Tim Anderson's ITWriting [Valid RSS]

Tech writing blog

Blog Home RSS Archives ITWriting.com
Add to Feedburner Add to Bloglines Add to Newsgator Add to My Yahoo

October 10, 2006

Vista security: now prove it

Posted 4062 days ago on October 10, 2006

This posting has moved. For the current version, please click here

Microsoft says Vista is more secure - but nobody out there will believe it. They "know" that Windows is insecure, and even if Vista really is a secure operating system, it will take a long time to change that perception.

How secure is Vista? Nobody knows as yet; though I don't doubt that enormous effort has been put into this aspect of the new Windows. There are also some solid security advances over Windows XP. Users no longer run with local admin rights by default - even if they have those rights, they are disabled unless processes are specifically elevated, which means passing a dialog. Another key improvement is that Internet Explorer is sandboxed.

Having said which, everyone will be watching for security alerts and "Patch Tuesday" fixes after Vista's final release. Undoubtedly when the first flaw is discovered Windows will be proclaimed as insecure as ever.

That's not necessarily so. All operating systems have security flaws. But Microsoft's challenge is twofold: addressing first the technical issues, and second the public perception.

The latter may be even harder than the former. For sure, it's gleefully exploited by competitors. Apple says on its site:

Connecting a PC to the Internet using factory settings is like leaving your front door wide open with your valuables out on the coffee table. A Mac, on the other hand, shuts and locks the door, hides the key, and stores your valuables in a safe with a combination known only to you. You have to buy, configure, and maintain such basic protection on a PC.

Apple's statement is mostly false. A new, default installation of XP with SP2 (which is how PCs are supplied) has an effective built-in firewall; although a router with NAT is safer, you can connect a cable modem directly and intruders can't get in. I had a machine connected like this for 2 years always-on, in pre-SP2 days but with the built-in firewall enabled, and suffered zero successful attacks.

Still, Apple is correct in saying that numerous viruses target Windows and there are a large number of infected machines, largely I suspect because users run as local admin and they (or their children) cheerfully execute malicious scripts and executables. Can Vista stop this happening, even though such users will need to pass a dialog? Probably not altogether.

The best hope then is that Vista will be mostly secure for sane users. The worst scenario is that people are persuaded to turn off UAC (User Account Control), and instead put their trust entirely in ineffective third-party utilities, only to grumble a few months down the road that Windows has let them down again.

In security, nothing changes quickly. Watch this space.


Re: Vista security: now prove it

Posted 4032 days ago by Jason Vaughan • • • Reply

Windows IS very insecure and Microsoft seems to care little about it. I run macs. I am an admin user but EVERY time I try to install anything or modify ANY system level setting, I have to enter my username and password. Windows just lets you get on with it. I have run around a dozen macs, including four servers with direct connection to the internet and no firewall, with no anti virus protection and I have never had any issues. Yes, this is a little extreme but it has been secure. If I had connected a Windoze machine without a firewall directly to the net (rather than using NAT), I can guarantee I would be compromised within 24 hours and probably within one hour.

I can't quite understand why anyone uses such a blatently insecure operating system unless they have specific applications which only run on Windows. Macs open 99% of websites, they open all Windows Word, Excel and Powerpoint files, they open the same emails. These applications account for around 90% of all users. If users stop following Microsofts lead so blindly and started using more secure operating systems, I am sure Microsoft would do something. As it is, they have 90% of the market and Windows users don't seem to care about the dreadful security.

Much of the blame probably needs to be pointed at IT staff who see Microsoft's insecurities as a saving to their employment. Indeed companies who switch to Macs sack two thirds of their IT staff as they do not need them to support the easier, more robust OS. So when the boss asks the IT manager (who is Windoze trained):

"Should we not look at getting more macs and get rid of most of the Windows boxes?"

The IT manager pipes up:

"Oh, no, Macs are only any good at geeky graphics and can't work with office applications. Best to just leave them in the graphics departent. They are also far too expensicve for the IT budget"

- Not too expensibve if you can cut the IT staff budget by £200,000 pa!

Comments are closed

Recent posts

Users plead with Borland to give up .NET
IE7 to be released 18th October,...
If Microsoft doesn't use UAC, why...
Google's unsettling lack of direction
Vista security: now prove it

Powered by bBlog