Privilege Manager 3.0 for Windows Vista
March 7, 2007 by Milo Riano
Filed under Computers
Privilege Manager 3.0 has been released by BeyondTrust for network security management of Windows Vista which prevents users from using their systems more than they are allowed to.
BeyondTrust is banking on the Principle of Least Privilege developed by The United States Department of Defense which says that users should only be given the minimum set of privileges just enough to complete their tasks. Privilege Manager is a safety net which gives users control over applications, installations and ActiveX controls when organizations improperly implement Least Privilege Environment.
I have reservations with the analysis over at Monsters and Critics, in an excerpt:
Windows Vista’s User Account Control, which prompts users to provide an account username and password when they attempt to run applications that require certain privileges, poses a potential risk to any environment that poorly manages UAC. Poorly managed UAC environments are going to be the new internal risk with the release of Vista. To limit the workload and man-hours of the helpdesk or IT departments, generic accounts with various levels of access are certain to be created and used in large network settings.
These generic credentials can and will enable users to circumvent security policies, make system changes and run or install applications as an administrator. Now that should never happen, but ask anyone who has done IT for a long time and they will tell you it does, and that is where Privilege Manager 3.0 comes in. Providing a Least Privilege environment in a way that is transparent to end-users, requiring no pop-ups, consent dialogues or administrator passwords.
I understand that poor execution of IT policies regarding Least Privilege happens in organizations; but I would believe this only occur in medium and small organizations. Lapses may be experienced in large organizations but spending on man hours to get their Least Privilege environment setup correctly is peanuts; after all, large corporations have more complex issues they correctly implement compared to the Principle of Least Privilege.
Large organizations have well defined processes on software installations and they have the resources to implement them correctly. As for medium and small organizations who could not get their processes and implementations right; spending $30 per seat plus maintenance on implementing Least Privilege wouldn’t be likely on top of their priority.
John Moyer, CEO of BeyondTrust has this to say:
“The recent release of Windows Vista validates the need to move to a Least Privilege environment, a problem that BeyondTrust has been solving for over two years for Windows 2000 and XP customers. However, Vista’s User Account Control is not well suited for the enterprise, or the managed network, as its support costs, usability and security concerns could outweigh its benefits for companies. With Privilege Manager 3.0, BeyondTrust lets enterprises transparently and securely elevate privileges for only authorized applications and move beyond the need to trust Vista users with excess privileges or administrator passwords…”
