Microsoft is crafting a tool that will call out potential software conflicts with a security feature in Windows Vista that lets people run the operating system with fewer user privileges.
The tool, dubbed LUA Buglight, is designed to identify bugs related to the new Least User Access, or LUA, feature in Windows Vista, a Microsoft representative said in a statement. Vista is the successor to Windows XP that's due out next year.
LUA lets Vista users run their system with fewer privileges, as opposed to the administrator mode that Windows XP typically runs in. The change is meant to improve the security of Windows. For example, a malicious program that makes its way onto a PC running in standard-user mode can't do as much damage as on a PC running in administrator mode.
"LUA Buglight is a new tool being developed by Microsoft Consulting Services that is designed to quickly identify the specific causes of LUA bugs in applications," the Microsoft representative said in an emailed statement. "With this information, the bugs can be fixed or worked around, enabling users not to have to run with full admin privileges."
The tool is primarily meant for IT professionals who need to fix bugs in corporate or third-party applications, the Microsoft representative said. However, it can also be used by developers to hunt for LUA bugs in their own applications, the representative said.
LUA Buglight isn't yet available, and Microsoft didn't say when it plans to release the tool.
Talkback
While I usually find myself criticising Microsoft of late, I must object to the title of the article and support Microsoft for a good idea here.
The tool doesn't shed light on Vista bugs, it sheds light on poorly designed code that will not work under Vista when used in a proper, secure environment.
Microsoft should be lauded for providing such a tool - although one may ask why it wasn't released 10 years ago when the problem of having to use poor security to get some software to run became apparent...
I give Microsoft credit for getting this tool out early enough so that people can deal with the whole problem of being able to run in a secure environment before Vista finally hits the streets. It seems as if the current situation snowballed, some essential apps and games only worked in Admin mode, so most people used admin mode, if most people use Admin/owner mode, why bother to program for a secure environment.
And some of the worst offenders are those that should know better like anti-virus products and security tools, instead of encouraging using the system in a secure manner, they sprout error messages all the time because they can't apply updates or access certain areas. *nix security tools have coped with this situation since the 1970's, so it shouldn't be too hard, you might need to escalate their priority, not the whole users context!
Let's hope Microsoft can show the way here. The two key areas I would like to see improvements in Vista are:
1) The LUA working properly so that Windows can be taken seriously as a secure environment to work in. (And Security tools should be leading the way here by working as a service with the correct privileges and allowing the user to work in LUA mode.)
2) Fewer re-boots. Coming from a mainframe and *nix background, even after 18 years or using Windows, I am still horrified at how often it needs to be re-booted during package installation and patching. A re-boot should only be required if the kernel is changed, if anything else is added or updated the affected services or programs should just need re-starting, not a reboot of the whole system.
When I install SuSE Linux on a machine, it reboots to the Hard disk kernel part way through the installation, and after all the patching is complete (if there is a kernel update) it reboots once more. XP needs over 20 reboots during the install and patching process, more if the standard drivers don't cover your hardware and you need to manually install third party drivers. Then you can start on installing the applications, many of which also require reboots.
Even AV software is pretty bad here, the engine I use wants to reboot at odd times when it gets updates! It is a service, it should be restartable in itself, it shouldn't need a re-boot, I've never seen clamav under Linux whining about a reboot after it has patched itself - the fact that it would be laughed into extinction if it tried probably helps keep the programmers focused.
WOW! Now you won't be running as admin in windows? What a great innovation! I wish my Linux distro was able to do that. : )
David, you said:
"...some of the worst offenders are those that should know better like anti-virus products and security tools, instead of encouraging using the system in a secure manner, they sprout error messages all the time because they can't apply updates or access certain areas..."
Yet earlier in your comment you said:
"...having to use poor security to get some software to run..."