Robert Hurlbut Blog

Thoughts on Software Security, Software Architecture, Software Development, and Agility

Least privileged user access for developers

Sunday, August 28, 2005 Comments

 .NET  Personal  Security 
Share:   Share on LinkedIn    Share on Twitter    Share on Facebook   

Nigel Watling (great start of a blog, by the way -- subscribed! RSS) has a very nice summary of some material on developing as a non-administrator and writing least priveleged code. Andrew Duthie particularly liked this quote: 

The idea of least privilege is to limit the damage done by accident, error or attack. It’s quite simple: the more privileges a process has the more havoc it can wreak on your machine.

During Mark Russinovich’s entertaining and insightful malware talk at TechEd EMEA he admitted to accidentally downloading some spyware (which proved remarkably obstinate to remove). When Mark asked the audience who personally had been infected by malware, almost the entire room (~700 people) raised their hand. I have to admit I was surprised. If someone as smart as Mark Russinovich gets infected then what hope is there for the rest of us? The numbers in the room provided ample evidence: not a lot!

I like it too! But, I especially liked his last sentences:

How you write your code can affect the experience and the security of many people and, what’s more, they are your customers. Be nice to them.

That is, or really should be, the bottom line. We as developers develop software sometimes for ourselves, but most profitably for our customers. Sure, we can take the easy road and develop while running as an administrator and ignore the rules about where to put files and what registry settings we can touch. But, what service is that really providing to our customers? What happens when they take your software and run it in a least privileged environment (i.e. they run it as a normal user)? What happens when they are restricted from writing to "Program Files" (for whatever reason, I have no idea!) and get a popup that says "You must be administrator to run this application"? At some point in the near future, it means they stop buying and using your product. Period. How is that for the bottom line? Learn it, live it.

Share:   Share on LinkedIn    Share on Twitter    Share on Facebook