this direction (towards pure-positional grammar like Chinese); hackers are simply a bit ahead of the curve.

    --
    SIGSEGV caught, terminating

    wait... not that kind of sig.
  9. You missed his point completely by FatAssBastard · · Score: 2, Interesting

    Microsoft competes with Oracle, what a shock that an update broke their application.

    I remember way back when Windows 98 came out, there was an article that listed the top five applications broken by the upgrade from Windows 95. The number one broken application (by number of reports) was Lotus Notes. Very shocking that they were battling Lotus with Exchange.

    The article didn't even point it out as being possibly intentional, just printed the list. No one even made a stink about it, which I thought was interesting at the time.

    You can call me a foilhat conspiracy theorist if you like but this has happened over and over and over with Microsoft. One eventually begins to question whether these are all truly honest mistakes.

    --
    /.: why the hell am I here?