How the integrity mechanism is implemented in Windows Vista
The Windows integrity mechanism is used in a number of ways in Windows Vista. Its main purpose is to restrict the access permissions of applications running under the same user account that are less trustworthy. The mechanism prevents less trustworthy code from modifying objects at a higher level. Most objects under the control of the Administrators group or System have a discretionary access control list (DACL) that typically grants full control permission to Administrators and to System, and read and execute permission to authenticated users. Examples of resources under control of the Administrators group and System are the Program Files directory for applications or the HKEY_LOCAL_MACHINE hive of the registry.
[ Read more ]
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.