Abstract: Described is a technology including an evaluation methodology by which a set of privileged code such as a platform's API method may be marked as being security critical and/or safe for being called by untrusted code. The set of code is evaluated to determine whether the code is security critical code, and if so, it is identified as security critical. Such code is further evaluated to determine whether the code is safe with respect to being called by untrusted code, and if so, is marked as safe. To determine whether the code is safe, a determination is made as to whether the first set of code leaks criticality, including by evaluating one or more code paths corresponding to one or more callers of the first set of code, and by evaluating one or more code paths corresponding to one or more callees of the first set of code.

Abstract: Described is a technology by which a managed web browser control hosts an unmanaged web OLE control to control navigation requests by the unmanaged web OLE control on behalf of partially trusted code. Site locking may be performed to constrain a site to navigation only to other pages within its site, thereby preventing navigation to an undesirable location. In one example, the unmanaged web OLE control communicates information corresponding to a navigation request to the managed web browser control, and the managed web browser control processes the information to establish whether the navigation is to be allowed or blocked. The benefits of site-locking with respect to privacy are also described, as is z-order management to protect against site spoofing.

Abstract: Described is a system and method by which an application program is evaluated for trustworthiness based on the permissions and/or privileges it requests relative to a program category. The program describes the permissions needed to operate, and identifies itself as belonging to a particular category. Security components compare the requested permission set against the permissions that programs of that category actually need in order to operate properly. Programs requesting more permissions than needed are deemed untrustworthy. For example, screen saver application programs need only a limited permission set to operate properly, including full screen access and the ability to read files, but do not need network access permissions or write access to files. Any screensaver application that requests only the needed permission set is deemed trustworthy, while others that request permissions beyond what is actually needed are not deemed trustworthy, and a user or automated policy process may then intervene.