Running internet applications with low rights

Assignee

• Microsoft Corporation · US

Inventors

• Roberto A. Franco · Seattle, US
• Anantha P. Ganjam · Sammamish, US
• John G. Bedworth · Redmond, US
• Peter T. Brundrett · Seattle, US
• Roland Tokumi · Issaquah, US
• Jeremiah S. Epling · Woodinville, US
• Daniel Sie · Bellevue, US
• Jianrong Gu · Bellevue, US
• Marc A. Silbey · Seattle, US
• Vidya Nallathimmayyagari · Redmond, US
• Bogdan Tepordei · Sammamish, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/53
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.