How can I find more information on the WinFS security model? I would like to
know in detail how it works. I am specifically concerned with how malware is
handled. Currently, if I run an application, it has the same rights to
access the same files that I do. This has to go.

It seems the capability security model
(http://www.skyhunter.com/marcs/capabilityIntro/) is ideal for solving this
issue. I do not know whether Microsoft has taken this route. The most
sticky issue with capabilities is configuration. Somehow the user must tell
each application what it can and cannot access. This could probably be
solved with security templates for different types of applications. The user
would have to apply the security template that they thought this application
should be allowed to have, upon installing it. If they install spyware, they
would not apply a template that let it send things out to the internet.

But I would like to see how Microsoft has done things, to see if it
satisfies my concerns for preventing malware problems.

Check out Singularity. It's a project Microsoft Research are working on now
- essentially an OS built with security in mind from the ground up, and it
does have application security.

I've raised this a few times myself, it looks like Microsoft are not only
aware of the idea, but actively looking into it.

"LyleK" wrote:

> I just found something intriguing which Microsoft really ought to take a look
> at. It's a desktop called CapDesk, which implements capability security, but
> provides a nearly transparent experience for the user - no administration
> burden.
>
> http://www.combex.com/tech/edesk.html
>
> I hope WinFS can do something like this - if not, maybe Microsoft can
> include it in the next version? Embrace-and-extend time, folks!
>
> - Lyle
>

Sorry for the delay in response to this.

WinFS Security is closely aligned to the NT Security model. The primary
reason for this alignment is to preserve the existing investments in
security administration and policy management infrastructure. An NT
compatible Authentication mechanism (SSPI) is used to identify the clients
and an NT compatible Security Descriptor defines the authorization polices
(Owner, Access and Audits).

MSFT security is working on next generation authentication and authorization
mechanisms and WinFS will consume those mechanisms for some of the scenarios
mentioned below.

--
Simon Skaria [MSFT]

simonsk@microsoft.com
This posting is provided "AS IS" with no warranties, and confers no rights




"Ross" <Ross@discussions.microsoft.com> wrote in message
news:4B07DA5A-2514-4404-9DD2-9C53872501E8@microsoft.com...
> Check out Singularity. It's a project Microsoft Research are working on
> now
> - essentially an OS built with security in mind from the ground up, and it
> does have application security.
>
> I've raised this a few times myself, it looks like Microsoft are not only
> aware of the idea, but actively looking into it.
>
> "LyleK" wrote:
>
>> I just found something intriguing which Microsoft really ought to take a
>> look
>> at. It's a desktop called CapDesk, which implements capability security,
>> but
>> provides a nearly transparent experience for the user - no administration
>> burden.
>>
>> http://www.combex.com/tech/edesk.html
>>
>> I hope WinFS can do something like this - if not, maybe Microsoft can
>> include it in the next version? Embrace-and-extend time, folks!
>>
>> - Lyle
>>