[Bush2000]

I don't get why this wasn't the way before. Why not turn on vulnerabilities instead of having to know all the doors to close?

Well, actually, Windows does support restricted accounts already. The difference is that MS will actually enforce the use of restricted accounts for users with OEMs.

Help me out a bit on this one. My (quite limited) understanding is that IE is the GUI or a required dll for the GUI, and that this one of the main reasons IE exploits have such damaging capability. Anywhere near correct?

IE is just an application. Sure, it's integrated into the OS. But the fact of the matter is that it's essentially just an app. From what the press reports say, MS will make IE run with reduced privileges, even if you happen to be logged in as Administrator (aka root). So, even if exploits occur, buffer overflows, hijacking the registry, and other kinds of attacks will not work due to restricted privileges.

[D-fendr]

Thanks very much for your reply:

From what the press reports say, MS will make IE run with reduced privileges…

That's good news, and if it is integrated with restricted accounts, hopefully it will make exploits using Active-X and VBS less of a possibility.

vastly better security is a compelling reason to upgrade -- and MS apparently realizes this.

Do you have any thoughts or information on backward compatibility of apps with Longhorn?

Appreciate your replies and discussion...