Coding Microsoft

Least Privilege and Longhorn Security

For long in Windows security experts have been advising all of us to have two different accounts. One with Admin privileges that you use rarely when you need to install something or do some system configuration. The other will be a normal user account with minimum privileges. The second type of account is even more important for a developer. This way the developer doesn’t assume admin privilege when he/she codes an application. So applications can run fine with least privileges. This will also prevent all trogans and malicious email attachments to cause chaos having been run as an admin user.

Personally I feel it will do lot of good for Windows World in general, if all developers in Redmond are denied Admin privilege for their own machines. For developers who really need it like System Drivers team it should be rationed out that too only for a given period. This way they get to feel what is the world without admin privilege, because in real world everyone will be fortunate (or unfortunate, depending your viewpoint) to have admin rights.

In this context, I got to read this well written article “Security in Longhorn: Focus on Least Privilege” by Keith Brown of DevelopMentor. I was happy to read that Microsoft is finally doing something serious about this in Longhorn. They are making it easier/default for applications to run with least privileges. Read the article for the exciting details. I hope by the time Longhorn ships MS doesn’t succumb to compatibility pressures and dilute this heavily.

What do you think about LUA in Longhorn, share your experiences in the comments section below.