BeyondTrust keeps Windows users from abusing privileges

Too many organizations are still allowing most of their end-users full-time administration privileges in Windows. If you ask why the taboo practice is continuing, administrators will respond that they must allow regular end-users to install software and to make basic system configuration changes. Yet these very tasks also put end-users at risk for malicious exploitation.

[ BeyondTrustPrivilege Manager 3.0 was selected for an InfoWorld Technology of the Year award. See the slideshow to view all the winners in the security category. ]

Click for larger view.

The vast majority of today's malware attacks work by inducing the end-user to run a rogue executable, via file attachments, embedded links, and other associated social engineering tricks. Although privileged access isn't always needed to accomplish rogue behavior, it makes the job significantly easier, and the vast majority of malware is written to require it.

Vista brings some new security tools to the table, most notably UAC (User Access Control), but even with that feature end-users need privileged credentials to accomplish administrative tasks such as installing software, changing system configuration, and the like. And what to do about previous Windows versions?

Enter BeyondTrust'sPrivilege Manager, which bridges the gap by allowing many network administrators to enforce stronger best practice security standards across Windows 2000, 2003, and XP. The software lets administrators define various elevated tasks that end-users can perform without needing elevated credentials. It can also reduce the privileges given to users, including administrators, when they run selected processes (Outlook, Internet Explorer), mimicking the functionality of Vista's UAC or Internet Explorer 7's Protected Mode (albeit using different mechanisms).

Privilege Manager works as a group policy extension (which is great because you can manage it with your normal Active Directory tools) by executing predefined processes with an alternate security context, assisted by a kernel-mode, client-side driver. The driver and client-side extensions are installed using a single MSI (Microsoft installer) package, which can be installed manually or via another software-distribution method.

A user-mode component intercepts client process requests. If the process or application is previously defined by a Privilege Manager rule stored within an effective GPO (Group Policy Object), the system replaces the process or application's normal security access token with a new one; alternatively, it can add to or remove from the token SIDs (security identifiers) or privileges. Beyond those few changes, Privilege Manager does not modify any other Window security process. In my opinion, this is a brilliant way to manipulate security because it means administrators can rely on the rest of Windows to function normally.