Unveiling IE 7 and Integrity Levels
When you are browsing the Internet, your computer is exposed to many malicious attackers, programs, malware, adware, viruses, and Web sites that are lethal. Many of you feel that if you have a good firewall installed on your personal computer, security is set up on your Windows XP SP2 computer, IE security is configured as much as possible, or you just do not go to "bad sites" you will be fine. Unfortunately, the malicious attacks are far more advanced every day and the majority of these protective options are just not enough. Although many of you reading this have stayed away from Windows Vista, I encourage you to read ahead and see what Vista provides over Windows XP with regard to protection on the Internet. If you have ever had your computer infected with a virus, attacked by malware, or received an add on without your consent via the Internet... Windows Vista can help with all of these without any effort. This article will discuss how Windows Vista's Internet Explorer 7 comes with Protected Mode, works with User Account Control, and provides Integrity Levels to protect your every move on the Internet.
The Benefits of User Account Control (UAC)
I know that UAC has been covered for a while now, but for those that are not too sure what UAC provides, let's dive under the hood. Let us consider an example.
When an administrator is logged on to her desktop as a user account having membership in the administrators group, all tasks are performed with administrator privileges. This means that ANY application or ALL Internet browsing is done with administrative privileges. As soon as the same user is logged into a Vista computer where UAC is enabled, the entire scenario changes. When UAC is enabled, the user (logged in with an account having membership in the administrators group) is a standard user for all tasks initiated. This means that any malicious software only has standard user access... which is very limited.
This is the truest definition of LUA (least privilege user access), which I have written on many times and are linked below.
UAC accomplishes this by modifying the user authentication and process tokens to not include the administrators group. You can clearly see this limitation if you view the process token for a user that is logged into a Vista computer while running as a user that has membership in the administrators group.
To see this, logon to a Vista computer as Administrator, then click on the Start button | All Programs | Accessories | Command Prompt. After you have done this, launch the Process Explorer and look for the cmd.exe process (it will be under the explorer.exe process), as shown in Figure 1.
Figure 1: Process Explorer shows all running processes
Now, double-click the cmd.exe process to display the Properties sheet, then select the Security tab, as shown in Figure 2.
Figure 2: The cmd.exe Properties sheet includes a Security tab to show the security of the process
Figure 2 shows that the Administrators group has a "Deny" associated with it, which is the reduction in privileges for the user.
IE 7 Protected Mode
IE 7 comes with a new feature that can be enabled and disabled, which is called Protected Mode. Protected Mode is not a single technology, rather it includes technologies under the umbrella of the term Protected Mode. The two most important technologies in Protected Mode are UAC and Integrity Levels.
We have already looked at UAC and will dissect integrity levels in the next section. For now, let us look at how to enable Protected Mode and see where it is working.
To enable Protected Mode within IE, go to the Tools toolbar option, then, select Internet Options. Once in the Internet Options window click on the Security tab, shown in Figure 3.
Figure 3: Security tab for Internet Options configuration
By default all of your zones will be configured to run in Protected Mode, except for the Trusted Sites zone. You can modify all of the default settings to meet your needs.
Once you have Protected Mode enabled, you can see it in action on every site that you visit. At the bottom of the page you will see that Protected Mode is On or Off. Figure 4 illustrates a site where Protected Mode is enabled.
Figure 4: Protected Mode is displayed at the bottom of each Web site you visit
Looking Into Integrity Levels
The concept of integrity levels comes from the idea that there are different areas of the computer operating system memory that is accessible and controllable. Historically, all applications, including IE and Web applications have run under the same memory areas. This has allowed malicious applications to take advantage of the user privilege level (administrator) and access other applications running in memory. This has exposed too much to malicious code that was accessed from the Internet, but now IE 7 in Windows Vista closes that door.
Integrity levels combine the concept of UAC with features in IE 7. IE 7 now isolates itself from other applications that are running on the computer. This limits what malicious code, applications, and add-ons can access via Internet Explorer. This is accomplished within Windows Vista via different integrity levels. IE 7 runs at "Low" integrity level, which means that it can only communicate with other applications that are running at "Low". Most applications are running at "Medium" integrity level, which is where the isolation occurs. Since the applications that malicious code wants to communicate with are running at a higher level (Medium), the communication is not allowed. You can clearly see these integrity levels by using Process Monitor when IE is running. Figure 5 illustrates iexplorer.exe when viewed with Process Monitor.
Figure 5: IE 7 runs with Low integrity levels
Windows Vista and IE 7 provides a more secure environment. If an industry claimed "more secure" product is investigated while running on Windows Vista, it is clearly not taking advantage of this integrity level security model. Figure 6 shows FireFox process and integrity level within Process Monitor.
Figure 6: Firefox runs with Medium integrity levels
This makes IE 7 more secure and overall protects the computer better than if not running IE 7 on Vista.
Windows Vista and IE 7 come with some fantastic security features. First, UAC is a security feature that can be leveraged to help protect the computer and user from applications and other malicious code that wants to access the computer as "administrator". IE 7 provides a full laundry list of security features, which include Protected Mode and integrity levels. Protected Mode can be configured for all zones within IE, at your discretion. You can also clearly see if Protected Mode is On or Off when viewing each Web site. Finally, IE 7 comes with built-in integrity levels. These levels isolate IE from all other applications that are running on the computer. This isolation keeps any malicious code from communicating with the operating system and other applications running on the computer.