• E-mail this page
• |  Print this page
• | 
• | 
• | 

How Clever Is Too Clever?

You begin to get a feeling for how complex Longhorn is going to be when it takes one Microsoft engineer to explain what another Microsoft engineer really meant when he tried to explain a new feature. The feature wasn't even in Longhorn, but in the future version 7 of Internet Explorer. Gordon Mangione, corporate vice president of Microsoft's security group, at the MS Tech Ed conference last week in Orlando, revealed some details of a "low-rights" mode in IE 7 that will provide some defense against browser-based exploits, and he implied that IE 7 would ship with this mode enabled by default. What he forgot was that IE 7 for Windows XP SP2 is going to beta this summer, and XP doesn't have any support for the feature.

Enter Rob Franco, Lead Program Manager for IE Security. On Thursday, 6/9, Franco wrote an entry on Microsoft's Microsoft's IE Blog to explain Mangione's explanation. "Low-rights" IE will work only with Longhorn, it turns out, because Longhorn will have something called Least User Access, which will allow programs and processes to run with less authority than the user who runs them.

Today, 6/14, John Bedworth, the Development Manager for Internet Explorer Security, jumped into IEBlog to explain what Franco forgot to explain, how 'low-rights' IE is different from running as a regular (limited) user in XP.

(Ironically, Mangione himself explained Longhorn's Least User Access back in April, when he called it Windows Service hardening, in a conversation with CMP editors. See Microsoft Security Products Chief Takes On Spyware.)

Even though it's apparently hard to explain, it's a clever approach, if not anything very new. ("Administrator" privileges, which have bedeviled Windows users since NT, have their antecedents in Unix/Linux "root" and similar features of other OSes. Lotus Notes, as just one application example, has long let developers precisely control the authority level of agents executing on the server.)

The problem may be, as the comment-posters in IEBlog have already pointed out, that compatibility with existing Web sites and applications will require Microsoft to build in so many exceptions and back doors that what was supposed to be a brick wall will become just more swiss cheese. No doubt we're due for more explanations.

Win An iPod!

Did you submit your entry for the Software Hall of Fame in the first week of the Pipelines' Great Tech Call 'Em Like You See 'Em contest? If not, there's still time. And this week, for your second of four chances to win an iPod, the focus is on hardware: what do you think belongs in the Hardware Hall of Fame? Check out what the Pipeline editors think, and pen your own entry for the chance to win an iPod or any one of 36 other cool prizes. Enter even if you've already got an iPod, and if you win, give it to me.

« Effective BPO Deals Require Partnering | Main | Why Ascential Is Essential for IBM »