Presentation is loading. Please wait.

Presentation is loading. Please wait.

IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager.

Published byNicole Quinn Modified over 10 years ago

Similar presentations

Presentation on theme: "IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager."— Presentation transcript:

1 IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager

2 2 Agenda Goals Protected Mode Summary Architectural Overview Compat Features Getting in-proc add-ons to work Options for out-of-proc add-ons Becoming a Low Integrity Level client

3 3 Goals of Protected Mode Reduce the severity of threats to IE and threats to add-ons running in IE by eliminating the silent install of malicious code through software vulnerabilities Preserve compatibility whenever possible Provide the capability and guidance for add-ons to restore functionality Minimize required user involvement

4 4 Protected Mode Summary Protected Mode restricts IE from writing or sending window messages outside of low integrity resources like Temporary Internet Files (TIF) folder IEs process has less write-privileges than UAC It builds on the Mandatory Integrity Control (MIC) which restricts writes to higher integrity securable objects like files and reg keys It builds on the UI Privilege Isolation (UIPI) which restricts certain window messages to higher integrity processes This means Protected Mode is Windows Vista only Protected Mode uses COM to call two new broker processes which allow IE to write outside of the TIF A compatibility layer allows add-ons to elevate Integrity Levels Privilege High IL Admin Medium IL User Low IL Low

5 5 Enabling UIPI in the builds Toggle UIPI via the following regkey [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights] ON "EnableLowDesktopIL"=dword:0000000 1 Sets Protected Modes Desktop Integrity to Low OFF "EnableLowDesktopIL"=dword:0000000 0 Sets Protected Modes Desktop Integrity to Medium Protected Mode always runs with a Low Process Integrity and the MIC restricts writes outside of low locations

6 6 Download and Install of new ActiveX Same as XPSP2 with a new UAP credential prompt

7 7 Download and Install of New Toolbars Same as XPSP2 with a new UAP credential prompt

8 8 Architectural Overview

9 9 Compatibility Features In-proc add-ons (ActiveX controls, toolbars, etc) Have the same privileges as Protected Mode File system writes get re-routed to the TIF via a Compat Layer Can call Save As API to save files outside of the TIF Out-of-proc add-ons (Doc object servers, etc) Get Protected Modes restrictions by default Can elevate privilege Internet and Intranet sites run in Protected Mode Navigation between these zones and the Internet, Intranet or restricted sites zone spawn a new window Admins can change this through Group Policy Trusted Sites/Local Machine zone dont run in Protected Mode

10 10 In-proc: Compatibility Layer Redirects file and registry key writes to a virtualized, Low IL location HKCU\Software\Microsoft\Internet Explorer\Low Rights\Virtual Documents and Settings\%user profile%\Local Settings\Temporary Internet Files\Virtual Virtualized path is the full pathname added to the virtualized directory If Protected Mode tries to write here… …the virtualized write goes here: HKCU\Software\FooBar\ HKCU\Software\MS\IE\Low Rights\Virtual\Software\FooBar C:\Documents and Settings\%user profile%\FooBar C:\Documents and Settings\%user profile%\Local Settings\Temporary Internet Files\Virtual\FooBar

11 11 In-proc: Two Step Save As API to save files outside of the TIF Step 1: Call IEShowSaveFileDialog() with target location User is prompted with Save As dialog Returns the user-chosen target path Step 2: Call SaveFile() with source (low integrity location) to tell the User Broker to copy the file to the Target location

12 12 Out-of-Proc: Register to elevate out of Protected Mode Register your process name if your add-on launches a process that needs to elevate out of Protected Mode and run with Medium integrity (UAC Level) To minimize the need for additional end user involvement we will ship Windows Vista with the registry pre-populated Default behavior: If not on the allow list, IE displays an dialog

13 13 Out-of-Proc: Add Admin to the app manifest to elevate out of UAP *The Admin token should only be used for installing software Update install package to include new application manifest Mark application manifest as Admin by adding a requestedExecutionLevel=Administrator in the AdminBroker manifest Details are available in the UAP How To Document UAP How To DocumentUAP How To Document Example XML format: <security><requestedPrivileges> </requestedPrivileges></security></trustInfo> No need to add reg key to CreateProcess or CoCreateInstance list

14 14 Out-of-proc: Two Steps to run your software with Low IL like Protected Mode Step 1: During set-up, change the file or registry keys security descriptor to Low IL by: Retrieve Sacl from file handle Create new security descriptor with Low IL Create a new Sacl with Low IL SID and copy original Sacl info into new Sacl Step 2: Create Low IL process Create a SID with Low IL using TokenInformationClass = TokenIntegrityLevel Use ConvertStringSidToSid with SDDL_IL_LOW ConvertStringSidToSid

15 15 Builds and Documents Protected Mode is in Decembers CTP Build UIPI is not turned on by default in the builds You can get updated builds through the TechBeta program Documentation Protected Mode Tech Article Protected Mode Tech Article Protected Mode API Reference Protected Mode API Reference

16 Questions?

17 Appendix

18 18 FAQs What additional value does Protected Mode add above UAP? User Profile protection. For example, it restricts a BO in IE from overwriting My Docs Is there UI indicating that the user is in Protected Mode Yes, when Protected Mode is enabled for a zone the zone icon will have a Checked Shield icon overlay. Protected Mode IE IE in UAP Files downloaded from respective zone Created with Low integrity level Created with Medium integrity level Able to modify My documents NoYes Perform cross-process UI interaction with other applications on the desktop NoYes Inject a DLL and create a remote thread in another process NoYes Used to render.htm file in local machine zone YesYes

Download ppt "IEs Protected Mode in Windows Vista TM January 20, 2006 Marc Silbey Program Manager."

Similar presentations

Windows Vista Security Tidbits

Windows Vista Security Tidbits
MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.

MFA for Business Banking – Security Questions with Reset Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing.
How to Look at ExBPA Files Exchange Tech Talk 10/04/2004.

How to Look at ExBPA Files Exchange Tech Talk 10/04/2004.
Where Developers Matter Vista Enable Your Applications Fredrik Haglund, Regional Developer Evangelist

Where Developers Matter Vista Enable Your Applications Fredrik Haglund, Regional Developer Evangelist
Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.

17 Copyright © 2005, Oracle. All rights reserved. Deploying Applications by Using Java Web Start.
©2011 Quest Software, Inc. All rights reserved.. Andrei Polevoi, Tatiana Golubovich Program Management Group ActiveRoles Add-on Manager Overview.

©2011 Quest Software, Inc. All rights reserved.. Andrei Polevoi, Tatiana Golubovich Program Management Group ActiveRoles Add-on Manager Overview.
®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.

®® Microsoft Windows 7 for Power Users Tutorial 7 Enhancing Your Computers Security.
Services Course Windows Live SkyDrive Participant Guide.

Services Course Windows Live SkyDrive Participant Guide.
20 is the magic number! There are 20 phone preparation steps.

20 is the magic number! There are 20 phone preparation steps.
APP-V 5.0 SP2 (MDOP 2013 R2) Presenter - Fred

APP-V 5.0 SP2 (MDOP 2013 R2) Presenter - Fred
©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation

©2006 Microsoft Corporation. All rights reserved. Windows Vista Security Tidbits Steve Riley Senior Security Strategist Microsoft Corporation
Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft

Building on the Foundation of Windows Vista: Introduction to Windows 7: Security and Management Dan Stolts IT Pro Evangelist Microsoft
Configuring Windows Internet Explorer 7 Security Lesson 5.

Configuring Windows Internet Explorer 7 Security Lesson 5.
Windows Vista Security model and vulnerabilities.

Windows Vista Security model and vulnerabilities.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Changes in Windows XP Service Pack 2

Changes in Windows XP Service Pack 2
Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.

Chapter 6: Configuring Security. Group Policy and LGPO Setting Options Software Installation not available with LGPOs Remote Installation Services Scripts.
Installation Requirements. Agenda Installation requirements Installation options Installing to correct folder locations Installing Windows resources Creating.

Installation Requirements. Agenda Installation requirements Installation options Installing to correct folder locations Installing Windows resources Creating.
File sharing. Connect the two win 7 systems with LAN card Open the network.

File sharing. Connect the two win 7 systems with LAN card Open the network.

Similar presentations

Ads by Google