<SET RANT ON>
Microsoft has added what appears to be the first
of a series of articles about least privilege to its TechNet site. That is
great; the more people see about it maybe the more they'll be encouraged to go
with it.
But the first article is totally lame. Here are the sections:
- Introduction
- The Security Principle of Least Privilege
- Issues When Running with LUA
- Secure Your Systems with LUA
- Moving Forward
Sounds reasonable, eh? Except that each section has only two or three short
paragraphs with bland generalities. The only practical information in
the article is a link to Aaron
Margosis's least privilege blog, which, alas, he hasn't posted to since
early September.
But the article up to the last section is tolerable. Light on details but
fine for awareness.
Where it really goes skanky is in the last section, Moving Forward. After a
summary it states, "Future articles about LUA will focus on the experience
in the "Longhorn" release of Windows and beyond." (Emphasis is mine.) Sigh.
So basically what the article does is says that you, dear Windows user, are
screwed for now, but as soon as we release the next version and you upgrade, all
will be stellar. Apparently the TechNet folks see no reason to provide any help
with coping with today's security threats today, but just can't wait to get us
upgraded to the next version.
That is, if the least privilege features of Longhorn don't join the many
others that have been cut.
<SET RANT OFF>
Sahil Malik, the System.DotNetAwareMonkey
blogger, has a cool,
simple idea for monitoring what suspicious stuff software is doing on your
drives, using a FileSystemWatcher object.
It doesn't substitute for a good spyware monitor, since spyware could do
nasty stuff just in memory, but it is a great way to monitor
things.