'

Vista standard users need way to install software

Giving standard users the ability to install only safe white-listed software would be far more preferable than giving standard users a separate set of administrative credentials. It would be very unlikely that a malicious software writer will get Windows logo certification and digitally sign his malware since it would make him very easy to track.

Microsoft Windows Vista will be the first Windows operating system to only assign standard user privileges by default.  While that's wonderful for security, it will likely run in to serious practical issues for many users who need to be able to install their own software from time to time.  This is especially true of mobile and remote-access users in a business setting or home users An IT department should be able to configure a white-list of software installers from approved companies. where software isn't centrally managed by an IT staff.  Without the ability to install software, the tendency will be to give more people administrative privileges over their computer which defeats the purpose of limited user rights.

For most mobile and remote-access business users, they occasionally need the ability to install their own software.  Sometimes the IT department needs to be able to distribute software to them via FTP or optical media.  The last thing an IT department wants to do is give that user administrative privileges or use a run-as script where the administrative password is in a clear text format.  Unlike computers on the LAN, you can't always push software out to mobile and remote telecommuters via something like Active Directory because a permanent connection to the corporate network doesn't exist and the connection speeds may not be fast enough.

There is absolutely no reason that an IT department shouldn't be able to configure a white-list of approved software installers from approved companies.  Any software with a valid digital signature matching said white-list should have the ability to install seamlessly without administrative privileges.  This essentially means that IT departments can preconfigure an approved vendor list or just approve all digitally signed Windows logo certified software.  For home users, it would be great if an administrator can give a standard user the ability to install signed Windows logo complaint software.  Even standard users who possess administrative credentials don't want to have to deal with privilege escalation every time they need to install safe software.

I brought this subject up with Microsoft product managers at WinHEC last month and they admitted that even digitally signed Microsoft updates and patches can't be manually installed by Vista's standard users and they were still trying to figure out how to address this issue.  Microsoft told me that standard Vista users already have the ability to install signed device drivers without escalating to administrator, so I asked them why they couldn't simply apply the same logic to signed software and they thought that was a good point?  After all, this would solve both our problems so it would seem to be the obvious and simple solution.

Giving standard users the ability to install only safe white-listed software would be far more preferable than giving standard users a separate set of administrative credentials.  It would be very unlikely that a malicious software writer will get Windows logo certification and digitally sign his malware since it would make him very easy to track.  Even if such a thing were to occur, it would be very easy to blacklist that malicious person so that any current and future malware from that person would be instantly blocked.  This means mobile and telecommute users can install safe code that's approved by IT.  Junior can install his own games or software with the approved maturity ratings and Grandma can add her own software without calling someone over to do it for her.

Limited user rights are a great security best practice that unfortunately has limited practicality.  Giving standard users administrative privileges to escalate when needed isn't always practical because you may not want them to have those privileges and those users may not be savvy enough to always avoid social engineering.  Giving standard users the flexibility to install safe software makes Windows Vista or any other desktop operating system a lot more practical and a whole lot safer.