Thanks for the clarification. I have yet to use Vista, so I was going off of what I have heard from others. - Jon -----Original Message----- From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Ken Schaefer Sent: Tuesday, June 12, 2007 8:34 AM To: thelist at lists.evolt.org Subject: Re: [thelist] Safari on Windows Programs do not run as a low access level in Vista - by default. If you are an administrator then you get a "split" security token when you logon. You need to "elevate" your privileges (which gives you access to the full set of rights that your token should have). To elevate your privileges you need to click on the "allow" button. If you are a non-Administrator then instead of a allow/cancel option, you are instead prompted to enter administrative credentials (similar to su, or runas in previous versions of Windows). Now there is something call Mandatory Integrity Control (apologies for the ridiculously long link): http://www.adopenstatic.com/cs/blogs/ken/archive/2006/08/18/Why-Vista_3F 00_-M andatory-Integrity-Control-_2800_MIC_2900_-_2800_Security_2C00_-Stabilit y_2C0 0_-System-Integrity_2900_.aspx or tinyurl: http://tinyurl.com/3bkvhw Internet Explorer runs in a lower that normal integrity level (assuming you have UAC on). That provides an additional level of protection, since lower integrity level processes can not change files that have a higher level integrity specified in their SACL. This is why you get more than usual prompts when using IE to perform privileged operations (e.g. save a file into a restriction folder like %systemdrive%\windows) Cheers Ken -----Original Message----- From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Jon Hughes Sent: Wednesday, 13 June 2007 1:15 AM To: thelist at lists.evolt.org Subject: Re: [thelist] Safari on Windows Not on Vista(from what I understand, all programs run in a very low access level in Vista - unless you disable the "cancel or allow" thing) But in WinXP, yes. Every program has the potential to run as the level you are logged in as. -----Original Message----- From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of Joel D Canfield Sent: Tuesday, June 12, 2007 8:11 AM To: thelist at lists.evolt.org Subject: Re: [thelist] Safari on Windows > Seriously, though. It could allow remote execution on your PC > (essentially install any software it wants) right; got it. to continue my eddicashun, and hoping it's not too off-topic, if the browser allows remote execution, is it acting as something other than the anonymous web user? as in, I'm an administrator on my own WinXP box, so it has godlike powers? faaaaaaar too long away from networking to have a grip on this stuff anymore thanks again joel -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt !