When is your shiny new Windows Vista protected against evil Web threats? Not as often as we were all led to believe in all those Microsoft Windows Vista ads. I ran across this post from Microsoft's Internet Explorer blog site shortly after the software giant patched the animated cursor flaw in Windows Vista with the release of MS07-017. Microsoft has said that users running IE 7 under Windows Vista are better protected from the malicious effects of Web exploits such as the animated cursor exploit than users running IE 7 under Windows XP IE 7 due to the introduction of a new "sandbox" element (called Protected Mode) within the new operating system. For example, in the case of the animated cursor attack, with Protected Mode enabled, remote attackers can only view files on an infected Windows Vista machine, not run malicious code. Now it seems there are exceptions.
Microsoft says that Protected Mode for IE 7 under Windows Vista is enabled by default only for sites within the Internet, Intranet, and Restricted zones. It is not enabled for Trusted Sites or Local Machine zones. Thus, you are likely to see the Protected Mode icon switch from On to Off and back again as you move between sites that fall within different Internet Explorer zones. To remedy this, Microsoft says you must enable or disable Protected Mode for Trusted Sites or Local Machine zones yourself.
… Read more