LUA to Go in
Vista OS"> "We need to heighten awareness around secure coding," Bird said, noting that this would involve improved LUA tools and the publication and distribution of software standards. Microsoft plans to embed the LUA principle into the coming Windows Vista operating system but Margosis urged developers to shift the mindset today to avoid using bad coding practices in the future."Youll be in a position where you will still be hauling a lot of bad practice. You want to go and start cleaning up now," he declared.Click here to read about Microsofts plans for IE7 scurity lockdowns. Margosis and a group of senior Microsoft developers have started the ball rolling with the release of LUA-related information and tools on a non-admin Wiki aimed at Windows users. On the Wiki, the Redmond security gurus are sharing tips on how to set up non-admin accounts and offering easy-to-use utilities that can handle things like dropping user rights or elevating privileges to handle specific tasks. Margosis also announced plans to release another tooltentatively named LUA Buglightto remediate the challenges of finding code bugs that impact compatibility with non-admin users. Convinced that there are no valid technical or business reasons why applications should require admin privileges, Margosis plans to release LUA Buglight into a pool that also includes Regmon and Filemon, two freeware utilities from Sysinternals.com. With LUA Buglight, he said developers can generate new tokens and make calls to the Windows API to get reports on potential LUA bugs. A pre-alpha version of the tool, which is being funded by Microsoft, is currently being tested and Margosis expects to have it available early next year. He argued that the cost of ownership benefits from a well-managed LUA environment were significant. "Its 40 percent cheaper to run a well-managed desktop. When everyone is running as admin, you simply cant have a well-managed desktop," Margosis added. Check out eWEEK.coms for Microsoft and Windows news, views and analysis.