January 27, 2006
Scott Cook Chairman, Executive Committee
Steve Bennett, President and CEO
Intuit, makers of Quickbooks
Dear Sirs:
Just thought I’d type up this official blog post to let you and other firms like yours know that there’s some resources you’d probably need to pay attention to in the coming months. You see there’s a new Operating system in beta testing right now, …it’s called Vista. And in this new operating system it handles user rights a little differently than has been in the past. Certainly a lot differently than Windows 98 anyway and even a bit different than Windows 2000 and XP logo program specifications that used to be the benchmarks in the past for a good way to code software.
Vista will be going beyond those guidelines to something new… something called UAC. User Account Control. There are already some resources that you might want to download and let the folks that work on developing your software know about.
The first is a MSDN article called “Developer Best Practices and Guidelines for Applications in a Least Privileged Environment“ and it can be found at this link. The second resource that you should have your folks subscribe to in their RSS reader is the UAC blog. The User Account Control Blog is the team that used to be called LUA and then called UAP and now they are called UAC. Yes, I know it’s sometimes hard to follow what the name of some of these Microsoft programs are as they keep changing (let’s not even bring up the WUS to WSUS naming shall we?) …but as long as you just remember that LUA/UAP/UAC is just another name for not requiring administrator rights to merely run a software program, and just subscribe to that blog, that should keep your developers well informed of what lies ahead.
In case your folks are not involved in a MSDN beta test of Vista, feel free to holler as I have a one or two Vista beta invites available that I can send to your employees.
Speaking of Vista, fellow Security MVP Dana Epp blogged about some of the changes that Vista is making in an earlier blog post of his and it reminds me that while I’m on the beta, I keep forgetting to load up Quickbooks 2006 and see how it does on the current test build of Vista.
In the meantime, thanks again for Brad Smith’s statement that this will be fixed in the 2007 version and I’ll get cracking on updating the webpage on www.threatcode.com to document the 2006 instructions on getting Quickbooks to run without admin rights that “Tbone” posted to the Quickbooks community forum.
Thanks again for keeping us informed about the issues with the 2006 version and how we should install the R3 version directly.
Susan Bradley
