Threats from Longhorn

[Jim Byrd]

Hi Kyle - The following is courtesy of Larry Samuels, MVP
:

"The details of WinFS security are here:
http://longhorn.msdn.microsoft.com/l...SSecurity.aspx

In the PDC release, the security model is not implemented. The proposed
security model uses ACLs on items in the store and when a user attempts to
access an item the system will perform a check against the user's Windows
access token. Thus, if you have permission (explicitly for your account, or
through a groups that you are a member of) then you'll get access to the
item. As to the idea of a virus harvesting contacts - this assumes that the
virus can run under an account that has the permission to access contact
items. Thus the emphasis is to prevent rogue code from running on a system
under a priviledge account, and this is where .NET code access security
comes in - downloaded code should not have the permission to access the
store.


Larry Samuels MS-MVP (Windows-Shell/User)
Associate Expert
Unofficial FAQ for Windows Server 2003 at
http://home.earthlink.net/~larrysamuels/WS2003FAQ.htm
Expert Zone - www.microsoft.com/windowsxp/expertzone"


Also, you can find additional Longhorn-related info/links here:
http://aumha.org/win5/a/longhorn.htm


--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In news:lkcupv4t32gp2f323n3ktb9sblembpbuhe@4ax.com,
Kyle Thomas Pope <kurokyle@notmail.spam.not.com> typed:
> With Microsoft pushing its next iteration of Windows, codenamed
> Longhorn, is there any information as to what security and privacy
> problems this new OS will pose? I realize that any facts regarding
> Longhorn are pretty thin at the moment given the secrecy surrounding
> the project but I have to worry given MS's previous track record in
> these areas combined with the whole TCPA/Palladium dust-up of not too
> long ago. Windows XP was a major step towards usurping control of PCs
> from their users and I have to imagine Longhorn is going to continue
> the trend.
>
> So are there any Microsoft moles out there who can address this
> question?
>
> -----
> Kyle Pope
>
> "I will not be pushed, filed, stamped, indexed, briefed, debriefed or
numbered!"
> - No. 6
>
> Keeper of the Edit List -
>
> (http://www.animenewsnetwork.com/columns/edit-list.php)
>
>
> ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet
News==----
> http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000
Newsgroups
> ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption
=---

[Larry Ludwick]

I think what the below says is that there is no privacy and you
can forget security.


"Jim Byrd" <jrbyrd@spamlesscomcast.net> wrote in message
news:70Jnb.38388$mZ5.216251@attbi_s54...
> Hi Kyle - The following is courtesy of Larry Samuels, MVP
> :
>
> "The details of WinFS security are here:
>
http://longhorn.msdn.microsoft.com/l...SSecurity.aspx
>
> In the PDC release, the security model is not implemented. The
proposed
> security model uses ACLs on items in the store and when a user
attempts to
> access an item the system will perform a check against the
user's Windows
> access token. Thus, if you have permission (explicitly for your
account, or
> through a groups that you are a member of) then you'll get
access to the
> item. As to the idea of a virus harvesting contacts - this
assumes that the
> virus can run under an account that has the permission to
access contact
> items. Thus the emphasis is to prevent rogue code from running
on a system
> under a priviledge account, and this is where .NET code access
security
> comes in - downloaded code should not have the permission to
access the
> store.
>
>
> Larry Samuels MS-MVP (Windows-Shell/User)
> Associate Expert
> Unofficial FAQ for Windows Server 2003 at
> http://home.earthlink.net/~larrysamuels/WS2003FAQ.htm
> Expert Zone - www.microsoft.com/windowsxp/expertzone"
>
>
> Also, you can find additional Longhorn-related info/links here:
> http://aumha.org/win5/a/longhorn.htm
>
>
> --
> Please respond in the same thread.
> Regards, Jim Byrd, MS-MVP
>
>
>
> In news:lkcupv4t32gp2f323n3ktb9sblembpbuhe@4ax.com,
> Kyle Thomas Pope <kurokyle@notmail.spam.not.com> typed:
> > With Microsoft pushing its next iteration of Windows,
codenamed
> > Longhorn, is there any information as to what security and
privacy
> > problems this new OS will pose? I realize that any facts
regarding
> > Longhorn are pretty thin at the moment given the secrecy
surrounding
> > the project but I have to worry given MS's previous track
record in
> > these areas combined with the whole TCPA/Palladium dust-up of
not too
> > long ago. Windows XP was a major step towards usurping
control of PCs
> > from their users and I have to imagine Longhorn is going to
continue
> > the trend.
> >
> > So are there any Microsoft moles out there who can address
this
> > question?
> >
> > -----
> > Kyle Pope
> >
> > "I will not be pushed, filed, stamped, indexed, briefed,
debriefed or
> numbered!"
> > - No. 6
> >
> > Keeper of the Edit List -
> >
> > (http://www.animenewsnetwork.com/columns/edit-list.php)
> >
> >
> > ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure
Usenet
> News==----
> > http://www.newsfeed.com The #1 Newsgroup Service in the
World! >100,000
> Newsgroups
> > ---= 19 East/West-Coast Specialized Servers - Total Privacy
via Encryption
> =---
>
>

[Jim Byrd]

Hi Larry - I think that's mostly true for the PDC preview release. However,
if you read thoroughly at the link Larry Samuels provided, you'll find that
a reasonably strong security model is discussed for the final. I can assure
you that this is a "hot" topic in MVP and Developer circles, FWIW.

--
Please respond in the same thread.
Regards, Jim Byrd, MS-MVP



In news:e3Pnb.16324$%e3.4488@nwrddc03.gnilink.net,
Larry Ludwick <lludwick@larryludwick.com> typed:
> I think what the below says is that there is no privacy and you
> can forget security.
>
>