Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Pitches LUA Security Repository

Posted by ryuzaki0 on from the come-together dept.

corp-dollar writes "According to this eWEEK story on the poor adoption of LUA (least-privileged user account) in Windows, a pair of Microsoft security consultants are pitching the idea of a security deployment repository to serve information and tools to handle LUA bugs and other problems businesses are facing. Sounds like a decent enough idea to cut back on the compatibility problems when trying to run business apps in no-admin mode."

4 of 158 comments (clear)

  1. Those who do not understand unix... by Saint+Stephen · · Score: 3, Insightful

    Those who do not understand unix are condemned to reinvent it, poorly.

    I dont' think I've ever seen a more apt example of this aphorism.

  2. LUA ignored by developers too by ncw · · Score: 4, Insightful
    From the article :-

    The LUA principle, which promotes the use of accounts with fewer access rights than Administrator accounts, has been largely ignored by end users, but if Aaron Margosis and Shelly Bird have their way, code writers will have a central place to get tools and training to create least-privilege applications.
    Coming from a unix background, when I set up a computer for my children with Windows XP, I decided to make sure that the children each had their own user account, and that none of those user accounts had administrator priviledges.

    The first bit of that plan went down very well - they love having their own user accounts. However almost none of their games/software run as anything except Administrator, even games which say on the box "designed for windows XP".

    I end up having to make a custom runas command for each one with /savecred - the windows equivalent to chmod u+s. This is a PITA to setup, insecure and doesn't work for all their software. There is some we've just had to abandon since it just won't work like that.

    So please, software developers, check your software works without admin priviledges!

    --
    Every man for himself, all in favour say "I"
  3. The two chief problems by Alioth · · Score: 4, Insightful

    The two chief problems with LUA in Windows are:

    - The Windows programming culture assumes a single user, single tasking computer.
    - Users on Windows are administrator by default

    The first is the developers fault, the second is Microsoft's. At least Microsoft are trying to fix their end. But even 4 years after Windows XP was released, software is being released by developers who should know better that still require either admin rights or much tinkering to get to run as non-admin. The most recent one I encountered was an application for BACS payments a couple of weeks ago - their tech support's answer was "run as admin". I managed to get it to work for non admins (since this was on a Windows domain) only by caclsing (aka chmodding) the application's directory writeable by all!

    It's obvious that the developer had simply not tested the program as non admin.

    --
    Oolite: Elite-like game. For Mac, Linux and Windows
  4. Blame the user by lheal · · Score: 3, Insightful
    I know running as admin is bad in principle, but from TFA:
    Despite the fact that LUA is accepted within software security circles as a key to reducing damage from malicious hacker attacks, Margosis said a large percentage of customers still run Windows with full admin rights, making them sitting ducks for malware attacks that rely on "maximum privileges."

    First all this malware spreading around was because we didn't have firewalls. Now it's because we're all running with admin rights. Never mind that it's the OS default, it's obviously our fault that all these bugs keep surfacing.

    Of course, the next whipping boy is that faceless developer out there who wakes up one morning and decides to violate basic programming principles like Least Privelege. But it's not the developer's fault.

    The problem for the developer is that Windows makes it difficult to do anything but run as admin. The environment assumes single-user, multiple apps, but not multiple users. It was designed with one user in mind, and the multi-user stuff layered on later.

    But the real problem with complaining that we're violating Least Privilege is that it's a Redmond Herring (TM). It's ignoring the big problem, which is that since Windows source code is closed, no one without a vested interest in keeping bugs hidden can look at it.

    You want a security principle violation? Hiding your code is the biggest one there is.

    --
    Raise your children as if you were teaching them to raise your grandchildren, because you are.