Saturday, October 04, 2008

PowerShell Security – why MS do it the way they do

Early on the life of PowerShell, the PowerShell development team “got” security. I don’t mean to suggest that team members themselves didn’t get security, what I mean is that the team, and the product got it.  And while I hated some of the implications of that, it was the right decision.

When I was first confronted with what has become PowerShell’s security model, I was not impressed – it slowed me down and, so I felt at the time, was little more than a speed bump. But the more I thought about it, and listened to some pretty smart guys explain it in the private newsgroups, the more I think they got it and got it well. It’s needed and the team have done well.

As described over on the PowerShell Team Blog, the product’s security model will not prevent all risks – it won’t stop 3rd world hunger, it won’t make you attractive to the opposite sex, and it won’t stop us all getting older. But what it does do, and does well, is to mitigate the risks it can – read the article to see what I mean. And what the security model does, to my way of thinking, is to show MS’s security vision, Trustworthy Computing, in a great light.

Of course any software product can’t do the things I mentioned above. But a tool as powerful as PowerShell can, in the wrong hands, do big damage. The fist step in designing any new product (e.g. PowerShell) is to have a very clear idea of the threat model: who will do bad things with the product. Not only does Jeffrey explain PowerShell’s threat model, but he explains how the team have tackled it.

For anyone looking at PowerShell, I urge you to read Jeffrey’s blog post carefully. And perhaps read it several times. There is incredibly good thinking, IMHO,there. And – if you can find either additions to the threat model, or a better idea as to how to address it, I’d sure like to hear it! No doubt the team does too!

Thanks Jeffrey to Lee Homesfor yet another great blog post.

[later]

And thanks Steve for pointing out who the author of the post really was – my bad! Oh – and I managed to nuke your comment to accidentally – sorry.

Technorati Tags:

No comments: