contents

products
 
PolicyMaker Application Security 2.5 by DesktopStandard

DesktopStandard Corporation has announced the release of PolicyMaker Application Security (PMAS) 2.5. The release marks a major upgrade to the software solution that enables network administrators to enforce the security principle of Least Privilege on Windows desktops via Microsoft's Group Policy change and configuration management system. Utilizing a new feature they have dubbed ShatterProof, PMAS 2.5 will now be the first product to prevent Windows Shatter Attacks.

Shatter Attacks are a class of widely recognized vulnerabilities that may result in unauthorized privilege escalation. Many organizations are realizing the critical importance of restricting the privileges of end-users. As more organizations lock down their end-users, the desire of rogue users and malware to escape these restrictions grows. This type of attack can come from an end- user attempting to circumvent controls or from malware attempting to attack the system. Since a Shatter Attack can allow an unprivileged user to gain full control over a vulnerable computer, the likelihood of widespread exploitation of these vulnerabilities is increasing.

Because the Shatter Attack allows unauthorized privilege escalation, it can be used in conjunction with other types of attacks, such as those that allow for arbitrary code execution. The Windows Metafile Format (WMF) vulnerability has recently been patched, yet new WMF vulnerabilities are already being postulated. DesktopStandard's ShatterProof technology provides isolation at the kernel level for processes operating at different levels of privilege. This prevents the type of inter-process communication that enables a Shatter Attack, preventing WMF and other exploits from compromising the computer.

PMAS was the first product to make it possible to reduce or elevate permissions on a per-application or per-task basis, removing longstanding barriers to implementation of the security best practice of Least Privilege. The latest version of PMAS 2.5 allows administrators to:

-- Inoculate computers against Shatter Attacks that might otherwise result in unauthorized privilege escalation. This type of security threat allows a restricted user process to gain complete control of a system. The new ShatterProof feature protects computers by preventing messaging between processes of different privilege levels.

-- Elevate the permission level for restricted users who are performing selected authorized tasks or running applications that require higher privileges than those to which the user is normally entitled. This eliminates the need to raise each user's privilege levels for all applications, which would expose the network to unnecessary risk.

-- Reduce the permission level for administrators working on applications such as Internet Explorer and Microsoft Outlook. This avoids the use of full administrative permissions for applications that do not have such a need, and without the requirement to log out and then in as a different user, use the Windows RunAs utility to work under a second user account, or invoke other complicated procedures that reduce productivity.

-- Allow restricted users to install approved ActiveX controls while running Internet Explorer in their restricted user security context. This feature makes restricted user scenarios much more practical, as many organizations have extensive libraries of ActiveX controls or allow use of such controls that install from approved third party sites - including Adobe's Acrobat Reader for example.

-- Provide self-service software installation points for restricted users, greatly reducing administrator workload in supporting unmanaged software installation without compromising security. Many organizations have libraries of software packages that end-users may elect to install by simply browsing to them on a network location. This new feature makes it a simple task to support secure elevated permissions installation of such executable and Windows Installer packages.

The complete suite of PolicyMaker products offers a total of 24 extensions to the Group Policy system that has been integrated with Active Directory since the release of Windows 2000. These extensions complement the 11 native extensions that ship with Windows. All PolicyMaker products seamlessly integrate with Microsoft's Group Policy Management Console, including backup, restore, import, copy, edit, and RSoP capabilities. PolicyMaker settings can be targeted using any of 25 graphical filtering categories.



write your comments about the article :: © 2006 Networking News :: home page