It's been way too long, but I'm going to force myself to find the time to get more "least-privilege" information posted here. Most of my posts til now have been about ways for those of us who administer our own machines to run Windows as a non-admin, invoking administrator privileges only when truly needed. That's one of the "least-privilege" challenges of Windows today. There is another (possibly bigger) challenge: what about users who should always run as non-admin? The 10,000 "information workers" in your enterprise, the children on your home computers -- you do not want to give them the administrator password (directly or indirectly), or have them making security decisions about when administrator privileges should be used. Yet they need to run programs with "LUA bugs" -- programs that don't work unless they run with administrator privileges. How can those users run as non-admin?
Too often, this second challenge is addressed by simply having the users/children run as administrators, by unsafely opening up access control to large portions of the file system and registry, or by "encrypting" an admin password into a special program that runs another program with admin privileges.
In upcoming posts, I'll write on topics such as:
- What exactly is a "LUA bug"? (And what isn't a LUA bug?)
- A systematic approach for working around LUA bugs that avoids unnecessary exposure
- How to identify LUA bugs using Regmon and Filemon
- "LUA BugLight" (a new tool for identifying LUA bugs -- still in development!)
It's good to be back!