Even though we (kinda) promised our wives we wouldn’t do it, David LeBlanc and I have just wrapped up another book, Writing Secure Code for Windows Vista. (ISBN: 9780735623934, ISBN-10: 0-7356-2393-7.)

It should be available around mid-April 2007.



It’s a short book, around 230pp, and covers many of the defenses we built into Windows Vista and explains how you can take advantage of them in your own software. I think everyone knows that security is as strong as the weakest link, and it’s critical that applications that run on Windows Vista be as secure as possible, and that means taking advantage of the defenses we offer.

It’ always a pleasure working with David and this is the fourth book we’ve written together. First, he’s a great writer and produces quality prose (most of the time!) on time (sometimes :) and high-quality code samples. Second, we counter-balance each other, David works in the Office team, so he’s a Windows consumer, and I work in the Windows division. This means David can see things I just don’t see because I’m so close to the product – after all, Windows components only run on one Windows version at a time, and Office typically runs on three different versions of Windows - I believe that both viewpoints are critical for readers of the book. He also catches most of the bugs in my code.

Here’s the table of contents.

Chapter 1 Code Quality
Chapter 2 User Account Control, Integrity Levels, and Tokens 
Chapter 3 Buffer Overrun Defenses 
Chapter 4 Taking Advantage of Network Security Features and Defenses 
Chapter 5 Creating Secure and Resilient Services 
Chapter 6 Taking Advantage of Internet Explorer Defenses 
Chapter 7 Cryptographic Changes in Windows Vista 
Chapter 8 Authentication and Authorization 
Chapter 9 Miscellaneous Defenses

I think most of the ToC is self-explanatory, except for the first and last chapters. The first one covers how we implemented the “Security Quality Gates” in Windows Vista to help catch security bugs early; in my opinion, and I think y’all agree, it’s most important to get the quality right rather than rely on a defense saving you. That’s why it’s the first chapter. The last chapter is a grab-bag of stuff that doesn’t fit well in other chapters, including:
Adding Windows Parental Controls support to your application

  • Windows Defender APIs
  • New Credential User Interface API
  • Use the Security Event Log.
  • Pointer Encoding
  • Kernel Mode Debugging Issues
  • Programming the Trusted Platform Module (TPM)
  • Building Secure Windows Sidebar Gadgets

Note, this book is not a replacement for Writing Secure Code 2nd Edition; the new book focuses solely on building applications that take advantage of Windows Vista defenses and does not dwell on secure design, threat modeling, testing or the myriad of coding best practices we covered in the earlier book.

We also did a lot of work to go deeper than just what’s documented in the SDK – we wrote code to make these features work, and show how you can use them. In many cases, we ran into previously unknown gotchas, and we explain how you can avoid the same problems. In the code samples we’re shipping with the book, you’ll find not just the usual snippets that show a minor detail, but a lot of code you can use yourself – including a complete Windows service that communicates securely with the desktop.

I believe we have written an important book, because for Windows Vista customers to be more secure, everything on top of the OS must be more secure too. Oh, and it’s code heavy and an easy and actionable read, too!