New Book: Writing Secure Code for Windows Vista

Even though we (kinda) promised our wives we wouldn’t do it, David LeBlanc and I have just wrapped up another book, Writing Secure Code for Windows Vista. (ISBN: 9780735623934, ISBN-10: 0-7356-2393-7.)

It should be available around mid-April 2007.

It’s a short book, around 230pp, and covers many of the defenses we built into Windows Vista and explains how you can take advantage of them in your own software. I think everyone knows that security is as strong as the weakest link, and it’s critical that applications that run on Windows Vista be as secure as possible, and that means taking advantage of the defenses we offer.

It’ always a pleasure working with David and this is the fourth book we’ve written together. First, he’s a great writer and produces quality prose (most of the time!) on time (sometimes 🙂 and high-quality code samples. Second, we counter-balance each other, David works in the Office team, so he’s a Windows consumer, and I work in the Windows division. This means David can see things I just don’t see because I’m so close to the product – after all, Windows components only run on one Windows version at a time, and Office typically runs on three different versions of Windows – I believe that both viewpoints are critical for readers of the book. He also catches most of the bugs in my code.

Here’s the table of contents.

Chapter 1 Code Quality
Chapter 2 User Account Control, Integrity Levels, and Tokens 
Chapter 3 Buffer Overrun Defenses 
Chapter 4 Taking Advantage of Network Security Features and Defenses 
Chapter 5 Creating Secure and Resilient Services 
Chapter 6 Taking Advantage of Internet Explorer Defenses 
Chapter 7 Cryptographic Changes in Windows Vista 
Chapter 8 Authentication and Authorization 
Chapter 9 Miscellaneous Defenses

I think most of the ToC is self-explanatory, except for the first and last chapters. The first one covers how we implemented the “Security Quality Gates” in Windows Vista to help catch security bugs early; in my opinion, and I think y’all agree, it’s most important to get the quality right rather than rely on a defense saving you. That’s why it’s the first chapter. The last chapter is a grab-bag of stuff that doesn’t fit well in other chapters, including:
Adding Windows Parental Controls support to your application

  • Windows Defender APIs

  • New Credential User Interface API

  • Use the Security Event Log.

  • Pointer Encoding

  • Kernel Mode Debugging Issues

  • Programming the Trusted Platform Module (TPM)

  • Building Secure Windows Sidebar Gadgets

Note, this book is not a replacement for Writing Secure Code 2nd Edition; the new book focuses solely on building applications that take advantage of Windows Vista defenses and does not dwell on secure design, threat modeling, testing or the myriad of coding best practices we covered in the earlier book.

We also did a lot of work to go deeper than just what’s documented in the SDK – we wrote code to make these features work, and show how you can use them. In many cases, we ran into previously unknown gotchas, and we explain how you can avoid the same problems. In the code samples we’re shipping with the book, you’ll find not just the usual snippets that show a minor detail, but a lot of code you can use yourself – including a complete Windows service that communicates securely with the desktop.

I believe we have written an important book, because for Windows Vista customers to be more secure, everything on top of the OS must be more secure too. Oh, and it’s code heavy and an easy and actionable read, too!

Comments (14)

  1. Come farselo mancare nella propria libreria? Even though we (kinda) promised our wives we wouldn’t do

  2. Net says:


    I wanted to know if the book will include examples in VB.Net.  If not, I would recommand that you include them.  There are differences in the languages between VB.Net and C#.  And seeing examples in this language will help a lot of people.

  3. c says:

    What happened with the QuickTime bugs?  Why are they exploitable on Vista?

  4. c, i haven’t dug into the bugs. but they’re exploitable because the apple code has security bugs in their code!

  5. Net, not there is no VB.NET code in the book, but the C# samples are pretty simple and will translate easily to VB.NET

  6. c says:

    Hmm, I guess I was sort of hoping that some of Vista’s security infrastructure would mitigate/prevent some of the vulnerabilities in third-party code.  I guess a lot of the stuff is opt-in via using the new compilers?

  7. c: some defenses WILL come into play on Vista, for example ASLR might help, protected mode IE (low integrity) might help too, as might the heap defenses if there’s a heap BO. Unfortunately, Apple does not compile QuickTime with /GS, /SafeSEH, NXCompat or /Dynamicbase 🙁

  8. [Default] Evaluation Center Experience the New MSDN Evaluation Center Register to download software and

  9. antonio says:


    I have found a book write by you and David Le Blanc, the title is "Design Secure Software".

    The book is not more available on, but is available on (the url is

    I don’t see the book on your list.

    Is this book a fake?

  10. Antonio, long, long, LLLOOONNGGG story, but the book never happened! 🙁

  11. Peter.Delgado says:


    With respect to chapter 2, how deep do you go into MIC levels and UAC considerations?  I haven’t been able to find a comprehensive TOC listing and I am considering purchasing your book, but I want to ensure that the information that I need is covered in depth.

  12. Hi Peter

    IIRC, ch2 is the biggest chapter in the book. After reviewing a draft, Dave commented that "Howard has no concept of writing small chapters." But to answer your question correctly, it goes very deep, deeper than anything presently out there.

  13. Read this book – it’s excellent. To understand the book’s content, you should read Writing Secure Code

  14. Read this book – it's excellent. To understand the book's content, you should read Writing Secure