Microsoft und IE 7
Neulich stand im IE7-Blog eine Mitteilung über ein „Low-Level“ Sicherheits Feature im neuen Internet Explorer, das „if a malicious site attacks a vulnerability in IE, the site?s code won?t have enough privileges to install software, copy files to Startup folder, or hijack the settings for the browser?s homepage or search provider“.
…was allerdings nur mit dem neuen Windows namens „Longhorn“ funktionieren soll.
…und außerdem „doesn?t ?fix? vulnerabilities, but it can limit the damage a vulnerability can do“.
…hinzu kommt, daß „Low-rights IE will not change IE security settings for ActiveX and script as the Enhanced Security Configuration for IE on Windows Server 2003 did“.
Worauf in einem Kommentar zu lesen ist:
"[...] The only way I can envision MS successfully securing IE is to have it run in it's own virtual environment, with it's own little filesystem and everything - just enough to do it's work.
[...] This would be sort of like, oh, I don't know, every multi-user timeshared operating system ever. MVS. VMS. Unix. VOS. If you ever manage to do this, then you'll catch up to where the mini platforms were back in 1978. Yay, innovation!"
Noch Fragen?