Opinion: Security is hard – the Sad Tale of the Windows Calculator

Ever since I've done development work on Windows, I've seen two things happening:

  • People arguing that development should never be performed in an admin account
  • People using admin accounts for development because otherwise they can't get anything done

This is a long-term nasty problem, but I thought I'd share today an anecdote I was told by a Microsoft product group member about how easy it is to get security wrong during development, if you always develop as an admin.

I remembered this today when I noted that Windows Calculator was now going to be open source.

When moving to a new version of Windows, one of the existing applications that failed a security review was Windows Calculator. When I heard this, I thought they were joking.

The application does almost nothing. But it still failed security testing.

The reason was that when you changed from normal mode to scientific mode, it was storing your setting in the wrong registry key. It was storing the value in an admin-only key.

So calculator was an admin-only application at that time.

If it had been being tested as a normal user, it would not have worked.

I've always thought it was the best example of how easy it is to mess up building applications when you're always running as an administrator.


Leave a Reply

Your email address will not be published. Required fields are marked *