Internet Explorer Protected Mode and Vista Support
Every online business is now competing to capture the most strategic real estate of the Internet-users' browsers.
Placing your branded toolbar in user's browsers has become a vital part of your Web site strategy.
Other functional benefits of toolbar customization are as follows: oFor easy navigation of websites.
oFor easy navigation of search keywords.
oFor keeping the bookmarks of the websites.
oFor creation of toolbar buttons by dragging and dropping the URLs oFor Blocking the Popup oFor giving notifications to users for IE Events oFor capturing the contents of webpage oFor getting the content of RSS Feeds...
etc.
So bringing you to the latest news on the block is the Internet Explorer's Protected Mode.
It's certainly a new feature in the Microsoft Vista Operating System, also considered as one of the pieces of the User Account Control (UAC).
The Protected mode is basically designed to protect the computer by restricting the parts of the system, which can effect the code running in IE.
So if a malicious web page exploits a code-injection bug in IE or an IE plug-in, that code will not be able to damage the system.
Vista also introduces you to a new attribute on securable objects called the Mandatory integrity level.
This comprises of four levels: The "System" level, used by OS components, and should not be used by other applications.
"High" which is the level of processes that are running, elevated with full admin rights.
"Medium" the processes launched in the normal fashion, and the "Low" used by IE and Windows Mail to provide protected mode.
To further this discussion, Windows stored information about a process also includes which integrity level it was launched with.
This level can never change once the process is started, it can only be set at the time the process is created.
To make this simple, a process's integrity level has three main effects such as: oAny securable objects that the process creates get that same integrity level.
oThe process cannot access a resource whose integrity level is higher than the process's own level.
oThe process cannot send window messages to a process that has a higher integrity level.
So if you want to determine, if your extension is running in a protected mode IE process? ..
..
You can use IEIs Protected Mode Process which will return the BOOL Parameter whether protected or not.
As good as it gets.
Now, the most obvious question would be ..
..
How does VISTA support help in developing a toolbar here? Most of the plug-ins need Registry and/or File system access for reading and/or writing operations, these operations can be done without problem when Internet Explorer Protected mode is Disable.
The challenge here lies is when the protected mode is enabled.
An extension can only write to a few directories under the user's profile.
There are special low-integrity directories under the TEMP, Temporary Internet Files, Cookies, and Favorites directories that are writable.
Internet explorer also has some compatibility shims, which virtualizes other commonly-used directories.
The Write operations to those directories are redirected to a subdirectory of Temporary Internet Files.
If an extension tries to write to a sensitive location, like the Windows directory, that operation will fail.
The Developers however need to use VISTA SDK for getting the File system Writable Location, for downloading any files OR for doing any File system operations.
To start with, VISTA SDK can be downloaded at http://www.
microsoft.
com/downloads/details.
aspx?familyid=ff6467e6-5bba-4bf5-b562-9199be864d29&displaylang=en If your wondering, How to Enable / Disable Internet explorer Protected Mode? You can simply open the Control panel from your Windows Login User account settings; you will see the optional mode to turn the User Account Control on or off.
From this screen you can easily disable the Internet Explorer Protected mode, making sure that the "Use User Account Control (UAC) to help Protect your computer" option is unchecked.
You need to remember to restart you PC once this setting is changed to proceed.
Simple, isn't it?
Placing your branded toolbar in user's browsers has become a vital part of your Web site strategy.
Other functional benefits of toolbar customization are as follows: oFor easy navigation of websites.
oFor easy navigation of search keywords.
oFor keeping the bookmarks of the websites.
oFor creation of toolbar buttons by dragging and dropping the URLs oFor Blocking the Popup oFor giving notifications to users for IE Events oFor capturing the contents of webpage oFor getting the content of RSS Feeds...
etc.
So bringing you to the latest news on the block is the Internet Explorer's Protected Mode.
It's certainly a new feature in the Microsoft Vista Operating System, also considered as one of the pieces of the User Account Control (UAC).
The Protected mode is basically designed to protect the computer by restricting the parts of the system, which can effect the code running in IE.
So if a malicious web page exploits a code-injection bug in IE or an IE plug-in, that code will not be able to damage the system.
Vista also introduces you to a new attribute on securable objects called the Mandatory integrity level.
This comprises of four levels: The "System" level, used by OS components, and should not be used by other applications.
"High" which is the level of processes that are running, elevated with full admin rights.
"Medium" the processes launched in the normal fashion, and the "Low" used by IE and Windows Mail to provide protected mode.
To further this discussion, Windows stored information about a process also includes which integrity level it was launched with.
This level can never change once the process is started, it can only be set at the time the process is created.
To make this simple, a process's integrity level has three main effects such as: oAny securable objects that the process creates get that same integrity level.
oThe process cannot access a resource whose integrity level is higher than the process's own level.
oThe process cannot send window messages to a process that has a higher integrity level.
So if you want to determine, if your extension is running in a protected mode IE process? ..
..
You can use IEIs Protected Mode Process which will return the BOOL Parameter whether protected or not.
As good as it gets.
Now, the most obvious question would be ..
..
How does VISTA support help in developing a toolbar here? Most of the plug-ins need Registry and/or File system access for reading and/or writing operations, these operations can be done without problem when Internet Explorer Protected mode is Disable.
The challenge here lies is when the protected mode is enabled.
An extension can only write to a few directories under the user's profile.
There are special low-integrity directories under the TEMP, Temporary Internet Files, Cookies, and Favorites directories that are writable.
Internet explorer also has some compatibility shims, which virtualizes other commonly-used directories.
The Write operations to those directories are redirected to a subdirectory of Temporary Internet Files.
If an extension tries to write to a sensitive location, like the Windows directory, that operation will fail.
The Developers however need to use VISTA SDK for getting the File system Writable Location, for downloading any files OR for doing any File system operations.
To start with, VISTA SDK can be downloaded at http://www.
microsoft.
com/downloads/details.
aspx?familyid=ff6467e6-5bba-4bf5-b562-9199be864d29&displaylang=en If your wondering, How to Enable / Disable Internet explorer Protected Mode? You can simply open the Control panel from your Windows Login User account settings; you will see the optional mode to turn the User Account Control on or off.
From this screen you can easily disable the Internet Explorer Protected mode, making sure that the "Use User Account Control (UAC) to help Protect your computer" option is unchecked.
You need to remember to restart you PC once this setting is changed to proceed.
Simple, isn't it?
Source...