Internet Explorer is different. In Internet Explorer you actively seek out pages written by other people. And so your browser is vulnerable, because any of those pages you visit could be owned by a bad person (or hacked by a bad person) and so could exploit flaws in your browser. You solicit all this input from other locations, and there’s no real way of trusting any of it.
To that end, Internet Explorer Protected Mode creates for Internet Explorer an environment that’s even less capable than the normal UAC environment. It can write to a handful of hard disk locations (primarily its cache), and it can write to a small number of registry locations and… that’s about it. It has the access it needs to browse the web, but nothing more. What this means is that if some Internet Explorer flaw is found and exploited, it can’t even harm the user. The browser may crash or otherwise go haywire, but if it’s restarted, everything should be okay again, with no damage done. This should make Internet Explorer a great deal safer than it is today and perhaps the safest browser for Windows, at least until other browsers adopt a similar mechanism.
That was one aspect of Vista I hadn’t previously been aware of and it’s weird to think that Internet Explorer under Vista may actually be the safest browser in user at the moment, but there you have it.
The article also details how Vista makes working with a standard user account (as opposed to Administrator) a lot less painful by using techniques such as virtualization to trick poorly coded programs that want to write to shared areas of the system into thinking that they’ve successfully done so when, in fact, Vista has redirected the data to the user’s profile folder. Additionally Vista brings address space layout randomization to the table to prevent one of the most common vulnerabilities used to launch malicious code: the buffer overflow error.
If the attacker no longer knows where in memory he has to go, he can no longer write a successful exploit. He can still make the flawed program crash (which going to a random memory location will tend to do), but he can’t use it to compromise the machine. His only hope is to guess at the memory location he has to go to, but most of the time his guess will be wrong.
ASLR provides significant mitigation against attempts to exploit buffer overflows and should significantly reduce the exploitability of Vista. ASLR is not a new concept—OpenBSD and certain “hardened” Linux distributions have been doing something equivalent for a number of years now—but it’s good to see it on a mainstream OS that will get wider usage than OpenBSD or secure Linux.
Whatever other criticisms one may have of Windows Vista (the DRM implementation is one we’ve discussed at length here on SEB) the fact is that Vista does bring with it quite a few improvements that should make it more secure and robust than XP.
The Ars article also covers the improvements to networking, storage, and I/O prioritization under Vista that make reading the whole article worthwhile. I don’t want to cut and past too much of it here, but there’s some good bits you’ll want to check out to have a better understanding of why, for example, Vista has a much larger memory footprint than XP (it’s to do with the new storage system). Go check it out.