Microsoft Products Get Security Certified

• By Keith Ward
• 12/15/2005

• Windows Server 2003, Standard Edition (32-bit version) with SP1
• Server 2003, Enterprise Edition (32-bit and 64-bit versions) with SP1
• Server 2003, Datacenter Edition (32-bit and 64-bit versions) with SP1
• Server 2003 Certificate Server, Certificate Issuing and Management Components (CIMC) (Security Level 3 Protection Profile, Version 1.0)
• Windows XP Pro with SP2
• Windows XP Embedded with SP2

Some earlier versions of those products had already attained CC certification but without the Service Pack additions. The announcement has mostly flown under the media radar, but it shouldn’t be casually dismissed as unimportant, either. What’s significant about CC approval is that it’s independent of Microsoft. CC is an international consortium of organizations that’s established a set of common security standards it applies to products, which are submitted by companies for testing. If the products meet those standards, it’s awarded the CC certification. At the higher certification levels, it’s not easy to get. And all products, whether they be from Microsoft, Oracle, CA and so on, get tested the same way for the same level. No favoritism here.

A note of caution also applies, however: The certification means only that a product is securable to a certain standard, *not* that it’s secure out of the box or in a default configuration. You still have to perform due diligence to secure the computer in question. Still, it’s nice to know that if you know what you’re doing, these Microsoft products can be secure. Another small step in the Trustworthy Computing initiative for Redmond.

The Least of These
Elsewhere on the security front, a couple of Microsoft consultants have been pushing hard the idea of least-privileged user accounts (LUA).

Malware can do the maximum amount of damage when it gains admin-level privileges in a system. That applies to the ginormous (five points if you can give me the reference for that word. Hint: it’s Christmas-related) majority of Windows users; nearly all of us, and the users on our networks, are local-machine admins. Keeping the privileges at a lower state, as is the case on Macs, means less harm can be done, even if an attacker gains user privileges.

This isn’t really the system administrator’s fault; it’s largely out of necessity, since the majority of Windows programs are written to require admin-level rights to fully function. The call to do away with this hideous situation has been heard for years, but hasn’t gained much momentum. The new idea presented by the Microsoft evangelists is an online clearinghouse for developers, where they can get training and tools to help them build the principles of LUA into their code.

This is a sensational idea, and Microsoft may contribute one of the first tools to the clearinghouse. As esteemed Windows watcher (and new Redmond magazine columnist) Mary Jo Foley reports, “Microsoft is readying a new tool, tentatively named ‘LUA Buglight,’ that will find code bugs that impact compatibility for non-admin users.” So if you’re writing the next mission-critical app for your company, and apply the Buglight, it’ll tell you where the program will break for non-admin-level users.

Let’s hope the clearinghouse idea catches on, and LUA picks up steam, until developers write it into every Windows-based program. We’ll all be a lot safer when that happens.

I’m So Glad We Had This Time Together
Finally, let me say how much I’ve enjoyed stepping into Doug’s shoes this week and writing for Redmond Report. Doug mentioned that the feedback he gets from readers is his favorite part of doing this newsletter. I can see what he means. Please don’t hesitate to contact either of us with questions, concerns, complaints or large cash contributions. I’m at [email protected].