never-ever-****-with-my.net

As pointed out by the ISC's Handler's Diary, and further to the ZDNet article reporting that Microsoft considers taking admin rights from employees (link posted last Wednesday), Microsoft published Standard User Analyzer, a tool that "helps developers and IT professionals diagnose issues that would prevent a program from running properly without administrator privileges.  On Windows Vista, even administrators run most programs with standard user privileges by default, so it is important to ensure that your application does not have administrator access as a dependency.

Using the Standard User Analyzer to test your application can identify the following administrator dependencies and return the results in a graphical interface:

• File access
• Registry access
• INI files
• Token issues
• Security privileges
• Name space issues
• Other issues"

Burton Group released a paper on Skype corporate usage three weeks ago, but my subscription does not include their Network & Telecom publications. Computerworld summarizes the findings: if the financial incentives and better integrated communications outweigh the risks inherent to proprietary P2P technologies, consider Skype as part of your overall communication strategy.

As reported by Computerworld, Gartner warns the latest version of Google Desktop poses security risks, as Google's servers may store an index of the files contained on the workstation where it is installed.

The workaround is to install the enterprise version, which lets IT administrators decide which features should be enabled or not (using GPOs).

Likewise, an enterprise version exists for the latest version of Google Toolbar (still in beta), and lets IT admins deactivate sensitive functions (i.e. PageRank display or AutoFill).

I discovered through word of mouth an interesting tool to control local administrator privileges: DesktopStandard's PolicyMaker Application Security.  It allows your regular users to run a particular set of applications with admin permissions, or to downgrade your admin users' privileges when they carry out sensitive tasks, i.e. browsing the web or checking e-mail.

The product used to be called NeoExec--the technology is actually licensed from NeoValens, a company managed by Marco Peretti, SecureWave's "former" founder & CEO (another great publisher of Windows security software, which is based in Luxembourg too).

Update 2006/10/27: Another one bites the dust: DesktopStandard has been acquired by Microsoft. While most products will be integrated in Microsoft's GPMC or other products, PolicyMaker Application Security will be sold as Privilege Manager by BeyondTrust. I guess Microsoft left out PolicyMaker Application Security due to licensing issues (see above), and above all, because they already have a competing product in their portfolio: Protection Manager from Winternals Software.