How does Internet Explorer 7's "Protected Mode" work on Windows Vista? What is Mandatory Integrity Control?

Steve Riley's posted a nice explaination of how Windows Vista's Mandatory Integrity Control works. This important technology is a core part of the way Windows Vista is architected to use low privilege wherever possible. It's one of those significant security changes that's hidden "under the covers" which will reduce your system's attack surface.

Internet Explorer 7 is denoted as "Internet Explorer 7+" on Windows Vista to signify it's adoption of benefits that are only available on the new platform. Under Windows XP Internet Explorer runs in the same context as the logged in user and therefore is able write to all areas of the file system as the user. If the user has administrative rights then Internet Explorer and potentially scripts and exectutables downloaded and exectuted by it are potentially able to reconfigure the system and introduce malware such as spyware, worms, viruses and cloaking technology such as root kits.

Internet Explorer 7+ takes advantage of Mandatory Integrity controls to implement trust boundaries between itself and other parts of the system - this is known as "protected mode". IE actually runs with less privilege than a regular user EVEN IF you are logged in with administrative rights therefore if you accidentally trigger some malicious software whilst browsing it will not be able to install and execute.

Any application software running under Windows Vista can take advantage of Mandatory Integrity Control - IE is just the first - so if you write software or engage others to do so then it's well worth considering as even if a vulnerability is subsequently found in your software it's not likely to expose the security of the operating system.

Steve's post delves into the detail of how Mandatory Integrity Control works.