Browser Security News

IE7 on vista runs in a protected mode. All request of the operating system, such as "open a file" are tightly control. In fact, the windows registry and file system are segmented in such a way that allows this protected mode to write volital changes without effecting the rest of the machine.

This significantly reduces the vulnerability surface area of IE — Even if you could get an evil activeX control install temporarily, it would be running with low permissions therefore you wouldn’t be able to comprise the rest of the system easily. You would still be able to steal passwords, etc. But It would be very hard to write files to the hard disk, read from the My Documents folder, etc. Although if an exploit exists, you probably could write keyboard sniffer in the browser for the given session.

Firefox (and just about every other piece of software currently available), currently, runs as a normal application on Vista. Firefox is prevented from writing to Program Files, and other global places. But we can certainly write to the Documents and Settings, etc. So, an exploit could mean the user can be effected, but the system itself (including other users) will not be effected. DougT’s Ramblings: IE7 low rights notes.