@Dietrich T. Schmitz wrote:
“MS have seen fit to feather their own nest, namely to make IE run in protected mode, and sandboxing their Office 2010 product. All other software vendors are left to deal with their own defensive measures. So, I would agree that security should be the O/S’s responsibility.
Integrity levels are part of the Windows Vista/7 OS:
“What is the Windows Integrity Mechanism?
http://msdn.microsoft.com/en-us/library/bb625957.aspx
and they were used to create IE protected mode and Office 2010 protected view, effectively sandboxing IE (including Flash Player with Adobe’s assistance) and Office 2010 apps.
As for 3rd party software on Windows, Google’s Chrome browser and Adobe’s Reader X both rely on Windows integrity levels for sandboxing in Windows Vista/7. Here’s a resource Microsoft makes available to any parties wishing to sandbox their application:
“Designing Applications to Run at a Low Integrity Level
http://msdn.microsoft.com/en-us/library/bb625960.aspx
And some directions for sandboxing Firefox using Windows integrity levels:
http://www.h-online.com/security/features/Vista-s-Integrity-Levels-Part-2-747338.html
It’s really no more difficult than with LSM on Linux using AppArmor, SELinux or Tomoyo. Unless you’re using SuSE or Mandriva as these distros have provided their users with a GUI, making it relatively easy to create (and modify) app profiles or policies (SuSE uses AppArmor and Mandriva uses Tomoyo).
Article source: http://www.zdnet.com/blog/hardware/report-finds-firefox-security-lacking/17029