Rob Franco, lead program manager for IE Security at Microsoft, wrote in a blog entry on Thursday that for Longhorn will contain a feature called "low rights IE." The feature essentially removes administrator rights, so that the system will not allow unknown applications, such as spyware and other potentially dangerous code, to be installed without express permission from the user.
"When users run programs with limited user privileges, they are safer from attack than when they run with Administrator privileges, because Windows can restrict the malicious code from taking damaging actions...Any programs that the user downloads and runs will be limited by User Account Protection, unless the user explicitly gives the program Administrator privileges," wrote Franco, whose authorship of the blog was confirmed by a Microsoft representative.
Franco said that by restricting administrator rights for Web surfers, users will be protected even if a malicious Web site tries to exploit a.
"The Web site's code won't have enough privileges to install software, copy files to startup folder, or hijack the settings for the browser's homepage or search provider. The primary goal of Low Rights IE is to restrict the impact of a security vulnerability....It can limit the damage a vulnerability can do," Franco wrote.
James Turner, security analyst at Frost & Sullivan Australia, said restricting admin rights is a very important development and one that Microsoft has been extremely slow to pursue.
"A Unix administrator would not dream of working in root as standard. We only logged in as root when something special/unusual needed to happen. It's been an issue for Windows administrators for years that standard users just shouldn't have local admin power," Turner said.
Microsoft's Franco confirmed that though IE7 will be made available for Windows XP SP2, the low rights browsing feature will be available only on the next version of Windows, code-named Longhorn.
Munir Kotadia of ZDNet Australia reported from Sydney.