The Microsoft party line is that there is "important
security principle" out there, but one must wait and
then pay for Longhorn before one can use it.
begin quote
Today, due to awkward complications that arise when it
is employed, least privilege is not in active use on
most Microsoft Windows-based systems. However, with
the release of the next Windows operating system,
codenamed "Longhorn" almost every user will be able to
make regular, daily use of this important security
principle.
If this were being put out to the general public,
instead of to the TechNet crowd, I would call it false
advertising. One can make use of the "important
security principle" without waiting, and without
having to pay for a new product -- I have been doing
so since shortly after the release of Win XP in 2002.
No one has to wait, and no one who has Win XP has to
pay.
Making "regular, daily use of this important security
principle" is easier than Microsoft makes it out to
be. Just set up and use a "Limited" account for the
two most high risk activities, surfing the web and
doing email. (IE and all tested varieties of Outlook
work fine from a "Limited" account. Outlook may
require some set up steps, but Microsoft is good at
doing those.)
One can access all legacy applications from an
administrator account. Microsoft knew that this was
complete solution to the "backward compatibility
issue" before it released Win XP, as is from the last
paragraph on the Limited Account dialog, a picture of
which I have put here:
To accept this easy solution, one must accept that one
person can have two or more accounts. I have observed
that Microsoft people sometimes get stuck because they
assume (incorrectly) that one person can have one and
only one account. This is simply not so -- any
computer owner can have both a "Limited" account and
an administrator account.
Of course is is good to make using LUA easier. But I
believe Microsoft should not imply that the easier
(but more expensive) option is the only option.
I commend Microsoft for beginning to promote the
concept of LUA. However, if Microsoft publically ties
making use of the concept to paying for the Longhorn
product, I will cry "Foul!" at the top of my lungs.