Chapter 6. Running Secure Code
Malicious and poorly written software costs businesses millions of dollars every year. Whether the software is a virus deliberately written to wreak havoc or simply a poorly written game that causes computers to crash, unauthorized or insecure software is a clear and present security threat. Each version of the Windows operating system has added features to help protect against unsecured code. Over the years, technologies such as code signing and signed driver verification have been added. Windows Server 2003 takes the biggest leap yet, allowing you to completely control the ability of your users to run unsecured software on your company’s computers.
This chapter describes two of the newest features in this area:
software restriction policies and unsigned driver behavior.
Software restriction policies
(SRP) is a
powerful configuration option that can allow or deny software to run
based on a number of different rules. These rules are set up by an
administrator and reflect the desired level of security established
by policy or driven by known threats. Unsigned driver
behavior
is similar in that it uses an
administrator-defined setting whenever an unsigned or untrusted
hardware driver is installed. The administrator can define whether to
allow these potentially dangerous drivers to operate. Together, these
two features dramatically increase the ability of Windows to reject
untrusted code.
Identifying Secure Code
Secure code
is software that doesn’t create ...
Get Securing Windows Server 2003 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.