"Problems of Privilege: Find and Fix LUA Bugs" in TechNet Magazine



My ramblings have now been published in a more reputable venue than blogs.msdn.com.  Pick up the August 2006 issue of TechNet Magazine, or see it here on the web:


Problems of Privilege: Find and Fix LUA Bugs


BTW, in the US you can subscribe to TechNet Magazine for free:


http://www.microsoft.com/technet/technetmag/subscribe.aspx


 


 

Comments (5)

  1. Jeff Stong says:

    Aaron Margosis recently posted that he’s got a new Microsoft Technet magazine article about finding and…

  2. Laurent says:

    Hello,
    Our users have always worked with LUA and we are happy that way.
    Recently a software vendor became angry at us because he could not understand that our users could not create a folder in “Program files”. “Nonsense !” he said, he also added that in all other companies he has been installing his software the users could do such thing (but I have a hard time believing that). I came across your web site while looking for “references”, in case I’ll have to explain and justify our position to the management.
    Sometimes there is a real pressure from users/management/consultant who want the right to mess up with their computers (and the entire network).
    So thank you for this excellent blog.

    You’re welcome! 🙂  You can tell the vendor that the developer guidance has been consistent for a very long time — applications should not store data — especially user data — in the Program Files folder.  See this topic on MSDN for more information.

    — Aaron

  3. McoreD says:

    Some developers do listen and kindly fix these LUA bugs. Most of the time they are not aware of it because developers code and test as Administrators.

    VideRoDo latest beta fixes a LUA bug after I reported the bug inspired by this great blog.

    http://www.videoredo.net/msgBoard/showthread.php?t=2821&page=2

  4. Dan M says:

    Sadly TechNet Magazine isn’t free unless you are a US resident.

    Bummer.

    Oops.  Thanks for pointing that out — I’ve corrected the post.

    — Aaron