Windows Security

Sometimes I wonder if Microsoft employees actually run the products they work on.

Elevated security, something that debuted on Windows Vista — and apparently derived from OS-X is a good example.

It’s a great idea.

As a user I should get to decide whether or not a pieced of software is allowed to make changed to my computer.  But the failing of Microsoft is they didn’t really think the problem through before they blindly copied what OS-X did.

In Windows there’s at least two levels of changes that should be approved…

When a piece of software I want is approved for install it should be able to make changes to a set of locations that is owned by the software vendor once I approve it’s installation.  However, it should not be able to make changes to my system configuration unless I specifically approve that.

What Microsoft should have done is something more along the lines of this.

A piece of software is launched and requests the user permission to install itself.  Microsoft fetches the security certificate bound into the executable and presents the user with that information when the system asks for the approval (the dialog should also have an additional detail button).  The user approves it, and the task is run with a security token created on the fly that allows the installer access to the vendors specific structure.

Should the installer desire to change system components it should have to ask to an additional elevation; at which time the operating system should again ask for approval and clearly indicate what system level resources the installer has requested access to.

Installers, would, of course generally be designed not to request access to modify the system (meaning they couldn’t install auto-start, install services, install device drivers, etc without a user knowing these things were going to happen).

When you installed software that did not have a certificate the system would still be able to present two levels of authentication (provided the installer properly requested the different access levels properly).

This would make Windows a far more secure environment… and it would prevent software vendors from install unwanted features onto a system.

Why doesn’t Microsoft implement something like this?

Well, it’s any ones guess… I prefer to believe that the people who design Windows don’t actually use it — but there are lots of conspiracy theories that could be put forth as well.

Originally posted 2010-01-18 01:00:02.