Windows Integrity Control
This posting does a good job explaining the new feature, but here's a quick summary.
In addition to the normal ACL security checks that we've come to know and love, Vista has added a new layer called integrity control. Effectively, every ACL controlled item (you, files, folders, processes, threads, registry keys, etc.) now has an integrity level of one of the following: low, medium, high or system.
So, a process running at low integrity (IE7 uses this in it's protected mode) doesn't have access to anything marked above that (e.g., the user's files). This is why IE7 items downloaded from the internet (which run in low integrity) can only access special temp folders and not your documents.
Unlike the UAC aspects of Vista, which are hard to miss, this new layer is going to be mostly hidden to everyone except the hackers - it primarily blocks standard attack routes into Windows. However, if you do experience an issue with it, or know of software that is going to have problems, please feel free to post it here - or better yet, let Steve Riley know!
Comments