Hey guys, Last month I blogged (http://silverstr.ufies.org/blog/archives/000989.html) about my disappointment with the fact that the new service pack for Visual Studio 2005, on Vista, suggests with a specific dialog box that you run the IDE as Administrator. (http://msdn2.microsoft.com/en-us/vstudio/aa972193.aspx). The actual dialog box is alarming and misleading, because it really gives poor advice and the false impression that developers HAVE to be building software as Administrator. Am I being selfish in believing that this is the LAST thing we want to do when trying to educate developers to not write code with administrative privileges? I know you can simply uncheck the thing and move on, (as recommended by Michael Howard at http://blogs.msdn.com/michael_howard/archive/2007/01/04/my-take-on-visual-studio-2005-sp1-and-windows-vista.aspx), but the reality is that this guidance isn't helping us as we try to educate developers to write software requiring less privileges, when the tools we use suggest that it doesn't adhere to that! For years we have been trying to educate developers to run with least privilege so they can build safer software in a more restricted environment. Particularly important in a Windows environment where quite a few attack vectors would be significantly lessened if the software would have simply required less privileges at design time. I fear that when developers see such guidance they will simply run all their tools in an elevated context, or worse yet turn off things like UAC altogether so they can go about their "daily business". Now, I am pretty sure that a lot of us on this list have been building software in least privilege environments for years. But what does this say to those that don't know any better when they see such dialog boxes when they start their tools? Microsoft has even written a Vista "Issue list" for when you run Visual Studio as a Standard User. (http://msdn2.microsoft.com/en-us/vstudio/aa972193.aspx). There are plenty of examples there where the work around is "Run Visual Studio with elevated administrator permissions" when it doesn't have to be. So its clear they know this is an issue. Am I wrong for being disappointed in Microsoft's approach at this stage of the game? We aren't talking about an old IDE written for Windows95. This was built FOR and ON Vista. With Microsoft's great strides in their SDLC process to date, should we be expecting them to lead the charge in educating developers to run as Standard Users? What are your thoughts on this? --- Regards, Dana Epp [Microsoft Security MVP] Blog: http://silverstr.ufies.org/blog/
_______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
