Barney's Blog

Blog archive

IE 10 Security's Bumpy Roadblock

If you are relatively young, you think protected mode is an IE feature that stops hackers from loading malicious code (or tries to) or changing your security settings (or tries to).

If you have graying hair and are overdue for a colonoscopy you think protected mode is a way of tricking an Intel 80286 processor into addressing more than 640K (yes kilobytes) of memory so it can run Windows.

IE 10 now has an enhanced protected mode (EPM), a feature testers will eventually stumble over.

The news is good and bad. Whenever you tighten security you harm user experience. Just look at what Maxwell Smart had to go through to get into Control headquarters (if you get this reference, you probably know the first definition of protected mode, something Bill Gates pontificated on at many gatherings.)

In the case of IE 10 and the Metro interface, there is the AppContainer Sandbox. The great part is this doesn't share cookies across apps. The bad part? It doesn't share cookies across apps, so you are putting in user names and whatnot to get base level functions from some Web sites.

The nice part? When a hacker hijacks one page, he can't steal your data from another.

Posted by Doug Barney on 03/28/2012 at 1:19 PM


Featured

  • Industrial Control System Honeypot Illustrates Bad Security Practices

    Security solutions provider Trend Micro has published results (PDF) from running an industrial control system (ICS) "honeypot."

  • Ransomware: What It Means for Your Database Servers

    Ransomware affects databases in very specific ways. Joey describes the mechanics of a SQL Server ransomware attack, what DBAs can do to protect their systems, and what security measures they should be advocating for.

  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.