Then and Now Microsoft Windows XP™ initially creates all user accounts as local administrators. Administrators have full access to system-wide resources and can execute any privileged operation. Microsoft guidelines suggest that users run day-to-day tasks under a least privileged account (LUA), however many users prefer to operate at the administrator level for the following typical [...]
Posts Tagged ‘Security’
Windows Vista UAC – Further Reading
Posted in Applications, Everything, tagged Security, Windows Vista on January 4, 2007 | 7 Comments »
Windows Vista – User Account Control
Posted in Applications, Everything, tagged Security, Windows Vista on January 4, 2007 | Leave a Comment »
Presently, users of the Microsoft Windows™ operating system have had to face several challenges to secure the integrity of the data residing on their computer. Users have had to cope with the vast slew of malware, including viruses, spyware, and root-kits, which typically cause damage to data and/or applications residing on the user’s desktop pc. [...]
Code Access Security – A Primer
Posted in Everything, Software Development, tagged Code, Security on June 1, 2006 | 2 Comments »
Overview This post serves as a primer for software developers interested in learning about Code Access Security (CAS) in .NET. The following information is not exhaustive of the subject matter and contains the basic overview of Code-Access-Security. Those interested in this subject are encouraged to read further. The following articles cover code security and are [...]
LUA Bugs
Posted in Applications, Everything, tagged Security on March 4, 2006 | Leave a Comment »
So, you’ve made the jump to Least Privileged User Account (LUA), but some of your applications no longer work…. These are known as “LUA Bugs”, and Aaron Margosis has written a post about fixing them.
LUA and Windows XP
Posted in Applications, Everything, tagged Microsoft Windows, Security on January 25, 2006 | 2 Comments »
For those of you that read my blog often (or talk to me directly), you’ll know that I am constantly advocating that users operate their computers under a least-privileged user account – LUA. Many have taken my advice, of not running day-to-day operations under an administrator account, or account with elevated privileges (yes, that includes [...]
Sony is still advising users to install their rootkit…
Posted in Everything, Miscellaneous, tagged Security on November 17, 2005 | 2 Comments »
Quoted from: http://cp.sonybmg.com/xcp/english/howtouse.html To install the software on this disc, you must have Administrator rights on your computer. Administrator rights are typically the default setting for home computers, however, in many work environments it is not the default setting. If you do not have Administrator rights, log out of your account and log in as [...]
Avoiding Sony’s DRM Rootkit
Posted in Everything, Miscellaneous, tagged Security on November 10, 2005 | Leave a Comment »
It may not have escaped your attention that Sony has been featured in the news a lot recently, concerning proven allegations about Sony BMG installing DRM root kits on Windows computers, belonging to consumers: http://news.bbc.co.uk/2/hi/technology/4400148.stm Essentially, root kits are malicious pieces of software that are installed in the lower-levels of the Windows operating system, which [...]
Debugging ASP.NET as non-admin (LUA)
Posted in Everything, Software Development, tagged ASP.NET, Security on November 9, 2005 | Leave a Comment »
See my previous post about LUA, and why it is a good idea. Today I managed to get ASP.NET 2.0 to debug correctly, using Visual Studio .NET 2005 under LUA. Thanks to Andrew Duthie’s post. I needed to tweak my system a little, here are my steps in digest (II6 only): 1. Create a new [...]
Running as Non-Admin
Posted in Applications, Everything, tagged Security on November 9, 2005 | Leave a Comment »
I have recently converted my developer workstations over to running as non-admin. I was inspired to move over to a least-privilege user account after sitting in on a talk by Randy Hayes – president for the CMAP (Central Maryland Association of .NET Professionals) user group. The principle theme of Randy’s talk was about better protecting [...]
DPAPI in C#
Posted in Everything, Software Development, tagged C#, Security on June 16, 2005 | Leave a Comment »
Okay, I am posting a link to this awesome example of DPAPI (Data Protection API) for C# and VB.net, mainly for my own reference. If you want to encrypt data in web.config files on shared servers, this is the way to do it. http://www.obviex.com/samples/dpapi.aspx Thanks to Julie Lerman for making me aware of DPAPI.
