<ga********@myway.com> wrote in message
news:11**********************@u72g2000cwu.googlegr oups.com...
Oh i see so its like the thing you see when you're installing applets
accross the internet and it asks if you trust the source... that's how
it differentiates malicious code from non malicious, if the user is
willing to click the 'i trust this' button!
thanks now I see what it means by malicious code
Not entirely, but close. By providing fairly fine grained access control
over alot of features, the runtime offers levels of trust. Code run from the
internet, for example, probably will not have read/write access to the
registry or file system(other than isolated storage) or be capable of
calling into Win32 directly or accessing memory or what have you. This keeps
untrusted code from doing very bad things.
The trust system expands to the application level as well. A program that
uses plugins can, if written properly, restrict what the plugins are
permitted to do, programs that use .NET based scripts\macro's could restrict
the feature set macro's are permitted to have, and so on.
Still, this doesn't save you entirely. A user who is willing to move the
application into a more trusted zone will still run risks. It is a step, but
the user has to be careful too.