Writing Secure Code for Windows Vista is Shipping!
I've recieved a number of emails from folks saying they have got their copies of our latest book, Writing Secure Code for Windows Vista.
David and I got our copies yesterday. The first things that hit me about the book are (a) it's the smallest book we've written (which is good!) and (b) it's very code dense (which is also good!)
One question posed was, "who wrote which chapters?" The easiest way is to look at bracket-styling for C or C++ code:
David
if (x)
{
}
Michael
if (x) {
}
So now you know :-)
Comments
Anonymous
April 19, 2007
Is this an indication that Michael has a Java background? I've mostly seen Java folks use the Michael-bracing style, whereas C/C++ folks who've never used Java usually (but not always) seem to use the David-bracing style.Anonymous
April 19, 2007
I'm a bit surprised your publisher or editor would allow the coding style to not be consistent. Anyhow, the book is in my Amazon wish list.Anonymous
April 19, 2007
Nish, >>Is this an indication that Michael has a Java background? No, not at all - it's the Windows style :)Anonymous
April 19, 2007
brantgurga, One of the cool things about MSPress is they don't try to override author style, and that includes language and coding. Luckily, David and I have a very similar writing style, we "talk", we don't write!Anonymous
April 19, 2007
Hm... isn't writing secure code for Vista like installing a heavy lock on a rotten wooden door?Anonymous
April 19, 2007
Hi Michael, Did you check this http://www.codinghorror.com/blog/archives/000841.htmlAnonymous
April 19, 2007
anonymous, this is an OS, not a religion.Anonymous
April 19, 2007
The comment has been removedAnonymous
April 19, 2007
Hi Michael, Just wanted to let you know I've posted a short note about your new book on my blog, AdventuresInVista... http://www.adventuresinvista.com/index.php/2007/04/20/book-writing-secure-code-for-windows-vista/ Looks good - I hope to get a copy soon!Anonymous
April 19, 2007
David code looks more professional :)Anonymous
April 20, 2007
Unfortunately, Amazon doesn't expect to ship it for another month at least.Anonymous
April 20, 2007
matthew, that's interesting, people are getting their copies... so I'm not sure what's up @ Amazon.Anonymous
April 20, 2007
In case other people ask, here's what Amazon told me: "I have checked our records and see that there has been an unexpected delay in obtaining 'Writing Secure Code for Windows Vista(TM)'... We expect to deliver it by May 22, 2007 to June 05, 2007." I'll live - they bumped me up to two-day shipping for free. :)Anonymous
April 20, 2007
Matthew et al, I just spoke to the good folks here at MSPress, and here's what they said, "Looks like there was more customer demand for this book before release than anticipated." Which is good (for me) I 'spose :)Anonymous
April 21, 2007
Explain again why a small book with a lot of code is a good thing? Anyway, I was amused that the MS Press website you link to says the book ships with a '1 null' disk.Anonymous
April 22, 2007
Summary: David is correct. Michael is wrong.Anonymous
April 23, 2007
> anonymous, this is an OS, not a religion. Indeed, that's why I'm asking why you treat it as a religion. "Writing secure code for Windows" would be much more reasonable. Who cares about the API enhancements in Windows Vista when this OS itself is horribly insecure and out of discussion in first place?Anonymous
April 24, 2007
anonymous, there's a ton of security-enhancements in the OS, and people need to take advantage of these.Anonymous
April 25, 2007
One new subscriber from Anothr AlertsAnonymous
June 20, 2007
Michael, I purchased the book and I was a bit disappointed with Chapter 2. While it did give the fundementals, I felt that it glossed over some aspects of UAC. In addition, the code samples appear to have used an older SDK because rather than use the definitions for SECURITY_MANDATORY_LOW_RID etc. you used the more complex and highly unreadable SID form and convert it to a SID. This obscures what you are attempting to do within the code IMHO. There were some redeeming things within Ch2. I was unaware that the "runas" string to WSH and ShellExecute would perform elevation on the launched executable. However, you failed to mention that since the launched executable is actually in a different session, the environment that the executables "sees" is independant of the environment of the launching application. Many times this makes a huge difference! Overall, I like the book. The section on SAL is pretty good and I like some of the technical information on UAC and IE7. I would have liked more information regarding elevation of a standard user to highestAvailable privileges though as this is not really mentioned because the book concentrates on running using a filtered administrator token. There are many cases when a group or user is granted a specific right and the executable or script must be elevated to highestAvailable in order to take advantage of the additional rights. PS: If you ever need a reviewer for your next book, let me know. I'd love to help! I can guarantee that I'll read it cover to cover! -PeteAnonymous
June 23, 2007
Pete, I'm glad that overall you like the book. We really ran up against page count issues, and ch2 could have been huge!Anonymous
July 16, 2007
Michael, In your book, the last chapter (p165)contains the statement "TIP: As a general rule, we like to use the Abstract Type Library (ATL) when writing COM code. ATL makes COM palatable." Is this "ATL" different than the "Active Template Library" that I use or is the author of this chapter simply mistaken WRT the name of the library used? -PeteAnonymous
July 16, 2007
Peter - you are correct - it's the Active Template Library