Monthly Archives: July 2004

Don Kiely and Least Privilege at VTdotNET

dotNET

Don Kiely’s talk was fantastic at Vermont.NET on Monday night. I think he had everyone on the edge of their seats with all of the great tips & tricks for truly working in Least Privilege mode. Not only why you should do it but how to do it. And not only how, but what to expect because it ain’t easy! There are a few areas of focus for developing under least privelege. One is the hardest – making your “daily driver“ account a non-admin account. Your doing yourself a favor anyway – this offers you some good protection from hacking. But it is going to affect your everyday use of your computer – before you even open up your development tools. (or quickbooks!). Then there are the issues of using your development tools as a non-admin. I had a lot of pain enabling myself to debug in visual studio .net, both windows forms apps and web apps. Don’t even get me started about compiling VB6! Another key area is to think about what actions your code is taking. For example if you are persisting files, WHERE are you doing that? The trickiest part is that end-users of your application will very likely be running as non-admins. If we write our apps with an admin account and then deploy it to a non-admin user, you just don’t know what glitches they might encounter related to their lower priveleges. So by writing your app in the same mode, you can have a lot more confidence in the future of your application.

I was a little startled (and slightly embarrassed) when Don pointed out that running as a Power User is NOT a non-admin setup . It is not much less vulnerable than running as an admin. Ifyou really want to run as a non-admin, you need to be a plain old User. I just went through much pain going from admin to power user and now I realize I’ve barely done the deed. When I come back, I will be squeezing myself into a real non-admin role as a User.

Don left me with his power point deck and a slew of fabulous links to read more. They come from people’s blogs (eg Anil John, Andrew Duthie and others) as well as book chapters from Keith Brown and many other articles from these and other experts on the topic. I put them on the “past meetings“ page of the Vermont.NET website.

I can already see that the powerpoint slides are going to be a well-used resource in my office!

If Don didn’t have so much work to do, I would just have forced him to fix my computer and my applications that I am writing so that I’m running as non-admin. I would definitely consider calling in the big guns (experts like Don and others) to get the job done with this stuff on projects.

The usual chaos – where’s that caffeine

Just Rambling

So I have to leave tomorrow for about a week. Another non-vacation trip but stealing at least the weekend and bringing Rich so I will make the most of it. I had the usual million emergencies (including 3 hours out with an unbootable computer yesterday) that have left me scrambling and feeling completely unprepared to leave. Looks like an all nighter. Rich finally gave up at 8:30 (now) on the possibility of my making dinner tonight. Looks like it’s gonna be mac & cheese. Well, I can give all of my lovely organic produce to the housesitter while we are gone. I’m predicting yet another “10 minute packing job” to get a week’s worth of clothes together sometime within the last half hour before we leave for the airport.

Since I don’t dare leave my computers on while I’m gone (so many storms here), I have to make sure my laptop is 100% independent and prepared for any emergency- even a rebuild of a humongous, 3rd party control laden VB6 app.