14 DAY TRIAL // In order to bulletproof Internet Explorer 7, Microsoft has introduced Protect Mode in Windows Vista. In Microsoft's latest operating system, the browser is set by default to run with very low administrative privileges in order to add protection and to mitigate attacks via the IE. However, it is important that you get an idea of the exceptions associated with the functionality of IE7 Protect Mode.
For Internet, Intranet and Restricted zones, Protect Mode is enabled by default, and it is disabled for the Trusted Sites and Local Machine zone. Users are able to either enable or disable Protect Mode according to their liking. They only have to navigate to Internet Options > Security tab > Zone > and check or uncheck the "Enable Protected Mode" checkbox. In the right corner of the Internet Explorer 7 status bar, you will be able to verify the status of Protect Mode at all times. On occasions, even if you have enabled protect Mode via the Internet Option dialog, the status bar will inform you that the feature if off. This is because of the exceptions that I was talking about earlier.
Sharath Udupa, a developer on the IE team has outlined all these exceptions: User Account Control (UAC) is disabled, IE is running with Administrator privileges and IE is navigated to a local HTML page. IE7 Protect Mode in Windows Vista relies on some of the protections set in place by the User Account Control such as UI Privilege Isolation (UIPI). If the UAC is disabled, so is Protect Mode.
If you right-click the IE7 icon and choose to execute the browser with elevated privileges, then Protect Mode will automatically be turned off. The same scenario is valid for installers, setup programs or applications that run IE7 with administrative privileges as a part of an elevated process.
"When the page being viewed is a local file, Protected Mode is turned OFF since the contents of the page are considered safe. Caveat: If the page was saved from a zone (for example Internet) which has Protected Mode enabled, then Protected Mode is turned ON," Udupa explained.