Four years ago, Microsoft laid out an ambitious plan for building an NGSCB (Next-Generation Secure Computing Base). NGSCB was to be a trusted computing environment extending from motherboard-embedded security chips, through the Windows kernel and out to the application windows and input peripherals with which users interact with the system.
As a major player in the server space, Microsoft should offer the sort of mandatory access controls were beginning to see in Linux and Solaris. For now, though, the bulk of Microsofts privilege management is centered on the desktop.
* Reduced rights for Internet Explorer IE doesnt require all the rights of a limited user, let alone an administrative one, to do the work of rendering Web pages. In Vista, IE will run by default with less privilege rope with which to hang itself (and the system as a whole).
* A Vista for nonadmins Perhaps its silly to worry about limiting applications to the fewest privileges they require when, according to Microsoft officials, the difficulty of run-ning current Windows versions with appropriately limited rights leads about 80 percent of business users to run as admins—a management gap that Vista should help patch.
* Virtualized system file stores If you cant control exactly what a particular application is allowed to do, you can at least issue it a safer sandbox in which to run. Vista will let applications that want to run as administrators modify system files and registry keys, but do so in a branched-off, virtualized area.
* Still hankering for NGSCB? Microsofts NGSCB developers are now called the System Integrity Team, and they have a blog at blogs.msdn.com/si_team/default.aspx.
Check out eWEEK.coms for the latest news, views and analysis on servers, switches and networking protocols for the enterprise and small businesses.
