Chapter 6. Running Secure Code
Malicious and poorly written software costs businesses millions of dollars every year. Whether the software is a virus deliberately written to wreak havoc or simply a poorly written game that causes computers to crash, unauthorized or insecure software is a clear and present security threat. Each version of the Windows operating system has added features to help protect against unsecured code. Over the years, technologies such as code signing and signed driver verification have been added. Windows Server 2003 takes the biggest leap yet, allowing you to completely control the ability of your users to run unsecured software on your company’s computers.
This chapter describes two of the newest features in this area:
software restriction policies and unsigned driver behavior.
Software restriction policies (SRP) is a
powerful configuration option that can allow or deny software to run
based on a number of different rules. These rules are set up by an
administrator and reflect the desired level of security established
by policy or driven by known threats.
behavior is similar in that it uses an
administrator-defined setting whenever an unsigned or untrusted
hardware driver is installed. The administrator can define whether to
allow these potentially dangerous drivers to operate. Together, these
two features dramatically increase the ability of Windows to reject
Identifying Secure Code
Secure code is software that doesn’t create ...