文件系统文件系统注册表注册表网络网络IE低权限模式IE代理进程缓存浏览页面临时文件目录UserKernelAdminSystem Services1.Few layers2.Mostly privileged3.Limited guards between layersSystem ServicesDDDUser Account Protection(LUA)Service HardeningAdminService 1DDDKernelService 2Service 3DDDLow Privilege ServicesLow rights programs1.Increase#layers2.Segment services3.Reduce size of high risk layersLUA UserSvc 6Svc 7User mode driversWindows Vista Security:http:/ Driverhttp:/ 7http:/