Microsoft has been loudly touting the security improvements in Windows Vista as compared to Windows XP. However, there seems to be some dissention within the software giant’s ranks.
According to Mark Russinovich, a technical fellow in Microsoft’s Platform and Services Division, hackers will simply adapt their attacks to the Vista environment (Nick Farrell, “Microsoft admits Vista security won’t change much,” The Inquirer, 24 April 2007). Russinovich predicts that even UAC will be vulnerable. If Vista doesn’t provide any additional security, why would an organization go through the painful process of upgrading?
In my opinion, only sound security practices can protect any endpoint device. One of the most important of these practices is implementing accounts using the principle of least privilege. With Vista, Microsoft has moved in the right direction by addressing the need to allow users to log in as local administrators in order to perform minor system administration tasks. Restricting local administrator access to only a restricted group of support/engineering personnel is the best defense against unwanted software installations. This is often easier said than done.
Many vendors have not yet jumped on the Vista bandwagon. Organizations might still find themselves forced to allow local admin access for business users so certain applications function properly. So how can we continue moving in the direction Microsoft is headed?
First, we need to provide only minimal access to endpoint devices. Situations in which elevated privileges are required to execute applications should be treated as exceptions.
Second, organizations must pressure vendors to write applications that perform tasks without elevated privileges. Some of you have told me that this is a futile effort, but I disagree. When requests for proposal consistently contain requirements for least privilege operation, and when customers start making purchasing decisions based in large part on security features, responsible vendors will listen.
Finally, educate users. Whether in XP or Vista environments, business users must understand the need to carefully consider any request to install an application on their endpoint devices. Of course, taking this decision-making process away from the end users is the best solution. Used properly, UAC can get us there. But we have some distance to travel before we arrive at a place where technology protects users from themselves.