Language Selection

English French German Italian Portuguese Spanish

Fewer permissions are key to Longhorn security

Filed under

Software engineers who attend Microsoft's (Profile, Products, Articles) annual Windows Hardware Engineering Conference later this month could get their first taste of a new Windows user permissions model that could change the way thousands of programs are developed and run. But as the company prepares for the final Longhorn development push, questions remain about its plans for a new user privileges model called Least-Privilege User Account, or LUA.

Microsoft claims that LUA will make life tougher for hackers and virus writers by limiting access to administrator permissions on Windows systems. But the company has been mum in recent months about its plans for implementing LUA in Longhorn, and it is considering incentives to encourage adoption of LUA (pronounced "Loo-ah") by skeptical ISVs (independent software vendors), including a new logo program for LUA compliance, according to interviews with ISVs and industry experts.

Least permissions is a principle of computer security that recommends giving software applications and their users no more privileges on an operating system than are absolutely necessary. Widely accepted within the software development community, least permissions has often been overlooked in recent years, as operating system and application software companies worked to make it easier to use software, said John Pescatore, vice president of Internet security at Gartner.

Microsoft said it will encourage the use of least permissions in Longhorn by making it easier for users to do common tasks without administrator privileges. For example, the company may modify Windows so reduced permissions users can alter display and power management settings on their machine and use VPN (virtual private network) technology more easily. Other changes will allow developers to create per user installations of applications, with user-specific settings saved in the "my programs" folder, rather than a globally accessible program files directory that requires administrative permissions to change, according to documents and presentations on Microsoft's Web page.

Full Story.

More in Tux Machines

Kubuntu 15.10 (Wily Werewolf) Now Has Latest KDE Plasma 5.4.2

Kubuntu 15.10 (Wily Werewolf) is almost ready for launch, but it looks like the developers are still pushing some important changes even this late in the cycle. Read more

Unicode 8.0 Support Added To GNOME's GLib

Within the latest development code of GNOME's key GLib library leading up to GNOME 3.20 is Unicode 8.0 support. Unicode 8.0 as released back in June adds 7,716 characters with six new scripts, many new symbols, and various character additions. Per this commit today by Red Hat's Matthias Clasen, GLib's Unicode support has been updated to version 8.0. Clasen wrote, "Regenerate data tables from the Unicode Character Database, add new scripts, and update tests to include some of the new data." Read more

Huawei Watch Review: Best Android Wear Smartwatch Available

The Huawei Watch currently offers the best option on the Android Wear platform. The Huawei Watch looks elegant and offers great design as well as multiple attractive style options depending on the buyer’s cash flow. Even iPhone owners can take a look. If an iPhone owner prefers a stainless steel round watch, then the Huawei Watch is a usable option at a lower price than the Stainless Steel Apple Watch. Android Wear works well on iPhone, but does not give users the same level of integration. The most important features work fine, including notifications and fitness tracking. We give the Huawei Watch a hearty recommendation. It is worth paying a little more for this attractive and well-designed Android Wear smartwatch. Read more

Linux Kernel 4.1.10 LTS Is Now Available for Download with Networking Fixes

After announcing the release of the Linux 4.2.3 kernel, Greg Kroah-Hartman has informed the world today, October 3, about the release and immediate availability for download of the tenth maintenance version of the Linux 4.1 LTS kernel series. Read more Also: Linux 4.3-rc4 Kernel Released: Adds A New & Better String Copy Function Linus Torvalds Announces Linux Kernel 4.3 RC4 on the Eve of the Project's 24th Birthday