Browsing the Web and Reading E-mail Safely as an Administrator, Part 2
Michael Howard has written a follow up to an earlier article where he outlined how to programatically make web browsing and reading e-mail safer for administrators. In this latest article, he provides instructions on how to do the same thing using SAFER (also known as Software Restriction Policies - SRP) with local or enterprise policy to reduce potential threats against these kinds of applications.
<quote who="Michael Howard">
In my last article, Browsing the Web and Reading E-mail Safely as an Administrator, I outlined how you can programmatically spawn a process that runs with reduced privilege, even if you are logged on as an administrator. The aim was to run processes performing Internet functions (applications most subject to attack), such as Web browsers and e-mail clients, in reduced privilege to decrease the damage potential of any malware using these agents as attack vectors.
Windows XP and later support this capability using a technology called Software Restriction Policies, also known as SAFER. There are two ways to use SAFER. One is through APIs like SaferCreateLevel and SaferComputeTokenFromLevel, which is outlined in my last article. The other, and the subject of this paper, is through local or enterprise policy.
[more...]
</quote>
One comment I feel I should make is that this technique does actually use and undocumented feature of SAFER. This really shouldn't be a problem, but "Caveat Emptor" (that is, be aware that the feature in question was left undocumented for a reason - perhaps it was not as thoroughly tested as the features that were documented)
