Using Software Restriction Policies to Protect Against Unauthorized Software

[Lite]

Software restriction policies are This important feature provides administrators with a policy-driven mechanism for identifying software programs running on computers in a domain, and controls the ability of those programs to execute. Software restriction policies can improve system integrity and manageability—which ultimately lowers the cost of owning a computer.

Introduction

Software restriction policies are a part of Microsoft's security and management strategy to assist enterprises in increasing the reliability, integrity, and manageability of their computers. Software restriction policies are one of many new management features in Windows XP and Windows Server 2003.

This article provides an in-depth look at how software restriction policies can be used to:

• Fight viruses
  
• Regulate which ActiveX controls can be downloaded
  
• Run only digitally signed scripts
  
• Enforce that only approved software is installed on system computers
  
• Lockdown a machine

Software Restriction Policies—An Overview

This section discusses the behavior of hostile code and problems associated with unknown code.

Hostile Code Has More Ways to Get In

With the increased use of networks and the Internet in daily business computing, the potential for encountering hostile code is higher than ever before. People collaborate in more sophisticated ways by using e-mail, instant messaging, and peer-to-peer applications. As these collaboration opportunities increase, so does the risk of viruses, worms, and other hostile code invading your systems. Remember: e-mail and instant messaging can transport unsolicited hostile code. Hostile code can take many forms. It can range from native Windows executables (.exe), to macros in word processing documents (.doc), to scripts (.vbs).

Viruses and worms often use social engineering to trick users into activating them. With the sheer number and variety of forms that code can take, it can be difficult for users to know what is safe to run and what is not. When activated, hostile code can damage content on a hard disk, flood a network with a denial-of-service attack, send confidential information out to the Internet, or compromise the security of a machine.

The Problem with Unknown Code

Hostile code is not the only threat—many non-malicious software applications also cause problems. Any software not known and supported by an organization can conflict with other applications or change crucial configuration information. Software restriction policies were designed to help organizations control not just hostile code, but any unknown code—malicious or otherwise.

Responding to Unknown Code

• Software restriction policies help a business respond to unknown code by:
  
• Providing a way to define a list of what is trusted code versus what is not.
  
• Providing a flexible, policy-based approach for regulating scripts, executables, and ActiveX controls.
  
• Enforcing the policy automatically.

Read the Rest