Conclusion

UAC, Internet Explorer Protected Mode, and the integrity level model represent an entirely new way of thinking about security in the Windows world. Traditionally, Windows security has been a user-based model, where all processes that execute as a user were considered equally trusted. Windows Vista and Windows Server 2008 are the first steps towards changing this model to support the concept of a untrusted process (as opposed to an untrusted user). While this has the potential to significantly benefit end user security, as is the case with Internet Explorer Protected Mode, there are bound to be bumps along the way. Writing an integrity level broker process is difficult. It is very easy to make simple mistakes that compromise the security of the integrity level mechanism, as the appinfo issue highlights. The author would like to think that by shedding light on this type of programming error, future issues of a similar vein may be prevented before they reach end users.