A site devoted to discussing techniques that promote quality and ethical practices in software development.

Wednesday, May 21, 2008

Microsoft still does not understand security.

It is good to see Microsoft is trying to force their user to give up their love for running Windows in Administrator's account.

But I wonder whose fault is that that induces Windows Users' to fall in love with running in Administrator's account? Certainly not Linux and Unix nor Mac as they do not set up user's account with Administrative rights.

As I have blogged previously, Microsoft could have nipped the bud when it was beta testing Windows 2000 which began to enforce profile security. Microsoft all along has not provided any developer's assistance to toe the line. Instead it makes its installer to set up users with Administrative privilege.

Microsoft's representative seems to contradict himself with comment like this in defense of not following the Linux/Mac modus operandi:

"Least privilege permissions are a part of a good defence-in-depth strategy but it's not the endgame. If everybody is logged-in not as admin or not as root, it is really not going to stop the malware in the long run ... malware is not going to disappear," Grimes told AusCERT delegates.

Grimes added malware could infect a computer using various attack vectors but if the user is not an administrator, the attacks are generally less dangerous.

"Can a malware program steal your password if you are not an administrator? Can [criminals] create a program that waits for you to log into your bank, authenticate and then take all your money? The short answer is, yes, absolutely," he added

No one is suggesting not running at root account is going to prevent malware attack absolutely or the disappearance of malware. Running in LUA, reduced the attack surface and it makes the attack harder to implement as acknowledge by Grime.

Another instance to demonstrate Microsoft does not understand security and still breeding an army of developers with a myopic view of security.

Recently we have discovered that developing strong name assembly in Vista using Visual Studio 2008 requires the IDE to run as administrator. It does not require administrative right to do the same task in XP Pro despite running in LUA. One naturally begs to ask why?

Not only is this stupid but downright dangerous. The reason is that the developers are writing code that could do all sort of stuff a standard users cannot. This results in program that does not run in XP LUA but runs in Vista with the support of UAC redirection. I would have thought Microsoft would not only encourage but demand developer to write code requiring the Least Privilege.

It is causing the same very problem that Microsoft is trying to stamp out. It is a bit late to close the gate when the horse has bolted.

Looks like Microsoft only half-hearted attempting "to break away from its tradition of users being an administrator by default."

No comments:

Blog Archive