Tweaking Legacy Installers

Last time I talked about legacy applications, I hinted at a hole in the UAC model that could be exploited by a social engineering attack.  The issue lies in the “installers” category.  Because it’s a legacy app and doesn’t have a manifest, Windows doesn’t have any way of knowing whether an installer actually needs elevation…


Categories of Legacy Applications

If you’ve used Vista, you’ve probably been exposed to the UAC dialog.  It’s the security dialog that pops up when the screen goes gray, and asks you permission to perform a task which requires admin-level elevation.  The idea behind it is that once programs are written for Vista (with UAC in mind), they’ll sort themselves…


More posts eventually!

It’s that time of year, it seems.  I was down with the flu last week, and I’m trying desperately to catch up this week.  I promise I’ll get more posts up soon.  I’m doing some WASAPI playback library stuff right now and I’m just dying to do a couple of articles about the new Vista…


Vista Now Available

After months of waiting it’s released.  Go out and get yourself a copy already!


If it doesn’t just work, then it doesn’t work.

I’m passionate about usability, even to the point that my co-workers accuse me of whining.  I can’t really help it.  I have to applaud products and features that streamline a task, are intuitive, and fit well into the workflow.  And when a feature unnecessarily complicates the task, I have to call it out.  Poor usability goes…


And for my encore… Sleep.

As you’ve almost certainly heard by now, we’ve finished.  Windows Vista has shipped, and our mantle has passed on to the manufacturers, who now have a little over two months to stuff a hundred million DVDs into boxes and put them onto store shelves everywhere. For those of you outside the company, this date really…


Should you use Vista? I do.

I’m completely switched over.  Aside from my two linux servers, every machine I run is on Vista, and the OS isn’t even finished yet.  Since Beta 1 we’ve been asked to “Self Host” – to run Vista on our primary development and productivity machines.  On early Beta 1 builds, the stability wasn’t so good, and…


The Dancing Bunnies problem and the need for application-level security

Raymond today has a discussion up about the folly of trying to set security with a granularity of per-DLL.  As he explains, the moment you let something untrusted run in your process space, you cannot trust anything in the process.  You cannot wall off a DLL or a section of code from the rest of the…