Fewer permissions are key to Longhorn security

Software engineers who attend Microsoft’s annual Windows Hardware Engineering Conference later this month could get their first taste of a new Windows user permissions model that could change the way thousands of programs are developed and run. But as the company prepares for the final Longhorn development push, questions remain about its plans for a new user privileges model called Least-Privilege User Account, or LUA.


Microsoft claims that LUA will make life tougher for hackers and virus writers by limiting access to administrator permissions on Windows systems. But the company has been mum in recent months about its plans for implementing LUA in Longhorn, and it is considering incentives to encourage adoption of LUA (pronounced "Loo-ah") by skeptical ISVs (independent software vendors), including a new logo program for LUA compliance, according to interviews with ISVs and industry experts. Least permissions is a principle of computer security that recommends giving software applications and their users no more privileges on an operating system than are absolutely necessary.


Widely accepted within the software development community, least permissions had often been overlooked in recent years, as operating system and application software companies worked to make it easier to use software, vice-president of Internet security at Gartner, John Pescatore, said Microsoft said it would encourage the use of least permissions in Longhorn by making it easier for users to do common tasks without administrator privileges. For example, the company may modify Windows so reduced permissions users can alter display and power management settings on their machine and use virtual private network (VPN) technology more easily. Other changes will allow developers to create per user installations of applications, with user-specific settings saved in the "my programs" folder, rather than a globally accessible program files directory that requires administrative permissions to change, according to documents and presentations on Microsoft’s Web page.


Microsoft also proposed application manifests, which allow developers to define the permissions an application needs to operate properly and can be signed by ISVs to ensure their integrity. Deployment manifests, signed by IT departments, will allow network administrators to dictate how much trust an application should have on the network, according to the documents.


The changes are intended to revive an important security concept that has been a low priority among many Windows users and application developers.


"I don’t think the notion of application runtime permissions are either well understood or well handled," Web application development company Vertex’s chief architect, Jason Rimmer, said. "Coming from Unix, you’re used to asking ‘Does this run under root or not?’ But Windows operators have never had to consider that. LUA will force that choice on people."


For example, Windows programs commonly save user-specific files to critical areas of the operating system, such as the program files directory or protected parts of the Windows registry, which stores configuration information and is off-limits to regular users, wrote co-founder of Pluralsight, Keith Brown, in an MSDN document on LUA from April 2004.


Read the rest here


Very interesting article!

Leave a comment

Filed under Windows Longhorn

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s