Infrastructure // PC & Servers
Commentary
6/14/2005
03:54 PM
David  DeJean
David DeJean
Commentary
Connect Directly
RSS
E-Mail
50%
50%

How Clever Is Too Clever?

You begin to get a feeling for how complex Longhorn is going to be when it takes one Microsoft engineer to explain what another Microsoft engineer really meant when he tried to explain a new feature. The feature wasn't even in Longhorn, but in the future version 7 of Internet Explorer. Gordon Mangione, corporate vice president of Microsoft's security group, at the MS Tech Ed conference last week in Orlando, revealed some details of a "low

You begin to get a feeling for how complex Longhorn is going to be when it takes one Microsoft engineer to explain what another Microsoft engineer really meant when he tried to explain a new feature.

The feature wasn't even in Longhorn, but in the future version 7 of Internet Explorer. Gordon Mangione, corporate vice president of Microsoft's security group, at the MS Tech Ed conference last week in Orlando, revealed some details of a "low-rights" mode in IE 7 that will provide some defense against browser-based exploits, and he implied that IE 7 would ship with this mode enabled by default. What he forgot was that IE 7 for Windows XP SP2 is going to beta this summer, and XP doesn't have any support for the feature.

Enter Rob Franco, Lead Program Manager for IE Security. On Thursday, 6/9, Franco wrote an entry on Microsoft's Microsoft's IE Blog to explain Mangione's explanation. "Low-rights" IE will work only with Longhorn, it turns out, because Longhorn will have something called Least User Access, which will allow programs and processes to run with less authority than the user who runs them.

Today, 6/14, John Bedworth, the Development Manager for Internet Explorer Security, jumped into IEBlog to explain what Franco forgot to explain, how 'low-rights' IE is different from running as a regular (limited) user in XP.

(Ironically, Mangione himself explained Longhorn's Least User Access back in April, when he called it Windows Service hardening, in a conversation with CMP editors. See Microsoft Security Products Chief Takes On Spyware.)

Even though it's apparently hard to explain, it's a clever approach, if not anything very new. ("Administrator" privileges, which have bedeviled Windows users since NT, have their antecedents in Unix/Linux "root" and similar features of other OSes. Lotus Notes, as just one application example, has long let developers precisely control the authority level of agents executing on the server.)

The problem may be, as the comment-posters in IEBlog have already pointed out, that compatibility with existing Web sites and applications will require Microsoft to build in so many exceptions and back doors that what was supposed to be a brick wall will become just more swiss cheese. No doubt we're due for more explanations.

Win An iPod!

Did you submit your entry for the Software Hall of Fame in the first week of the Pipelines' Great Tech Call 'Em Like You See 'Em contest? If not, there's still time. And this week, for your second of four chances to win an iPod, the focus is on hardware: what do you think belongs in the Hardware Hall of Fame? Check out what the Pipeline editors think, and pen your own entry for the chance to win an iPod or any one of 36 other cool prizes. Enter even if you've already got an iPod, and if you win, give it to me.

Comment  | 
Print  | 
More Insights
Server Market Splitsville
Server Market Splitsville
Just because the server market's in the doldrums doesn't mean innovation has ceased. Far from it -- server technology is enjoying the biggest renaissance since the dawn of x86 systems. But the primary driver is now service providers, not enterprises.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - July 22, 2014
Sophisticated attacks demand real-time risk management and continuous monitoring. Here's how federal agencies are meeting that challenge.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.