How Clever Is Too Clever? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure // PC & Servers
Commentary
6/14/2005
03:54 PM
David  DeJean
David DeJean
Commentary
50%
50%

How Clever Is Too Clever?

You begin to get a feeling for how complex Longhorn is going to be when it takes one Microsoft engineer to explain what another Microsoft engineer really meant when he tried to explain a new feature. The feature wasn't even in Longhorn, but in the future version 7 of Internet Explorer. Gordon Mangione, corporate vice president of Microsoft's security group, at the MS Tech Ed conference last week in Orlando, revealed some details of a "low

You begin to get a feeling for how complex Longhorn is going to be when it takes one Microsoft engineer to explain what another Microsoft engineer really meant when he tried to explain a new feature.

The feature wasn't even in Longhorn, but in the future version 7 of Internet Explorer. Gordon Mangione, corporate vice president of Microsoft's security group, at the MS Tech Ed conference last week in Orlando, revealed some details of a "low-rights" mode in IE 7 that will provide some defense against browser-based exploits, and he implied that IE 7 would ship with this mode enabled by default. What he forgot was that IE 7 for Windows XP SP2 is going to beta this summer, and XP doesn't have any support for the feature.

Enter Rob Franco, Lead Program Manager for IE Security. On Thursday, 6/9, Franco wrote an entry on Microsoft's Microsoft's IE Blog to explain Mangione's explanation. "Low-rights" IE will work only with Longhorn, it turns out, because Longhorn will have something called Least User Access, which will allow programs and processes to run with less authority than the user who runs them.

Today, 6/14, John Bedworth, the Development Manager for Internet Explorer Security, jumped into IEBlog to explain what Franco forgot to explain, how 'low-rights' IE is different from running as a regular (limited) user in XP.

(Ironically, Mangione himself explained Longhorn's Least User Access back in April, when he called it Windows Service hardening, in a conversation with CMP editors. See Microsoft Security Products Chief Takes On Spyware.)

Even though it's apparently hard to explain, it's a clever approach, if not anything very new. ("Administrator" privileges, which have bedeviled Windows users since NT, have their antecedents in Unix/Linux "root" and similar features of other OSes. Lotus Notes, as just one application example, has long let developers precisely control the authority level of agents executing on the server.)

The problem may be, as the comment-posters in IEBlog have already pointed out, that compatibility with existing Web sites and applications will require Microsoft to build in so many exceptions and back doors that what was supposed to be a brick wall will become just more swiss cheese. No doubt we're due for more explanations.

Win An iPod!

Did you submit your entry for the Software Hall of Fame in the first week of the Pipelines' Great Tech Call 'Em Like You See 'Em contest? If not, there's still time. And this week, for your second of four chances to win an iPod, the focus is on hardware: what do you think belongs in the Hardware Hall of Fame? Check out what the Pipeline editors think, and pen your own entry for the chance to win an iPod or any one of 36 other cool prizes. Enter even if you've already got an iPod, and if you win, give it to me.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Commentary
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Slideshows
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll