Programming Windows Security

Keith Brown's contribution to this series on Windows security continues the tradition of solid, well researched and clearly written treatise on topics that affect, and should concern, every developer who is serious about producing high quality code on the Win32 platform.

Most developers trip over security because the fundamentals of identity, authentication, etc. are not well understood. This book provides a thorough introduction to the ideas that underly secure systems as well as a complete explanation of how they are implemented by Win32. Very useful for those of us who don't bend spoons with our minds for a living (still laughing over that analogy--thanks Keith!)

If you use COM (and who writes for Win32 and doesn't these days?) then the wisdom in Chapter 9 alone is worth the price of the book.

Rating:
Summary: agree w/ previous rate
Review: If Keith killed first a couple of the chapter and make fonts a bit smaller (I am OKwith more margin if need), this book will really stand up to its worth.

Too much side stuffs at the beginning simply wasted everyone's valuable time. Especially for me, one likes to read from cover to cover for systematical learning.

If you are accustomized to skim, you are OK. But good books ALWAYS deserves reading from cover to cover.

Rating:
Summary: At last a serious look at Windows security
Review: Keith Brown's book is a refreshing change from the 'stick in something about security in a side-bar' approach taken by so many authors. Finally a book which explains lucidly what amounts to a very complex topic; and does so in an understandable and enjoyable fashion. If there were 6 stars on the rating scale then it would get a 6...

Rating:
Summary: Senior Software Engineer - Citrix Systems
Review: The is the best book I have come across on the subject Windows NT/2000 security for software developers. It saved me several weeks of work. I recommend it to everyone in my office.

Rating:
Summary: Senior Software Engineer - Citrix Systems
Review: The is the best book I have come across on the subject Windows NT/2000 security for software developers. It saved me several weeks of work. I recommend it to everyone in my office.

Rating:
Summary: Deep and well written
Review: This book does an excellent job of explaining Windows security at both the architectural and code levels. It's well written, even to the point of being entertaining at some points. Which is a lot to say for a security book.

The book covers topics at a remarkable depth without feeling overwhelming. Though it's light on strict reference material (which is easily made up with the MSDN) it still has reference value because of the deep level at which subjects are covered. In particular, his coverage of network authentication is excellent. Which is fantastic because this is such a frustrating issue in practice.

Definitely worth a look for anyone who wants to understand Windows security APIs at a deep level.

Rating:
Summary: Great coverage of NT, Windows 2000, LanMan security
Review: This book is important for anybody wanting to correctly understand Windows NT/2000 security whether you program, build or admin Windows NT/2000 networks. Security setup must be done properly in a production system, espically one serving the Internet. Keith gives a great overview of the NT/2000 security infrastructure in a style that gives you the right perspective to see why and how it works the way it does. Is the Guest logon in the Authenticated Users group? What and Why are NULL sessions? The tricks of Net Use lmsessions. The background to understand ticket based security and cached credentials. Its all covered very well in this very readable book.

Rating:
Summary: A Must Read for Windows Security programming
Review: This is a book I wish I had a year or two ago. Better late than never! This is the first book on security that I was comfortable reading, and it has enabled me to understand things that I was not able to previously. Excellent!

Rating:
Summary: The best book on the topic, period
Review: This is probably the best book yet in the AW "DevelopMentor" series of books.

I was amazed at the information density and readability. Thanks to many hours spent with it on a trans-Atlantic flight I now have a much clearer understanding of Logon Sessions, WinStations, and all manner of Windows security (Plus it was way more entertaining/edifying than the inflight movie, "The Flintstones:Viva Rock Vegas"). Mr. Brown has untangled the mess that has passed for documentation on Windows Security and produced a strong, readable volume.

I would rate the importance of this book to be in the same league as Petzold or Richter were in their heyday - I don't see how a serious Windows developer could affort to _not_ have it by his side. It makes a fine "Windowsy" complement to Schneier's "Applied Cryptography".

I was also consoled when Keith told me that I don't have to feel guilty every time I pass NULL for LPSECURITY_ATTRIBUTES. Highly recommended.

Rating:
Summary: The best book on the topic, period
Review: This is probably the best book yet in the AW "DevelopMentor" series of books.

I was amazed at the information density and readability. Thanks to many hours spent with it on a trans-Atlantic flight I now have a much clearer understanding of Logon Sessions, WinStations, and all manner of Windows security (Plus it was way more entertaining/edifying than the inflight movie, "The Flintstones:Viva Rock Vegas"). Mr. Brown has untangled the mess that has passed for documentation on Windows Security and produced a strong, readable volume.

I would rate the importance of this book to be in the same league as Petzold or Richter were in their heyday - I don't see how a serious Windows developer could affort to _not_ have it by his side. It makes a fine "Windowsy" complement to Schneier's "Applied Cryptography".

I was also consoled when Keith told me that I don't have to feel guilty every time I pass NULL for LPSECURITY_ATTRIBUTES. Highly recommended.