Good to see you again - odd that you should mention Barrayar, since I just last night fished Shards of Honor from the shelf to re-read. (Odd for me, of course, not for you. The only thing strange about coincidence is that it doesn't happen more often, as the man said)

Can't you limit privileges on a web browser without hauling in a third-party program to do it for you? That seems weird to me.

An intelligently-designed operating system can do this, but Microsoft didn't until Windows Vista. The access privileges of a program are generally a corollary of the privileges assigned to the user account logged into the operating system. In Windows XP, the default user account is a Computer Administrator account. It's possible to create a second user account without system privileges and log in with it for ordinary day-to-day use of the OS. And, in fact, this is the default procedure in most business environments -- but not in a home environment

This is one of the reasons that so many Linux geeks swear at Microsoft. Non-Windows operating systems are generally programmed, by default, to log the user in with a limited account. This account can temporarily assume administrative privileges when the operator is prompted to enter an administrative password. Microsoft eventually incorporated this feature into Vista.

But before that, Windows users in a home environment have to go out of their way to log in and work with a limited account. It's possible, but Microsoft doesnn't encourage it, and most people don't do it. Third-party utilities can correct this in XP by scaling down the privileges of a "dangerous" application that's run with Administrator privileges. This is essentially how antivirus companies have made a living with Windows for the past ten years. But they only "scale down" the application privileges when an alarm bell is set off by some process that's on a list of known hostile attacks. You can make a home Windows computer generally safer by scaling down privileges of applications like a web browser or an email client yourself -- aside from the triggers built into an antivirus program. This is what that second entry on Examiner.com is about.

Edited at 2009-06-28 07:30 am (UTC)