"Problems of Privilege: Find and Fix LUA Bugs" in TechNet Magazine
My ramblings have now been published in a more reputable venue than blogs.msdn.com. Pick up the August 2006 issue of TechNet Magazine, or see it here on the web:
Problems of Privilege: Find and Fix LUA Bugs
BTW, in the US you can subscribe to TechNet Magazine for free:
https://www.microsoft.com/technet/technetmag/subscribe.aspx
Comments
Anonymous
July 27, 2006
Aaron Margosis recently posted that he's got a new Microsoft Technet magazine article about finding and...Anonymous
July 27, 2006
Hello,
Our users have always worked with LUA and we are happy that way.
Recently a software vendor became angry at us because he could not understand that our users could not create a folder in "Program files". "Nonsense !" he said, he also added that in all other companies he has been installing his software the users could do such thing (but I have a hard time believing that). I came across your web site while looking for "references", in case I'll have to explain and justify our position to the management.
Sometimes there is a real pressure from users/management/consultant who want the right to mess up with their computers (and the entire network).
So thank you for this excellent blog. You're welcome! :-) You can tell the vendor that the developer guidance has been consistent for a very long time -- applications should not store data -- especially user data -- in the Program Files folder. See this topic on MSDN for more information. -- AaronAnonymous
August 01, 2006
Some developers do listen and kindly fix these LUA bugs. Most of the time they are not aware of it because developers code and test as Administrators.
VideRoDo latest beta fixes a LUA bug after I reported the bug inspired by this great blog.
http://www.videoredo.net/msgBoard/showthread.php?t=2821&page=2Anonymous
September 14, 2006
Sadly TechNet Magazine isn't free unless you are a US resident.
Bummer. Oops. Thanks for pointing that out -- I've corrected the post. -- Aaron