Update: After exchanging lots of emails, I finally spoke to Rick on the phone today. He runs as a mere User! That rocks!
I just found out that Microsoft has chosen me to do a couple of sessions at TechEd this year. That is cool, since I was wavering about whether to go. I had proposed a session about the new security tools in Whidbey, AKA Visual Studio 2005. What they created instead was a session called Visual Studio 2005: Security Enhancements in Visual Studio, which I'm to present with Rick Samona, a development tools PM at Microsoft. I don't know Rick, but anyone who fills a co-worker's office with coffee has got to be fun to work with!
Since I don't know Rick, I first, of course, looked whether he has a blog. Success! He does, but doesn't have much there. But this entry got me fired up: Writing Secure Applications Using Least Privilege. Rick, Rick, Rick. With all this talk about how Microsoft dogfoods its technologies, how can you write that “Microsoft encourages that as a best practice developers write their applications to execute with the least privileges to get the job done.” I'm sorry, but how can you write that when the preponderance of Microsoft developers run as admin? See this blog entry as part of the reason I'm concerned.
One of the first questions I'm planning to ask Rick is whether he runs as a member of Users or Administrators. If the latter, I figure I'll have the position of power as we develop our session. <smirk>
By the way, the other session I'm doing at TechEd, so far, is an updated version of my developing secure Office 2003 solutions. I have a LOT more to say on this topic this year!