14 DAY TRIAL // Protect Mode is a feature that Internet Explorer 7 running on Windows Vista and Windows Server 2008 brought to the table working in conjunction with the User Account Control to make the browser run with the lowest possible privileges in order to increase security. The mitigation however proved a tad nagging under certain usage scenarios, and Microsoft went on to disable the feature by default in Internet Explorer 8, but only for the Local Intranet Zone. Otherwise, Protect Mode in Internet Explorer 8 Release Candidate 1 continues to behave in the same manner as IE7 under Vista.
The difference with IE8 is that the browser will no longer force the user to switch to a new window when navigating between websites operating under different integrity levels. In IE7 the user was presented with a message revealing that a new window would have to be opened in order to display the websites that were in different security zones.
“Further navigation would be forced to occur in a new window,” revealed Veena Karanam, Escalation Engineer, Microsoft. “By default, Protected mode is enabled for the Internet zone and it is not enabled to the trusted sites zone on Windows Vista. This causes navigations between web sites located in the Internet Zone and web sites located in the Trusted Zone to trigger the above dialog. To avoid, new windows from being opened when users navigated across Internet/intranet zones, on IE7, Protected mode was enabled in the intranet zone as well.”
In Internet Explorer 8 such a configuration is no longer necessary since the browser brings to the table the Loosely-couple IE (LCIE) feature. Essentially, what IE8 does is to isolate the browser frame and its tabs as well as to force components to resort to asynchronous communication. What this means is that in Internet Explorer 8 the actual frame of the browser is isolated from the tabs running different websites.
“With LCIE, each IE8 tab process can maintain a different integrity level (IL). This will keep IE8 from spawning a new window for navigations between different Integrity levels within the different IE tab processes that may be open. Hopefully, disabling Protected mode for the Local Intranet Zone will mitigate some of the pain points associated with running applications within that zone on Vista and 2008 Server,” Karanam added.
Internet Explorer 8 (IE8) Release Candidate 1 (RC1) is available for download here.