Vista to be a More Secure Platform

By Steven Warren

(Back to article)

While some of the highly publicized features of Longhorn have slipped off the table, one that remains steadfast is LUA (least privilege user account).

LUA will keep your company more secure by preventing hacker and virus activity through limiting access to administrative permissions.

Let me first say that LUA is a significant feature with Longhorn; Microsoft will push this benefit aggressively with Longhorn's release. The concept behind LUA is nothing new to operating systems but it is being made more prominent and simple with Longhorn.

It basically refers to the idea of using non-privilege user accounts for interactive users and for services.

The goal for Longhorn is to simplify security as much as possible by having just two levels of access: administrative and least privilege. The infamous power users group is being eliminated in Longhorn. With these two levels of access and the elimination of the power users group, developers can now start creating applications and code with careful consideration as to whether the code needs administrative rights.

In the past, Microsoft has always released their products with everything wide open or everyone + full control. Due to this, developers often coded applications logged on as administrator, and quality assurance employees tested with administrator rights.

With the release of Longhorn and the push for LUA, Microsoft hopes to strongly encourage the adoption of the use of least permission by making it very simple to perform common tasks without administrator privileges.

LUA can be used with Windows XP but it has its share of problems and it cannot be used easily without some crafty tools and registry hacks.

For example, with Windows XP running a LUA account, you cannot access Windows Explorer, system clock, and power options. These are simple tasks that you will have access to under LUA in Longhorn.

Furthermore, you can use the RunAs command to perform installations in Windows XP but it has its fair share of problems as well. In Longhorn the RunAs command will be enhanced to better support a LUA account.

For some companies, running under LUA will not be possible. They may have backup software, hard drive defragmentation or other such utilities that really need administrative rights in order to function properly. Don't fret; Longhorn has a protected administrator feature when running such utilities under an administrative account.

When you turn this feature on, you can feel safe running under an administrative account because you have the ability to designate the application or utility as trusted.

If you are not considering Longhorn, Microsoft's LUA functionality is worth a closer look. You will have a more secure organization with the adoption of Longhorn. LUA in Longhorn will be very secure for your organization and will be a step closer to Microsoft's secure computing initiative.

We are still in the early stages of the development but I am very excited about the adoption of LUA and agree that Longhorn will be one of the most secure Microsoft operating systems to date upon release. LUA will be part of Microsoft's vision of an operating system with a multi-layered security that is protected and simplified.

As the amount of viruses and hacker activity continues to increase, expect LUA to make a huge impact in security aware companies. Stay tuned.

Steven Warren is an IT consultant for the Ultimate Software Group and a freelance technical writer who has been a regular contributor to TechRepublic, TechProGuild, CNET, ZDNET, DatabaseJournal.com and, now, CIO Update. He has a forthcoming "how-to" book on VMware Workstation and holds the following certifications: MCDBA, MCSE, MCSA, CCA, CIW-SA, CIW-MA, Network+, and i-Net+.