Low-Rights IE Only for Longhorn Users
Rob Franco, Lead Program Manager for Internet Explorer Security at Microsoft posted a missive to the IEBlog hoping to dissolve the confusion surrounding a planned security future that will be found in IE7. IE7 will run in a reduced privilege mode called “Low-Rights IE” that will limit the actions of malware.
But the safeguard will not be available to everyone - only users that upgrade to Longhorn will be protected. And even Longhorn users may be vulnerable at another well known exposure point: Microsoft will not modify the default security settings for ActiveX and scripting, which account for a large number of known vulnerabilities.
Microsoft has programmed Longhorn to make it possible for users to have normal Windows sessions while having reduced user account privileges - making the browser safer to use than when it ran with full administrative privileges.
Longhorn’s predecessor, Windows XP, does not have this capability and cannot offer users the protection of Low-Rights IE. Users that do not upgrade to Longhorn will remain vulnerable to malware that can hijack default settings, modify system files and install malicious software.