In recent years, Microsoft software has been the preferred target of some infamous Trojan horses, viruses, and worms. In Windows Server 2003, Windows XP, and the .NET framework, Microsoft provides clear responses to the malicious mobile code (MMC) threats: Software Restriction Policies (SRPs) and Code Access Security (CAS). Both technologies are discussed in the context of Windows Server 2003 authorization because they both provide solutions to authorize pieces of code to execute or perform particular tasks on a Windows-rooted computer system.
Before Windows Server 2003, XP, and the .NET framework, Microsoft has provided individual patches and extensions to most of its end-user applications like Office and Internet Explorer to deal with some of the MMC threats. In Windows Server 2003 and XP, Microsoft takes a different approach: MMC protection is moved from the application level to the OS level. Also, in the .NET framework MS provides a solution to provide MMC protection when the code is loaded into the .NET execution engine.
On the Windows Server 2003 and XP OS level, the new MMC protection technology affects all application code running on top of the OS. This technology is known as Software Restriction Policies (SRPs), or by its code name, SAFER. In the .NET development framework, Microsoft provides a technology known as Code Access Security (CAS). Both technologies are sometimes referred to as Microsoft’s new Code Authorization Layer (illustrated in Figure 11.1).
Figure 11.1: Malicious mobile code protection architecture.
CAS is only available to applications that have been developed using the.NET development methodology and are using the .NET class libraries and methods. Software restriction policies can be used to protect against the execution of any executable. The SRP enforcement engine, however, is only available on Windows XP and Windows Server 2003 systems.
394
If you are looking for more information on how to protect your NT4 and Windows 2000 systems and legacy Microsoft applications against malicious mobile code, I advise you to regularly check the latest news on Microsoft security patches and malicious mobile code protection features on the Microsoft security Web site at http://www.microsoft.com/security. Also—and this is applicable to all Windows systems—I advise you to read the section on security patch management in chapter 18 of this book. It contains important information on how to automate the distribution of security patches in a Windows-rooted I.T. infrastructure to better protect your systems against MMC threats. For more general background on MMC, I recommend the book Malicious Mobile Code: Virus Protection for Windows by Roger A. Grimes (O’Reilly and Associates, 2001).