Language Selection

English French German Italian Portuguese Spanish

Fewer permissions are key to Longhorn security

Filed under

Software engineers who attend Microsoft's (Profile, Products, Articles) annual Windows Hardware Engineering Conference later this month could get their first taste of a new Windows user permissions model that could change the way thousands of programs are developed and run. But as the company prepares for the final Longhorn development push, questions remain about its plans for a new user privileges model called Least-Privilege User Account, or LUA.

Microsoft claims that LUA will make life tougher for hackers and virus writers by limiting access to administrator permissions on Windows systems. But the company has been mum in recent months about its plans for implementing LUA in Longhorn, and it is considering incentives to encourage adoption of LUA (pronounced "Loo-ah") by skeptical ISVs (independent software vendors), including a new logo program for LUA compliance, according to interviews with ISVs and industry experts.

Least permissions is a principle of computer security that recommends giving software applications and their users no more privileges on an operating system than are absolutely necessary. Widely accepted within the software development community, least permissions has often been overlooked in recent years, as operating system and application software companies worked to make it easier to use software, said John Pescatore, vice president of Internet security at Gartner.

Microsoft said it will encourage the use of least permissions in Longhorn by making it easier for users to do common tasks without administrator privileges. For example, the company may modify Windows so reduced permissions users can alter display and power management settings on their machine and use VPN (virtual private network) technology more easily. Other changes will allow developers to create per user installations of applications, with user-specific settings saved in the "my programs" folder, rather than a globally accessible program files directory that requires administrative permissions to change, according to documents and presentations on Microsoft's Web page.

Full Story.

More in Tux Machines

Ubuntu 17.04 "Zesty Zapus" Now Tracks Linux Kernel 4.9, Could Ship Kernel 4.10

On October 27, 2016, Joseph Salisbury from the Ubuntu Kernel Team has published yet another newsletter to keep Ubuntu Linux users in the loop with what Canonical is planning for the upcoming Ubuntu 17.04 operating system. Read more

APIStrat Boston to highlight link between APIs and open source projects

This year's API Strategy and Practice (known as APIStrat)—to be held in Boston on November 2-4—has a strong open source component running throughout the event, and with little wonder. Successful API strategies more often than not either contribute new open source projects, or draw on the rich source of tools already built by the open source community. The API mindset has always lent itself to an open source ethos. APIs are all about opening up internal assets, data, and systems in order to connect and collaborate with a wider ecosystem of partners and end users. Amongst leadership businesses that have a strong API strategy, seeing so many contribute and use open source projects is not surprising, and this is reflected throughout this year's APIStrat program. After all, two of the key specifications formats that are used across the industry to describe APIs—the Open API Initiative and RAML—are both open source projects. Projects like Mashape's Kong and Tyk's API Gateway are both open source and gaining greater recognition and uptake. Read more

NetBSD 7.0.2 Operating System Officially Released, Available for Download Now

On October 27, 2016, NetBSD Project, through Soren Jacobsen, proudly announced the release and general availability of the second maintenance update to the NetBSD 7.0 operating system. Read more

AMD Rolls Out AMDGPU-PRO 16.40 Driver for Ubuntu and Red Hat Enterprise Linux

AMD released a new version of its new AMDGPU-PRO graphics driver for GNU/Linux distribution, bringing support for the Red Hat Enterprise Linux (RHEL) operating system, besides Ubuntu. Read more