14 DAY TRIAL // Protect Mode for Firefox running on top of Windows Vista is a feature that Mozilla is not rushing to the market. Among the various security mitigations that Microsoft has introduced concomitantly with Vista is Internet Explorer 7 Protect Mode. Although IE7 is also available for Windows XP, Protect Mode is a feature exclusive to Vista. Running IE7 in Protect Mode is a process intimately connected with Windows Vista's User Account Control. In this manner, Microsoft drastically reduces the attack surface in the eventuality that the browser's processes are taken over. IE7 in Windows Vista runs by default with low user privileges, and the file system and registry are off limits.
"Internet-facing applications such as browsers are inherently at a higher security risk than other applications because they can download untrustworthy content from unknown sources. IE7's Protected Mode leverage's Windows Vista's UAC, MIC and UIPI features to boost browser security. In IE7's Protected Mode-which is the default in other than the Trusted security zone-the IE process runs with Low rights, even if the logged-in user is an administrator. Since add-ins to IE such as ActiveX controls and toolbars run within the IE process, those add-ins run Low as well," stated Mike Friedman with the Internet Explorer Security Test Team back in February in a presentation of Protect Mode.
Protect Mode does not make IE7 impenetrable. However, it does provide an extra layer of defense. And Mozilla was questioned over the implementation of Protect Mode with its open source browser. The foundation is constantly improving Firefox support on Windows Vista. The Firefox 2.0.0.4 security and stability update made available at the end of May is just such an example. However, Firefox on Vista still has some issues such as incompatibility with the Java Console extension and the fact that the open source browser is not the default browser for some applications installed on the operating system. Additionally, the Firefox Windows Media Player plugin does not come with Vista, and the browser also features problems when it comes down to the operating system's Parental Controls.
Mozilla still has to take care of a good deal of issues for Firefox on Vista, and apparently, Protect Mode is by no means a priority. At least not for Firefox 2.0, maybe version 3.0 of the open source browser will bring something new in this respect. Mike Schroepfer, VP of Engineering at the Mozilla Foundation, cited by ZDNet revealed that "we believe pro-active and rapid patching of security vulnerabilities is still the best defense. Having said that we also believe in defense in depth and are investigating protected mode along with many other techniques to improve security for future releases."