Creating an OOB with silverlight is very easy and I think it is a good thing. However, it is also easy to create an application that require higher privilege and with only one click, a user can "allow" the program to do everything on his computer.
Am I correct? Am I correct to feel we are gone back to IE 6's days when executing a harmful activex was so easy?
"Desktop" .Net framework use a Code Access Security to reduce the threat perimeter. Does SL too?
On
Trusted Silverlight OOB App on Windows should be considered as dangerous as EXE. That is because with little help from COM interop it can download EXE file to the user's computer and execute it.
Check out Silverlight security whitepaper for some extra information: http://download.microsoft.com/download/A/1/A/A1A80A28-907C-4C6A-8036-782E3792A408/Silverlight%20Security%20Overview.docx
Silverlight implements many mitigations to make this less scary than you think it is.
OOB apps are, by default, sandboxed - so most of them should have no more permissions than an app in-browser would have.
OOB apps (on Windows) intentionally restrict their security token when launching, so even if launches as an admin, they strip themselves of admin rights and re-launch (sllauncher.exe does this, the app has no say in it).
There is a registry key that can be set at the HKLM level that allows administrators of, say, corporate networks to disallow all installations of OOB apps, or to disallow only the installation of (or running of) Trusted Applications. So, with a little group policy, the user can't even run these if they want to - compared to an EXE, which they surely can run under their own security context.