Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Windows Books Media Operating Systems Software Book Reviews

Developing Securely In Windows 155

FrazzledDad writes "No, really. Please pick yourself up off the floor and stop laughing. Yes, there are good books on developing Windows software in a secure fashion. Keith Brown's The .NET Developer's Guide to Windows Security is right alongside Howard and LeBlanc's Writing Secure Code as examples of good Windows security works. Brown's book should be on any .NET Developer's bookshelf and will be of use to developers who work in other development platforms on Windows." Read on for the rest of the review.
The .NET Developer's Guide to Windows Security
author Keith Brown
pages 408
publisher Addison-Wesley
rating 9
reviewer Jim Holmes
ISBN 0321228359
summary Terrific coverage of how to go about securely developing .NET software


I know the entire topic of Windows security may kick off a "slightly" enthusiastic debate among Slashdotters. I'd really prefer not to get wrapped up in a fray, so let me just say that a professional software developer needs to well understand the security issues in the environment and platform they're working on. This book's an important aid in that understanding. Great Fundamentals

Brown's book is broken into six parts, ranging from "The Big Picture", an overview of security on Windows, to "Access Control" and a wrap-up "Miscellaneous." Each part is made up of numerous "items," one topic which Brown elaborates on.

Brown covers a lot of very basic, important fundamentals such as "What is Authentication?", "What is a Luring Attack?", and "What is Kerberos?" He gives concise, clear overviews of each topic, then gets into the weeds where necessary.

For example, one of Brown's first emphatic points is that development on Windows platform shouldn't be done using an account with Administrator privileges. He covers the "why" in several early items, then spends 11 pages in Item 9 showing the approaches, tools, and issues involved in developing under a non-Admin account. This particular item needs to be stapled to far too many developers' foreheads because they don't understand, or care about, the ramifications of development as an Admin. Great Details

Brown also goes into great detail on many Items. His discussion of IPSEC is a good example. He spends Item 68 on the fundamentals of IPSEC such as key exchange and authentication, then goes on in Item 69 to discuss the details of implementing IPSEC via policies in a domain. He covers client and server configurations, then gives rationale for selecting various options. He also talks about why it's not the best solution, or even a complete solution, but does point out where IPSEC makes sense.

COM programming gets an entire section/part to itself, and Brown does a great job explaining the complex issues surrounding securing COM(+) communication. He discusses Authentication, Impersonation, and what calls you need to make in your Main method to properly invoke various COM security aspects.

Threat Modeling gets its own Item, but isn't covered in great depth. Brown lays out Microsoft's STRIDE system (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege) as a guideline for threat modeling. He also talks a bit about attack trees. Neither topic gets substantial treatment; however, Brown makes it clear he's only introducing these topics and points readers to several other resources such as Swiderski and Snyder's Threat Modeling. Great List of Cons and Problems

Part of good software engineering is understanding the ramifications of choices you make. Brown's very good about laying out the "Why" for his items, plus he's also clear where hard choices have to be made.

For example, in his discussion of IPSEC he asks "Where is IPSEC useful? When you don't have any better alternatives." He goes on to show how IPSEC can be used to help COM servers talk securely, or in .NET Remoting under the 1.1 Framework which stupidly doesn't provide secure communication channels.

Another example might be the erasability of a secret under .NET. Managed environments such as .NET and Java don't make it easy to ensure secrets (passwords, keys, etc.) can be erased out of the managed memory heap or at least overwritten immediately after their purpose is fulfilled. Not only can the object's memory be left unerased, but what about controlling whether it's written out to a swapfile? Brown points out these sorts of issues and tries to point out how to deal with them. What the Book Doesn't Cover

Brown's book isn't so much about specific coding techniques, although there are a fair number of those within. You won't find specifics on .NET's code access security, or issues around cross-site scripting. You'll need to look to Howard and LeBlanc's Writing Secure Code for code specifics.

Rather, the book is more about approaches to secure development on Windows. Brown's book also isn't about security and threat analysis, but again, he's forthright about that and points readers to other sources.

Bill Wagner, author of Effective C#, points out on his blog that Brown's book would be more usable if "titles [were] organized around the tasks I need to perform." I think that's a good criticism - a cookbook format would be a great improvement for a second edition. Summary

The book's very well written with a good index and a terrific Bibliography which serves as a great reading list for furthering one's knowledge of security on the Windows platform.

I've found the book very educational and useful. It's an important addition to my bookshelf and has already helped me with a couple of important topics. I think any professional, contentious developer working in the Windows environment would find this a vital addition to their bookshelf as well."


You can purchase The .NET Developer's Guide to Windows Security from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
This discussion has been archived. No new comments can be posted.

Developing Securely In Windows

Comments Filter:
  • by PeeAitchPee ( 712652 ) on Monday November 21, 2005 @01:50PM (#14083676)

    From Amazon.com:

    Customers who bought this title also bought:

    • My Plan To Catch The Real Killers by O. J. Simpson
    • My Little Book of Marital Ethics by Bill Clinton and Rev. Jesse Jackson
    • 101 Iraqi Exit Strategies by G. W. Bush
  • ...next to "Building Castles on Sand".
  • There's Firefox and Apache for Windows, isn't there?
    • Right you are. But the software is only as secure as the OS. And if the OS gets 0wn3d, then the security of the application doesn't matter. However, I'll also say that the abilities of the administrator of the Windows box also have a lot to do with it. I know that I could run an Apache web server on a Windows 2003 server and never get cracked.
    • There's Firefox and Apache for Windows, isn't there?

      That would be so much funnier if IIS 6 didn't have so much better of a security track record than Apache has over the same period.
  • Here's a thought (Score:5, Insightful)

    by sexyrexy ( 793497 ) on Monday November 21, 2005 @01:52PM (#14083706)
    Instead of bashing MS and Windows, prove that you're the better programmer by compensating for the sometimes flawed security. If you don't think users can trust their OS, at least you can take pride in the fact that they can trust your software running on it. A solid piece of software is just as impenetrable on Windows as it is on Linux or any other platform - it's all about understanding the environment. Looks like a great book, thanks for the review.
    • Security isn't something you can just dump in to your program. It's a mindset you use to build a good program. Problem is if you build a brick wall on quicksand, your efforts are nearly useless. Compensation is not achievable.
      • Exactly. I mean its not like you could build a brick box that would provide boyant for the weight of wall and then build the wall on top of the box. I think the analogy you are looking for is "It's like building a battleship on the ocean".
      • Re:Here's a thought (Score:2, Interesting)

        by aztracker1 ( 702135 )
        And if you build a program that is running on windows, but behind a firewall that only exposes the port your application runs on... your application is the only attack vector for that machine... Yes, windows has flaws, mostly on end user machines, because of software that is poorly written to not install or run properly in a reduced context.

        That doesn't mean it should not be considered... Well, people are going to get drunk, and drive anyway, should we just eliminate the laws making it illegal?
        • by bafarmer ( 741199 )
          God, I hope some developers are reading the parent. I am a Windows Admin for a smallish group (~450 machines) and almost all of the problems we admins run into result from applications doing dumb things. We have finally gotten a policy through our business admins that allows us to nix software that won't run properly as a user in the Users group, and we have had only 2 security incidents since (and one of those was a machine we didn't know existed and thus wasn't being patched or getting AV updates). Ther
        • And if you build a program that is running on windows, but behind a firewall that only exposes the port your application runs on... your application is the only attack vector for that machine...

          By the time I finished reading your post I thought of two attack vectors you neglected.

          1) The TCP/IP implementation (usually implemented in the....Operating System!)

          2) The firewall implementation.

          I'm sure if you give it ten minutes thought you can come up with many others.

          The O/S is important.
          • Well, the tcp/ip stack for windows is based on bsd iirc.. beyond this, I never said the firewall was software and ran on the windows machine... for that matter, there's also router attacks, and other types of DOS attacks.

            I didn't mean to infer that there weren't possibly other means of attack, so much as that they are much less a possibility... I'm not aware of any attacks exploiting the windows tcp/ip stack directly...
            • Well, the tcp/ip stack for windows is based on bsd iirc
              I'm afraid you recall incorrectly. Read this slashdot thread [slashdot.org] to get more info - but essentially, whilst there is plenty of BSD code in microsoft products, its unlikely that they used a bsd based tcp/ip stack in windows versions beyond NT3.5.

              beyond this, I never said the firewall was software and ran on the windows machine...

              Where they are running is irrelevant to this discussion.

              for that matter, there's also router attacks, and other types of DOS att
      • Re:Here's a thought (Score:1, Informative)

        by Anonymous Coward
        Oh, really?

        Windows Server 2003 & SQL Server 2000 (both fully patched/up-to-date) were shown to be more secure than Linux(s) running either Oracle OR other DB's, & here @ slashdot only a few days ago!

        So much for Windows being a "house of sand" foundation for applications design and lack of security!

        Shoring up Windows itself is easy enough to do. The SCW (security configuration wizard) is an EXCELLENT starting point on Windows Server 2003!

        It makes securing the OS itself, simple to do (as well as sensi
        • "Windows Server 2003 & SQL Server 2000 (both fully patched/up-to-date) " ---- That is clearly the problem. All it takes is for one person to drop a Sony audio CD with the DRM rootkit and your system is fully haxxored.

          Secure Windows development will always be an oxymoron until Microsoft fixes their OS so that Administrator privileges are not required to do the most mundane tasks.
          • I'm sorry, if an Admin is playing CDs on his Windows 2003 Server, he deserves to have his system hacked.
            • You may be right about Win 2003 Server. I'm not qualified to make a call. But that's a small percentage of Win machines. And it will happen with great regularity for most, who are running older versions, or client versions. Those are the people gaming, etc., as Admin, because the software requires it, or because they're simply consumers. No knowledge of security whatsoever, in many cases. They tend to just do whatever works at the moment, whether that's running as Admin, clicking mail attachments, or whatev
            • I'm sorry, if an Admin is playing CDs on his Windows 2003 Server, he deserves to have his system hacked.

              Arguably doing ANYTHING on his Windows 2003 Server, he deserves to have his system hacked, BUT.

              Somewhere around OperatingSystems 101 you learn that the primary objective of an operating system is to keep various users and activities from messing with each other, including messing with the operating system itself. This is BEFORE you even mention that there is such a term as security.

              That is something that
          • Secure Windows development will always be an oxymoron until Microsoft fixes their OS so that Administrator privileges are not required to do the most mundane tasks.

            Like what ?

      • was "I do the VeeBee."

        While the fact that they were foreigners didn't help their communication skills, (Hey! I learned English, they could too,) they were just average schlubs who thought that taking a course in Microsoft VB would land them a career in software development.

        By the time I had disabused them of the idea of a career in software development by asking questions which should have made it clear that "doing the VeeBee" is not a qualification for anything, I wiped my hands of the whole thing.

        If a li
    • by aztracker1 ( 702135 ) on Monday November 21, 2005 @02:04PM (#14083810) Homepage
      Io be honest, I think that isn't entirely true, there are many different vectors of attack.. the best we (as developers) can do is make sure it isn't because of *our* software. We can check input before processing, we can use proper error handling to prevent a default error handler from exposing a dbms password. We cannot fix windows services, or software we rely on...

      However, I have to submit that most of the time security exploits in windows, are user initiated. Reduced privileges for default users would be a great improvement.. aside from that, we must bear personal responsibility for what we create.
      • I wish you could be modded even higher than five. Everyone's reply seems to be that there's no point or abbility to write secure windows code becasue windows is insecure. Just because a system is vulnerable doesn't mean you can't make an effort not to provide any extra holes.

        If someone wants to attach your padlock to their paper door that's their problem, that's no excuse for you to build a padlock that can't be closed.
      • >Reduced privileges for default users would be a great improvement.

        Absolutely. And the road to that goal runs through software developers. How do you stop users from running as Administrator by default when their frelling *typing tutor* program won't run in a normal account? Third party software developers bear *some* responsibility for where we are today.
    • Definitely true, writing secure apps goes a long way. I think two of the largest contributors to Windows insecurity are a) Running everything as Administrator; and b) Clueless configuration (They do have some relation).

      Someone who has a mediocre grasp on system configuration can lock down a Windows box pretty easily. When we think of Linux this is a given because for the most part clueless users wouldn't be using Linux to being with. Though if I just threw up some Red Hat 7.x box right now on the net

    • Re:Here's a thought (Score:4, Informative)

      by tpgp ( 48001 ) on Monday November 21, 2005 @02:09PM (#14083847) Homepage
      A solid piece of software is just as impenetrable on Windows as it is on Linux or any other platform

      Hmmmmn....How about if I change your statement to:

      A solid piece of software is just as impenetrable on Windows 95 as it is on Windows XP Professional or any other platform

      This statement is incorrect - Windows 9x Filesystem (for starters) makes your program's config files (or hell binary) overwriteable by anyone in the system.

      So you see - the OS is important.
      • Of course if you dig back far enough you can find insecurities. My door has a lock on it now, but my grandfather once owned a house that had little more than a piece of board across it with a rope to open it. Should I be considering rope operated doors in my home security plans?

        It's one thing to come up with a good arguement to make a point, but another to dig up something obsolete and (mostly) globally admitted to be a problem to make that point.

        In my world we call people like this zealots. Others refer
      • This statement is incorrect - Windows 9x Filesystem (for starters) makes your program's config files (or hell binary) overwriteable by anyone in the system.

        Wanna be a real man? Encrypt your config files, and include, in the decrypted text, an MD5 hash of the memory variable prior to encryption.

        What's that you say? Oh. Well, are you a pansy, or just lazy? Come on, man!
    • Yes, that makes sense. If you leave your front door unlocked, at least make sure that your windows (no pun intended) are secure - it'll make you feel so much better when the thieves enter your house through the front door and steal all your stuff.
    • Re: (Score:1, Redundant)

      Comment removed based on user account deletion
    • by ch-chuck ( 9622 )
      Like someone said, writing a secure app for Windows is like putting a padlock on a paper bag. Aren't the biggest Windows Security risks IE and Outlook anyway? With their html enabled embedded shiny gewgaw features to bedazzle the clueless?
    • Instead of bashing MS and Windows, prove that you're the better programmer by compensating for the sometimes flawed security.

      My modpoints ran out just as I was about to bump you up, but then, it looks like you're sufficiently well bumped by now anyway.

      No platform is or will be 100% secure, but that doesn't and shouldn't stop engineers from reducing the number of security holes.
    • A solid piece of software is just as impenetrable on Windows as it is on Linux or any other platform

      That's only true to a point. It's like having a VERY sturdy roof on a framed house with holes in your studs.
    • Interestingly, as part of my Computer Science degree at the University of Leeds I take a Secure Computing module in my final year, sponsored (ironically) by Microsoft.

      http://www.microsoft.com/uk/press/content/presscen tre/releases/2003/03/PR03013.asp [microsoft.com]
    • A solid piece of software is just as impenetrable on Windows as it is on Linux or any other platform - it's all about understanding the environment.

      Take a look at this paper on shatter attacks [tombom.co.uk]. From what I understand any process (owned by any user) can execute arbitrary code as any other user on a desktop system as long as then can find a window owned as that user. They simply tell the administrator owned window to run a function at a particular memory address (by using a timer with a callback).

      Apparen
      • Take a look at this paper on shatter attacks.

        Then check out this one [66.102.7.104] from some HP people who think they've got a workaround.

        From what I understand any process (owned by any user) can execute arbitrary code as any other user on a desktop system as long as then can find a window owned as that user. They simply tell the administrator owned window to run a function at a particular memory address (by using a timer with a callback).

        Basically. The moral of the story is that developers shouldn't write applic

  • by RapidEye ( 322253 ) on Monday November 21, 2005 @01:53PM (#14083711) Homepage
    Brown's book should be on any .NET Developer's bookshelf

    Just putting it on the bookshelf won't help - ya need to read it before you put it there.

    On a related note, this pretty much rules out all the developers I work with - if you can't get it as a Book-On-iPod, they aren't interested these days =-)
  • by Anonymous Coward
    Windows has come a long way in the last 5/6 years and vista should ship reasonably secure out of the box. It's still an unbelievably shitty OS peddled by an objectionable bunch of borderline criminals, but you have to give them credit for addressing security issues.
    • Windows has come a long way in the last 5/6 years and vista should ship reasonably secure out of the box. It's still an unbelievably shitty OS peddled by an objectionable bunch of borderline criminals, but you have to give them credit for addressing security issues.

      Isn't that rather like giving credit to someone who quits mugging, when credit should be given to those who have never mugged in the first place?

      • Yes, and that's a very logical behaviour when the former is currently the head of the state treasury. (Or the country president, or whatever you want that make him mugging being kind of a pain).
    • I assume by that you mean on the "criminal" side of the border.
    • Comment removed based on user account deletion
    • "but you have to give them credit"

      Your credits are no good here...
      What's with the wavy-hand-in-face-thing? What is that - some kind of Jedi mind trick?

    • It's still an unbelievably shitty OS peddled by an objectionable bunch of borderline criminals, [...]

      In the same way Linux is an unbelievably shitty OS peddled by a bunch of GNU/hippies ?

  • Anyone else see the irony in having two articles on the front page of /. one of which is about secure coding and the other which is about "How To Write Unmaintainable Code"

    Or maybe making it unmaintainable is just a sneaky way of developing securely...
    the /. editors are sneakier than i gave them credit for
  • by Anonymous Coward on Monday November 21, 2005 @01:56PM (#14083734)
    Can you point me to any OS where security is automagic and the developer doesn't need to consider it? Windows may have its problems and more than enough shitty architecture, but security must be considered in the design of Mac and Unix/Linux programs as well.
  • by LunaticTippy ( 872397 ) on Monday November 21, 2005 @01:56PM (#14083747)
    I'm going to read this book.

    I am forced to develop windows applications from time to time, and I am ashamed of the poor security of many of these apps. It is definitely something that should be addressed. There are hundreds of thousands of part-time windows developers who know even less (gasp!) than I do about security.

    /me gets back to hard-coding plaintext database passwords.

  • by aztracker1 ( 702135 ) on Monday November 21, 2005 @01:57PM (#14083752) Homepage
    Managed environments like .Net, Java, Python, etc. are a good start, but aren't the end of things. Most principles in security are similar regardless of platform. I do think a lot of the issues in windows security come from poorly written software that doesn't work properly in reduced security contexts... It's nearly impossible to develop on windows without administrative access to the machine you're working on.

    At least with a managed environment, you have less chance of attack channels which result from unchecked data. You still have to consider how software is used, what it connects to, and check data going to an rdbms in environments that don't do it for you (parameterized queries for ADO.Net are pretty nice).
  • Chapters 4-6 deal with setting up VMware on linux?
    • No doubt the main logic branch prior to setting up VMware on linux is:

      IF Windows (on Windows),
          THEN disable optical drive(s),
      AND remove ALL network conections;
      ELSE
      INSTALL GNU/linux && VMWare && Windows.

      Since even some Microsoft applications require running as Administrator, these are the only two secure alternatives.

      Who needs a book for that, anyway?

  • by Tibor the Hun ( 143056 ) on Monday November 21, 2005 @02:00PM (#14083773)
    CWS: Hello secure app, I'm coolwebsearch!
    SA: Hi, I'm busy.
    CWS: HEEY! Look at me!
    SA:Uh-huh.
    CWS:You sure are secure aren't you?
    SA: Sure am.
    CWS: Hey, let's see which one of us is more important!
    SA: Whatever.
    CWS: MR PROCESS MANAGER!!! WHICH ONE OF US IS MORE IMPORTANT???
    Windows PM: It looks like you're trying to type a letter...
    CWS: YAAY! You know what,this sucks, I'm just gonna take all of the CPU cycles and all the network bandwidth now!
    SA:...!!...No..Must...keep......working..m....u... ....sT......
    Windows PM: Well, it looks.... like you guys..... are busy, I'm gonna take a n......ap. Wake me up if anyone starts writing............... letters.kbyethx... ...
    BSD: "Pleased to meet you, Hope you've guessed my name..."

  • A chain is as strong as its weakest link.

    The point is making sure your app is NOT the weakest link here, i.e. allowing a virus to inject code thru a buffer overflow or something. And we're living in post-Sony times, it was bad enough with viruses - just wait till the rootkits start spreading.

  • Attack trees (Score:2, Interesting)

    by VENONA ( 902751 )
    "He also talks a bit about attack trees." but doesn't discuss them thoroughly. I wish somebody would. I *really* wish there were a Web site devoted to them--something like design patterns. Perhaps powered by a Wiki.

    Where they're even known about, say by people who have read Secrets and Lies (Schneir 2000), far too many developers are forced to reinvent the wheel. This hurts security in a fundamental way. All too often, they've never been heard of. I'm glad they're getting some mention, on any level.
  • No, really (Score:4, Insightful)

    by Junky191 ( 549088 ) on Monday November 21, 2005 @02:04PM (#14083804)
    "No, really. Please pick yourself up off the floor and stop laughing. Yes, there are good books on developing Windows software in a secure fashion." With snippets like that starting off an article, you start to see why people have trouble taking Slashdot seriously. This is getting ridiclous, almost FOXNEWSesque.
    • Can the rumors be true? Is CowboyNeal really Rupert Murdoch?

      On a more serious note, you might have a look at http://www.outfoxed.org/ [outfoxed.org]
    • Re: (Score:3, Interesting)

      Comment removed based on user account deletion

    • > "No, really. Please pick yourself up off the floor and stop laughing. Yes, there are good books
      > on developing Windows software in a secure fashion." With snippets like that starting off an
      > article, you start to see why people have trouble taking Slashdot seriously. This is getting
      > ridiclous, almost FOXNEWSesque.


      Unfortunately, this seems to be the only way of getting a submission that does not mention Google past the editors.
    • It isn't as bad as it was about a year ago. It appears to be clearing up, and the mod system seems to be a little less biased than it was before. I remember if you said anything logical about liberals a year ago, you got modded to hell, then the same with conservatives. We seem to be modding the Windows bashers and others who use prejudgement straight to -1.
    • slashdot has become my #1 source for good Windows development ideas.

      I think it's actually funny considering a few years ago they were afraid to post an announcement about release of .NET to the front page. :-)
  • Hate to do this but (Score:3, Interesting)

    by Anonymous Coward on Monday November 21, 2005 @02:11PM (#14083861)
    this book can be read online for FREE as in beer or something. If you want it in one document you may have to get your "copy and paste" on, or if you are in hacker fever you could screen scrape it. Anyway http://pluralsight.com/wiki/default.aspx/Keith.Gui deBook.HomePage [pluralsight.com] yep all there for your Windows security mokery.

    Remember this is to build secure software on Windows, something that should not be frowned upon even if those who write Windows don't listen to this advice. So when your next Window app breaks and your customer is irate, you can say "uh uh that's MS Slammer 5002, that's a bug with Windows not my code buddy!! I know my shit and that's why you're paying me too much to do this, now stop bugging me already, don't you accountants do anything but make cups of coffee all day!!!!"

    Read the Book.
  • Developing secure software should always be platform independent. But security for developing an application does not stop at the developer, it continues through to the system administrators and the users. We've all heard software is only as secure as the O/S its running on, well its also as secure as the administrators/users running it. Security should be practiced at all levels from development to roll out and installation and through its entire lifetime. No software is completely 100% secure, so if f
  • Free Online (Score:5, Informative)

    by enkafan ( 604078 ) on Monday November 21, 2005 @02:17PM (#14083920)
    The book was developed online via a Wiki, available here [pluralsight.com] for free. This is a great book that every windows and .NET developer should be aware of.
  • SELECT * FROM Windows WHERE security > 0
    fatal error segmentation fault
  • by digitaldc ( 879047 ) * on Monday November 21, 2005 @02:21PM (#14083951)
    "Threat Modeling gets its own Item, but isn't covered in great depth. Brown lays out Microsoft's STRIDE system (Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege) as a guideline for threat modeling. He also talks a bit about attack trees."

    Didn't Gandalf use the assistance of Attack Trees to topple Isengard? Sarumon really needs to read this book.

    But seriously folks....another good reference here:
    http://www.microsoft.com/MSPress/books/5957.asp [microsoft.com]
  • by wardk ( 3037 ) on Monday November 21, 2005 @02:28PM (#14084017) Journal
    Step one: Unplug from network
    Step two: Shut down
    Step three: Use power button to kill hung shutdown
    Step four: declare victory! you have successfully secured windows
  • by j1mmy ( 43634 ) on Monday November 21, 2005 @02:56PM (#14084281) Journal
    int main( int argc, char** argv )
    {
        return 0;
    }
  • The Encyclopaedia Galactica, in its chapter on "Developing Securely In Windows", states that it is far too complicated to define. The Hitchhiker's Guide to the Galaxy has this to say on the subject:

    "Avoid, if at all possible."
  • That one ep where Max spends like 20 minutes navigating traps, huge vault doors, combination locks etc etc... then finally at the last one it won't let him in, so he walks 10 feet down the hall to another door and walks right in.

    Secure apps are worthless without a secure OS to run them.
  • You can use the best building materials available to modern man, sparing no expense, but your construction will never be as stable as it could be if you're building on swampland.

    Windows is swampland.
  • Comment removed based on user account deletion
  • step 1:
    format c:
    step 2:
    insert *nix install disk
    step 3:
    install (this probably makes step 1 pointless, but we're talking security, better safe...)

If I want your opinion, I'll ask you to fill out the necessary form.

Working...