http://blogs.msdn.com/b/larryosterman/archive/2007/10/01/some-final-thoughts-on-threat-modeling.aspxI want to wrap up the threat modeling posts with a summary and some comments on the entire process. Yeah, I know I should have done this last week, but I got distracted :). First, a summary of the threat modeling posts: Part 1: Threat Modeling,en-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.msdn.com/b/larryosterman/archive/2007/10/01/some-final-thoughts-on-threat-modeling.aspx#5464918Tue, 16 Oct 2007 01:54:33 GMT91d46819-8472-40ad-a661-2c78acb4018c:5464918Noticias externas<p>I&amp;#39;ve been reading a set of posts by Larry (who used to work just down the hall from me...) on threat</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=5464918" width="1" height="1">http://blogs.msdn.com/b/larryosterman/archive/2007/10/01/some-final-thoughts-on-threat-modeling.aspx#5464881Tue, 16 Oct 2007 01:46:55 GMT91d46819-8472-40ad-a661-2c78acb4018c:5464881Eric Gunnerson's C# Compendium<p>I've been reading a set of posts by Larry (who used to work just down the hall from me...) on threat</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=5464881" width="1" height="1">http://blogs.msdn.com/b/larryosterman/archive/2007/10/01/some-final-thoughts-on-threat-modeling.aspx#5264674Wed, 03 Oct 2007 19:39:24 GMT91d46819-8472-40ad-a661-2c78acb4018c:5264674Larry Osterman [MSFT]<p>Gabe: Absolutely. &nbsp;There's absolutely nothing that a botnet client does that can't be done by a normal user. &nbsp;It sucks, but it's true.</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=5264674" width="1" height="1">http://blogs.msdn.com/b/larryosterman/archive/2007/10/01/some-final-thoughts-on-threat-modeling.aspx#5264587Wed, 03 Oct 2007 19:35:49 GMT91d46819-8472-40ad-a661-2c78acb4018c:5264587Gabe<p>LUA is great, but it doesn't solve the malware problem. Once everybody is running as LUA, the malware writers will just make malware that runs correctly as LUA also.</p><div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=5264587" width="1" height="1">http://blogs.msdn.com/b/larryosterman/archive/2007/10/01/some-final-thoughts-on-threat-modeling.aspx#5246774Tue, 02 Oct 2007 22:43:57 GMT91d46819-8472-40ad-a661-2c78acb4018c:5246774Wampiryczny blog<p>Larry Osterman na swoim blogu zamieścił serię artykuł&#243;w na ten temat. Ciężkie, ale warte poznania. Nawet mimo tego, że David LeBlanc na temat przydatności threat modellingu ma nieco inne zdanie, choć wcale nie jednoznacznie negatywne. Temat i</p> <img src="http://blogs.msdn.com/aggbug.aspx?PostID=5246774" width="1" height="1">http://blogs.msdn.com/b/larryosterman/archive/2007/10/01/some-final-thoughts-on-threat-modeling.aspx#5243686Tue, 02 Oct 2007 18:14:02 GMT91d46819-8472-40ad-a661-2c78acb4018c:5243686Larry Osterman [MSFT]<p>eam: You're absolutely right. &nbsp;And we've known that most malware written today is stopped completely by LUA. &nbsp;UAC is the first step towards forcing users to run with LUA.</p> <p>The good news is that applications are starting to get a clue and the forcing function appears to be working.</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=5243686" width="1" height="1">http://blogs.msdn.com/b/larryosterman/archive/2007/10/01/some-final-thoughts-on-threat-modeling.aspx#5243325Tue, 02 Oct 2007 17:58:02 GMT91d46819-8472-40ad-a661-2c78acb4018c:5243325Eam<p>Larry:</p> <p>I'm not debating the usefulness of threat modeling, and I think you've done a great job explaining it here.</p> <p>My point is that, while it's nice Microsoft is trying to &quot;enable the transition&quot; to normal accounts, there's no real security until they actually *make* the transition.</p> <p>Here Jeff Atwood finds that a number of drive-by downloads just don't work as a limited user, even on a vulnerable browser:</p> <p><a rel="nofollow" target="_new" href="http://www.codinghorror.com/blog/archives/000891.html">http://www.codinghorror.com/blog/archives/000891.html</a></p> <p>There's not even a &quot;Malware detected, cancel or allow?&quot; prompt, which most regular people would not read and dismiss with a quick &quot;allow.&quot;</p> <p>Even if Microsoft modeled all sorts of threats and made perfect software, people are still going to run poor-quality third party applications. If those apps are running with admin privileges, the user is in trouble.</p><div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=5243325" width="1" height="1">http://blogs.msdn.com/b/larryosterman/archive/2007/10/01/some-final-thoughts-on-threat-modeling.aspx#5242927Tue, 02 Oct 2007 17:36:40 GMT91d46819-8472-40ad-a661-2c78acb4018c:5242927Eam<p>John: You're absolutely correct. My mistake.</p><div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=5242927" width="1" height="1">http://blogs.msdn.com/b/larryosterman/archive/2007/10/01/some-final-thoughts-on-threat-modeling.aspx#5241356Tue, 02 Oct 2007 14:27:48 GMT91d46819-8472-40ad-a661-2c78acb4018c:5241356John C. Kirk<p>Eam, Larry: I think you may both be confusing LUA (Limited User Account) with UAC (User Account Control). If you don't want people to run as admin (which I agree with), then LUA is the alternative, i.e. they should have limited accounts!</p><div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=5241356" width="1" height="1">http://blogs.msdn.com/b/larryosterman/archive/2007/10/01/some-final-thoughts-on-threat-modeling.aspx#5240836Tue, 02 Oct 2007 13:29:52 GMT91d46819-8472-40ad-a661-2c78acb4018c:5240836G<p>By the way, did you realize you have been slashdotted?</p><div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=5240836" width="1" height="1">