Only a few days are left in 2005 and instead of recapping major events of the past year, let's peek into what might be some of the major topics in 2006. Any number of unknowns might arise over the next 12 months, but I think at least three areas will be among the major centers of attention: Least-Privileged User Accounts (LUA), rootkits, and backups.
LUA is a major topic that has grown in importance throughout 2005. Although Windows Vista promises to bring us closer to true LUA functionality, we don't have an official product release of Vista yet. Even when it does become available, countless desktops won't be running it for quite some time. So we need to make due with what we have to work with.
One of the best resources for learning how to implement LUA and for sharing experiences in that realm is the Nonadmin Wiki (nonadmin.editme.com ) at the URL below. According to the Web site, the wiki is "a place where anyone can share their experiences with running as a non-administrator in Windows – the good (tips, tools, and help for using a limited-user account), the bad (programs that won't even install, let alone run, unless you're administrator), and the ugly (workarounds and kludges)."
The site is published by a group of contributors, some of whom work at Microsoft and some of whom you've probably heard of, including Aaron Margosis, Jay Bazuzi, Jenni Merrifield, Jonathan Hardwick, Micheal Howard, and Thomas Lee. Other contributors include anyone in the Internet community who wants to offer his or her experiences and insight. At the wiki, you'll find that you can also ask questions and download numerous tools that help you move toward establishing LUA in your environment.
A major hurdle in establishing LUA is with applications that can't run without some level of access to resources that require administrative access. Margosis said that next year a new tool will be released (tentatively named LUA Buglight) that will help developers find problems in application code that requires administrative access to either install or run. The tool will also help developers create ways to work around the problems. If you're a developer, keep an eye on the wiki for the eventual release of that tool.
Microsoft is also currently beta testing instructions in a whitepaper, "Applying the Principle of Least Privilege to User Accounts on Windows XP." I don't know when that whitepaper will be finished and ready for the public, but when it's ready, I'll let you know.
In the coming year, we'll also see more focus on rootkits. The problem with rootkits is obvious: They grant people unauthorized access to a system, sometimes at the Administrator or System level. Furthermore, we learned this year via the Sony BMG fiasco (see the URL below) that we can't trust all companies to do the right thing when it comes to providing tools for public consumption. Invariably, some companies will overstep reasonable boundaries. http://www.windowsitpro.com/Article/ArticleID/48318/48318.html
One of the more popular rootkits that intruders use is called Hacker Defender, and several security packages claim to be able to detect and remove it from a system. However, removal isn't a simple task, and often Hacker Defender is a moving target. You can learn why it's a moving target directly from the person who developed the code by reading the article at the URL below. http://www.emailbattles.com/archive/battles/security_aacejifdhf_ic
The developer claims that one reason he developed Hacker Defender was that "rootkit projects force security companies to care about the core of the problems, to develop better and better products." But if his intent is to improve security products, why do so by selling a hazardous tool? Why not instead create a tool that can help prevent rootkits?
Intel is taking steps in that direction by working to develop chip-level technology that helps prevent malicious code, such as Hacker Defender, from making its way into systems. The technology, called System Integrity Services (SIS), will work with software-based drivers, kernel-level code, and application code to help prevent nuisances such as code injection, memory overwrites, and jumps in code blocks. The company published two documents that explain how the technology will work. One document (at the first URL below) gives a broad overview. The second document (at the second URL below) provides a fair amount of technical insight about what will actually take place inside a system http://www.intel.com/technology/magazine/research/runtime-integrity-1205.pdf http://www.intel.com/technology/comms/download/system_integrity_services.pdf The third area of attention for 2006 is backups, particularly because backups are necessary to recover from some forms of security intrusions. Backups have been an area of high importance ever since computers made it onto desktops in businesses. In the past, people created backups (typically at night when workers were out of the office) and hopefully stored the backup media in a secure remote location. When a restoration is required, the backup media is retrieved for use. The process takes time and carries considerable risk. Tapes could be lost, stolen, or damaged anywhere along the way.
In recent years a new type of backup process, continuous data protection (CDP), has become more prominent and affordable to a broader set of customers. As the name implies, CDP archives continuous data snapshots, typically in realtime. As you might suspect, CDP archives only the bits of data that change as opposed to entire files. Obviously such technology has many advantages, including reduction of bandwidth usage, easier and faster recovery methods, and a much smaller window of vulnerability to data loss. With such appeal, naturally there are many solutions available, and I've complied a list of links to 10 of the most popular ones at the end of this article. To find even more CDP solutions, use your favorite search engine with the phrase "continuous data protection." Also don't forget to check Windows IT Pro's Web site for articles that relate to CDP. The URL below will take you directly to the search results. http://www.windowsitpro.com/search/index.cfm?maxresults=0&sortby=date&advanced=&qs=%22Continuous%20Data%20Protection%20%22&Action=Search
With that said, I want to express to you all best wishes for a better year in 2006.
http://www-306.ibm.com/software/tivoli/products/continuous-data-protection LiveVault: http://www.livevault.com