In a lates post on IE team blog, Microsoft’s Andy Zeigler, Senior Program Manager, Internet Explorer, describes how the new “Enhanced Protected Mode” in IE10 helps keep data safe even if an attacker has exploited a vulnerability in the browser or one of its add-ons.
Protected Mode, which was added in IE7 for Windows Vista, is defense in depth feature that helps prevent attackers from installing software or modifying system settings if they manage to run exploit code. It’s an extra layer of protection that locks down parts of your system that your browser ordinarily doesn’t need to use.
“For example, your browser doesn’t usually need to modify system settings or write to your Documents folder. Protected Mode is based on the principle of least privilege — by reducing the capabilities that Internet Explorer has, the capabilities available to exploit code are reduced as well” explains the team. “Enhanced” Protected Mode takes this concept further by restricting additional capabilities.
“Metro style Internet Explorer always runs with Enhanced Protected Mode enabled – there isn’t anything that you need to configure – just browse. Because Metro style Internet Explorer offers plug-in free browsing, the compatibility impact of this security feature is minimal,” Zeigler said.
Many add-ons, such as Adobe Flash and certain toolbars are not yet compatible with Enhanced Protected Mode. Some Web sites still require Adobe Flash in order to work, and some users enjoy the additional functionality offered by some toolbars.
Zeigler explains, “In Windows 8 Beta, Enhanced Protected Mode can be enabled in the desktop under Internet Options->Advanced. After you enable Enhanced Protected Mode, incompatible add-ons will automatically be disabled. If you encounter a site that needs an add-on such as Flash in order to work, you can disable Enhanced Protected Mode just for that particular Web site. This allows you to continue using the site, and have Enhanced Protected Mode enabled on the rest of the Internet. Keep in mind that you should only do this if you know and trust the Web site.”
Of course, if you prefer to browse without add-ons, you can always turn on ActiveX Filtering, which will prevent you from seeing this prompt.