Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    .Net Tightens Windows Security

    By
    Timothy Dyck
    -
    January 21, 2002
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      With the shipment of Microsoft Corp.s .Net Framework run-time environment last week, Windows developers have a powerful new platform for developing secure applications in any .Net language. .Net is a radical rethinking of how Windows application security works and jumps Windows security forward several generations.

      In an all-day briefing with eWeek Labs, Brian LaMacchia, development lead, .Net Framework security system, described the security policy framework, code-level security attributes, isolated application storage area, cryptographic framework and other security changes in the new .Net environment.

      Based on an early look at .Net Framework, eWeek Labs believes that these changes will make it far easier for developers using .Net languages to write applications that are resistant to tampering and that store user data more securely. However, the .Net Frameworks security impact will be limited as long as native C or C++ applications are common on Windows.

      Wide-scale deployment of applications built on the new security model is at least a few years away, and existing Windows applications dont benefit at all from this new security model: Windows systems are still just as vulnerable to non-.Net attacks. “Ultimately, we are dependent on the security of the OS,” Microsofts LaMacchia said.

      The most significant security capability in .Net is an application environment that enforces a “least privileges” programming model, one where developers can specify at development time the particular rights an application needs to run, as well as the rights the application should refuse. As with Java, .Net permissions can be set very precisely—down to files and other machine resources.

      All rights are enforced at a system level and apply even if users with administrator rights run the software, something that has never before been the case with Windows.

      Administrators can further restrict program rights using Microsofts new .Net Runtime Security Policy editor.

      The new security model is a sea change from previous Windows security models, where programs started with administrative permissions can modify any system resource. Unfortunately, many programs are configured this way in Windows, one of the main reasons for the operating systems security troubles.

      Enforcing program permissions independently of user permissions is a trademark of trusted operating systems and has long been used in high-security intelligence and banking applications.

      eWEEK Labs analysis of the new security scheme did reveal some potential security problems. By default, .Nets run-time engine uses Internet Explorers zone rules to determine in which security class to run downloaded code, and this zone detection system has had many security bugs in the past. In addition, if .Net applications require the right to call non-.Net code (something that hybrid .Net/Windows programs will require), they can bypass .Net security rules.

      The bottom line, however, is that the new security rules are many times better than whats currently available to C or Visual Basic developers.

      eWEEK Labs West Coast Technical Director Timothy Dyck can be reached at timothy_dyck@ziffdavis.com.

      Timothy Dyck
      Timothy Dyck is a Senior Analyst with eWEEK Labs. He has been testing and reviewing application server, database and middleware products and technologies for eWEEK since 1996. Prior to joining eWEEK, he worked at the LAN and WAN network operations center for a large telecommunications firm, in operating systems and development tools technical marketing for a large software company and in the IT department at a government agency. He has an honors bachelors degree of mathematics in computer science from the University of Waterloo in Waterloo, Ontario, Canada, and a masters of arts degree in journalism from the University of Western Ontario in London, Ontario, Canada.

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      10 Best AI 3D Generators 2023

      Aminu Abdullahi - November 17, 2023 0
      AI 3D Generators are powerful tools for creating 3D models and animations. Discover the 10 best AI 3D Generators for 2023 and explore their features.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×