Vista Security — Too Little Too Late 483
Thomas Greene of The Register has a fairly comprehensive review of Vista and IE7 user security measures. The verdict is: better but not adequate, and mostly an attempt to shift blame onto the user when things go wrong. From the review: "[Vista is] a slightly more secure version than XP SP2. There are good features, and there are good ideas, but they've been implemented badly. The old problems never go away: too many networking services enabled by default; too many owners running their boxes as admins and downloading every bit of malware they can get their hands on."
Vista security is.. (Score:5, Insightful)
And it is the first thing to be disabled for sure.
dear lord... (Score:4, Insightful)
User security, is like car safety. It's nice to design for "in case shit happens" but if you drive like a lunatic, you're likely to get hurt.
I think a large part of security involves the self. People don't do enough thinking, and are too lazy to follow simple security procedures. No automated tool or system, that allows some freedoms can protect people entirely. Think about it, the OS'es solution to malware? Only allow MSFT signed binaries to run. But this is horrible as it means only MSFT can authorize binaries and it cuts out 3rd party developers.
At some point the users themselves have to stop and learn how to use their computers properly, if they want to use them. If they're too lazy to figure it out, *and* demand security, they should not use a computer.
Of course it's largely MSFT's fault for breeding a culture of contempt for knowledge. Oh look it's so easy anyone can use it with zero training.
Imagine if MSFT made automobiles (but with the a yolk instead of a wheel/pedals, and other "standard improvements"). No training required!
Tom
Re:dear lord... (Score:2, Insightful)
Good idea. Let's lobby for mandatory computer licenses, with proper training and a test. People won't be allowed to use a computer unless they have a license.
This plan is sure to succeed.
Let me get my flame-proof suit on and say...... (Score:4, Insightful)
Come on. More than anything, Microsoft is in a no-win situation to try and protect people from themselves. If everyone ran Linux instead of Vista there'd be the same damn problems.
If a thirteen year old wants to download smileys for their IM client, the kid is going to do it. If the software has spyware, then that spyware would do what it takes to open up or break the system. It's pretty damn hard to code against human behaviour.
Re:dear lord... (Score:1, Insightful)
I agree with all of it except this.
Give me a break, MSFT is THE REASON we have personal comupters. Without them the computing world would not exist in its current iteration.
what woudl you have them do, restrict computer use to those who want to learn the fine details of security and system administration.
Think of it kinda like a car, you are basically sayign the only people who shoudl be allowed to drive are mechanics.
90% of viruses and spyware? (Score:4, Insightful)
I think that's a bit low. There are only about 30 viruses for Macs (most of which are holdovers from OS 8 days) and I've not encountered one bit of spyware or adware. I don't have experience with Linux, but I imagine it's similar
I think the reason Windows is such a target isn't just its market share, but also its vulnerability.
Re:Vista security is.. (Score:5, Insightful)
Alas... I think it is asking for everything, therefore asking for nothing. An automatic OK is just as bad as no confirmation asked. Even worse, IMHO.
Gee.. biased a bit? (Score:3, Insightful)
Re:Nice Article (Score:3, Insightful)
you know it's going to be fair and balanced.''
The sad thing is that it's actually true.
Re:dear lord... (Score:4, Insightful)
As a 11 going on 12 year old kid I was setting up nodes for transcanada, fidonet, tattlenet and the like for the BBS that my brother and I ran. We were routing mail from all over north america and even into europe (thank god for cheap long distance plans with upper limits).
If an 11 year old can figure out, on their own, without classes, how to route mail, surely to god a competent adult can figure out how to turn off HTML emails, not run attachments, not run as root all the time. Or are you saying adults are in general very very stupid and shouldn't be trusted?
Your comment about driving is lost on me. Most adults drive fairly poorly. Running stops, speeding, not giving right away, etc. That there aren't more accidents than there currently are is mostly because people are good at avoiding them. It doesn't mean they're driving safe, it just means they know how to react when they're cut off, or pull a turn too quickly, or etc...
People in general just assume the world works for them and that putting any effort into anything is a sign of a weakness. If I have to learn how to use e-mail, it means I'm stupid or something, therefore I'll just pluck at it until I get my first chain letter [and then forward it off to 100 people] then i know I mastered email.
Tom
Re:Nice Article (Score:3, Insightful)
Re:dear lord... (Score:3, Insightful)
I would love to see computers taught more in schools, but there are a couple of problems with doing it right now (which isn't to say in 5 years these problems will still exist).
First of all, schools need to teach reading, writing, arithmetic, science, etc. You get the idea. Now you want to add an additional required subject to this. Keep in mind that everything that is being required to be taught, is being required to be tested. So, you mandate that schools spend an hour every week teaching computers. Where does that hour come from? Math? Science? And what happens when the students aren't doing as well on the standardized tests in the subject you've replaced? That's right, the teachers and schools get blamed, never mind the fact that a change was forced upon them.
Second, and in my opinion, the real problem. Who will teach these courses? Most people who are knowledgable enough to teach these courses, don't teach. They can make much more money working elsewhere, and not have to deal with kids. Retraining teachers to teach computers could work, especially for basic tasks, but for more advanced subjects, they will not be adequate.
Third, exactly what do you teach? Not to install stupid programs? That's the biggest problem right there. It isn't that Windows is inherently insecure, most people use a firewall router, run anti-virus, etc. to protect there systems. The problem is that these people are infecting their systems through actions that they have taken.
I think it's important to teach computers, and not windows, but again, it's going to take somebody who knows what they are doing. And these people generally don't want to teach high school students when they could be making two to three times as much working elsewhere. To teach OSX, you now need additional hardware or you could use all Mac hardware (wouldn't Apple just love that) and install linux and Windows. So if you want to teach OSX, you've now tied the hands of the district and they can not look for competing vendors, they now must purchase hardware from Apple.
-dave
The biggest Microsoft problem (Score:3, Insightful)
Microsoft can't fix the users, there will always be the crowd blindly clicking OK or tuning off the firewall because their game's troubleshooting tells them to.
But reducing the number of services and installed programs running, can reduce the number of vunerabilities present and active by default. How long did it take for them to give the option of actually turning off Messenger, despite no one ever using it. The deault install should be the minimum needed to access the net and use office. If we are all used to prompts and downloading programs a wait of a few seconds to install a progam from a file in the Windows install folder, to run something new, shouldn't be too much of a problem.
Especially if we have the option of actually uninstalling IE7 completely.
And on another note, I have watched this Vista launch and still I wonder. -
Why should I get it? I see alot of hype but not a single reason to upgrade.
You are in the right place for that. (Score:2, Insightful)
The only story I want to hear about Vista security is what it fixes. We already know what Microsoft broke.
I've been telling you for years and I'll tell you again. The fix is:
Diversity is the only solution to internet security. The user gains immediate security in the short term. The community gains security in the long term as weak platforms are eliminated and can no longer be used to attack strong ones. Everyone wins when the monoculture ends. Free software provides both transparency and a diversity of hard targets. Confronted with rising costs, criminals will go back to their usual meat space businesses.
Re:dear lord... (Score:3, Insightful)
But figure this out, you can do things like English and most sciences, with a computer. Typing up an essay, running numbers through a spreadsheet to get standard deviation, etc. Most uni students I know, have to have crash courses in computers because their professors expect them to use things like Fortran, maple, magma, etc.
Granted, I agree that a lot of things, like math, should be done manually at the early stages. Heck, I was going through elementary during the "calculator debates." (should we have calculators in classes before grade 6?). But once you hit highschool, things like statistics are largely just a manual labour job and not actually a comprehension job. like I know how the standard deviation works, but if you ask me to figure it out for a set of 30 numbers, I'm likely to typo a calculation or two. Getting the wrong result doesn't mean I don't know the technique, it just means the work is not suitable for humans.
The trick that adults give up on, is that children have a capacity to learn that can be untameable compared to adults. Add to the fact that they have all the time in the world to be a student (not like they have jobs or other responsibilities) and it's easy to see how they could pick up technology.
It isn't like computers are going to "go away" nor become any less entrenched in our society. So why not make it a part (but not the whole part) of the student experience?
Tom
Re:dear lord... (Score:2, Insightful)
I know, that's a dim view of humanity, but frankly, when I look at the world, that's what I see.
The OS that cried "wolf!" (Score:4, Insightful)
This is exactly what Vista security is.
My main problem with Vista security is that it is an OS that cries wolf. When I installed Vista, I had to click no less than 50 security confirmation dialog boxes (it's important to note that these were security dialog boxes) within the first hour or so in order to do simple, stupid stuff that clearly should not have needed confirmation. Stuff like changing my desktop background. Stuff like moving some documents around on a removable hard drive. Stuff like copying a line of text from an IE7 edit box. Stuff like pasting that line of text into a different IE7 edit box. Stuff like creating a new text file on my removable hard drive. And so on, and so on, ad nauseum.
This isn't security. This is constant aggravation, and yes, I cannot imagine any normal user calling their geek friend after five minutes and saying, "How do I turn this damn thing off?" Even if they don't, they "mentally" disable it by simply clicking Allow without thinking. Hell, I'm a computer expert, and I did it. "You are installing the pwnzj00 virus." Allow. "You are sending your bank account numbers to Nigeria." Allow, allow, allow, dammit! Leave me alone!
I try to give Microsoft the benefit of a doubt. I'm not a zealot or a Microsoft basher, seriously. I think they've put out some good software, but on this point, I have to agree with the folks who are saying that Microsoft isn't serious about security, they're simply trying to push the blame for when things go wrong onto the users.
There's no way in hell that they could have conducted any usability tests and found the currently scheme acceptable. But they still let it out the door, most likely to meet some sort of artificial management deadline to keep the OS from shipping any later than it already had.
So now, we've gone from OSes that never alert you to potential security risks to an OS that is even worse because it alerts you to everything, security risk or not.
I'll be interested to see how Microsoft tries to fix this mess, both from a technical standpoint and a PR standpoint.
OS vulnerability (Score:3, Insightful)
One of these days Microsoft will realize that system-wide changes are killing them. Perhaps when they start leasing remote desktop connections for $9.95 a month they will figure this out.
Re:Vista security is.. (Score:5, Insightful)
My sarcasm detector is a little wonky today, so I apologize in advance if that's what that comment was. Otherwise...
Did you RTFA? If you did, it vehemently disagrees with what you said.
(emphasis mine)
Re:You can't build a fort on a foundation of shit. (Score:4, Insightful)
The security of Windows has always been built upon such a foundation of shit. That's why it's had so many problems. Instead of drawing from the proven security models of systems like UNIX and VMS, the Windows developers went and rolled their own. And you know what? It was shit. It didn't have a solid theoretical underpinning like the security model of other systems have. It's been over 20 years later, and they still haven't looked to the proven models for inspiration.
Windows has the same "theoretical underpinning" as VMS (hardly surprising, given they're designed by the same person). Which is, I must point out, vastly superior to that of traditional (and most contemporary, at least as commonly configured) UNIXes.
There is little, to nothing, wrong with the "foundation" of Windows.
Re:asbestos cloak of ignorance (Score:1, Insightful)
Now, if everyone ran Linux and knew what they were doing I suspect malware authors would have a much more difficult time accomplishing anything. But that isn't really a fair comparison, because if Windows users knew what they were doing, it would be much harder for malware authors too (remote exploits notwithstanding. But even these problems can be mitigated by knowledgeable users.)
Re:Limited User Accounts (Score:3, Insightful)
Piece of cake.
UAC annoys you when you try to run a setup program, _any_ setup program, for whatever reason, even a screensaver or desktop picture if it is a setup format.
In Linux you are not asked root's password to change desktop picture or installing random program and that's a major difference. Installed program has user account rights, but _that's the assumption_ and most programs respect that and, contrary to MS-systems, _can be installed and run_ just on user rights.
In MS-environment, _every_ program_ _must have_ (major) write-access to registry and system directories -> UAC every time you try to install or change anything. That's a _big_ difference. Like 1 to 100.
The idea that every program may write whatever they want in registry is outrageous. Only an idiot could design something like that.
Re:dear lord... (Score:3, Insightful)
My concern is not that teachers won't do it, it's that the people who have the skills and abilities to teach computers, won't turn to teaching. Basically, that people in my situation won't do it. I am an engineer, I'm more than qualified to teach any math or science in school, but there is no way I will do it. I won't take the pay cut, and I don't want to deal with the kids, and particularily their parents. I am not a teacher. It's just not in me. Those who are teachers, and do it because it's all they ever would want to do, don't tend to (I'm generalizing here, and I could be completely wrong, so please correct me if I am, but this is the case from what I've seen) have the background in computers that would be necessary to teach them.
-dave
The whole concept is wrong! (Score:3, Insightful)
Try to run win XP and see if you can get along with it without root permissions for one day.
The programmers concept for windows is just wrong! you can not require root privileges to run Acrobat Reader, Adobe Photoshop or who knows what
For that matter, try to get along with regular user on Linux, you'll be able to do so (and you'll stay of-course), why? cause Linux was built in as Multi user OS, un-like Windows in which you have to be root to install un-related stuff which you can't even think of why it requires root permissions.
The lesson is, that most of programmers of big companies are basing their programs on the fact that 95% of Windows users runs as Admins.
And also, the whole concept of multi-users is in-fact okay, but the implementation, dir oh lord, is just wrong.
That's why Windows Security just sucks. no matter what
Do what feels good, switch to Linux
Re:dear lord... (Score:3, Insightful)
Re:lack of security (Score:3, Insightful)
The problem is that it's totally different in a home environment. My desktop is running Linux, I've been running Linux since 1994, so I do have some experience here.... um, how many linux users do you know who neither a) know their root password, nor b) know how to get root access?
Joe User isn't going to use a system at home if he can't install his software. If he has to log in as root to do it, so be it. He's still going to be able to install dangerous software as long as he has root access on the system, and he's never going to use a system if he doesn't have a way to get root access.
Re:Limited User Accounts (Score:4, Insightful)
So changing the desktop wallpaper is a security issue in Linux too?
The problem is not that Vista asks for permission where admin is required, it's that it asks for permission everywhere.
Re:MS can't win with you guys, can they? (Score:3, Insightful)
Re:MS is to blame for user mistakes in this case (Score:3, Insightful)
But think about why you trust an Id game more... and then about how a relatively new user of computers, who hasn't been playing Id games for a decade, would know to make the same distinction.
You can't expect newbies to have the same base of computing experience to draw on that you do, to know what is historically trustworthy and what is historically shady. They don't know the history, and there's really no way to acquire that knowledge except through years of use.
It should -- but there are so many legitimate applications that do require admin rights, even though they shouldn't, that this test also fails to be useful. Too many false positives.
But one of them doesn't provide a useful discriminator, and the other requires significant background in PC computing/gaming.
Have you taken a look at Bitfrost? That project has the design goals right, IMO. Of course, it also has the tremendous luxury of not caring at all about backward compatibility, something Microsoft absolutely cannot discard.
Re:asbestos cloak of ignorance (Score:3, Insightful)
Apt-get is great, if the software you want is available from your distributions repositories. If it isn't, like the last piece of software I installed on my Ubuntu box, then you are left to download a
The alternative of course is to only install packages from your distributions repos. Which is all well and good, until you want something they don't contain. As soon as you allow a user the ability to install non-distro-approved software, you allow them to install malware. There is absolutely no workable way around this which does not either remove the users control over their system, or third party vendors ability to distribute software without the approval of the distro vendor. If I know the root password for a box, and I can install any program I want on it, then I can break it. That holds true for Linux, OSX, Windows, or any other OS you care to mention.
Re:Limited User Accounts (Score:2, Insightful)
In MS-environment, _every_ program_ _must have_ (major) write-access to registry and system directories -> UAC every time you try to install or change anything. That's a _big_ difference. Like 1 to 100.
The idea that every program may write whatever they want in registry is outrageous. Only an idiot could design something like that.
Re:MS can't win with you guys, can they? (Score:2, Insightful)
So it sounds to me like the issue boils down to Vista having much more fine-grained prompting than Linux or MacOS does. There are many entry points from which Windows can be compromised -- we know this. It sounds like Microsoft is at least doing the responsible thing and trying to plug them up with prompts. You guys expect them to work magic and "know" the difference between legitimate and illegitimate requests.
Re:The OS that cried "wolf!" (Score:5, Insightful)
Re:The OS that cried "wolf!" (Score:2, Insightful)
UAC isn't security. It's security-like trappings.
And to the user who said Vista only prompts when you do something that you need privilage escalation for...
That's not *quite* right. It prompts whenever you need to be an administrator to do something. Unfortunately, when you're running as an administrator, that's *everything*.
Re:Vista security is.. (Score:5, Insightful)
Here is a little tidbit to shock you...
The vast majority of users that use a computer don't really know anything about computers and they shouldn't have to!!! If a computer is operating correctly they shouldn't even have to think about their computer. They should be thinking about their task at hand. They shouldn't even want to "know about computers" because if they did they would have different jobs. (A lot of "computer people" can't get it through their heads that the users shouldn't have to know much about computers and if they all did the "computer people" would be mostly out of jobs.)
The very first example of MS's real conceptual problem with computer security is showcased by the first thing you see when you start up the computer. Let me ask you: What do you need to know to get into a computer? A username and a password. So MS's idea of increased security is to hand you a list of all the usernames on a platter so you can skip past the "find a valid username" step and go straight to the "lets find the user with a weak password" step. I haven't even been able find a way to force a 'classic' text login. We are 'clicking' our way into the pits of hell.
Right after XP came out Mr. Bill public stated that "the next version of Windows will not be an Operating System. It will be a Digital Rights Management Platform." He said it in public and everyone seems to have forgotten it. Why would anyone PAY for a system that's only reason for existence is to inhibit the user's actions? Bill is a master at knowing which way people will jump. (That is the only thing he is really brilliant at.) He knows that people won't rush out and buy a DRM/Platform so he has to sell it as something different. It is pretty easy to do too. People (are Raccoons. Give them something shiney and their eyes glaze over and they will clutch it with both hands and won't let go. Vista has every bright and shiny go-ga that MS could throw in. Will Vista be a "success"? Of course! The Raccoons will demand their bright/shiny (pointless) 'upgrades' because how can we live without a computer that will use video as a desktop image. (I think that running the movie Idiocracy as a desktop would be perfect!)
BTW - Has anyone figured out a hack to force an old style text login? I might even mod your posts up if you find a solution and share it!
Re:dear lord... (Score:5, Insightful)
In today's world, people have to deal with too many different categories of information to become even competent laymen in all of them.
Do you know how your clothes are made? Do you know how your local power grid is laid out? Do you know how groceries are stocked in the store, or how to manage the logistics of getting food from all over the world into a single building? Do you know how roads are paved, water is delivered, sewage is handled, or waste is disposed of? Do you know the legal legal issues relevant to any of those fields?
Take fifteen minutes and try to list all the things you'd need to learn and build in order to make a ballpoint pen from scratch.. and I mean really from scratch. You don't get to order plastics and machinery from suppliers. Start with a patch of earth that magically contains all the funamental materials you need, and your bare hands. If you have to list fifteen different things before you even get to 'make a decent shovel', you're on the right track.
Our society works because we all cooperate, and generally trust each other. We trust the experts in textiles, power, etc. to do their jobs well enough that we don't have to become experts just to meet our own basic needs.
Re:Vista security is.. (Score:3, Insightful)
So now you understand why MS didn't drop ActiveX, and therefore why all the talk about improved security is marketing claptrap.
When you've got an entire country locked-in to your product, and countless smaller organizations too, you don't throw away the padlock during the upgrade.
Re:Vista security is.. (Score:3, Insightful)
It amazes me to no end every time I hear this.
A computer is a tool. You use it to get a certain job done.
Now, even the most humongous version of the Swiss Army Knife (absolutely unwieldy and utterly unusable, BTW) lacks versatility when compared to the computer.
The computer is everything - a typewriter; a calculator; a spreadsheet; a database; a photo editor; a video player; a video editor; a music player; several thousand games of all the possible genres; a communication device - text, image, sound, video, and even scent, in the fullness of time; a 3D renderer; a TV and radio tuner; and a thousand more uses. Oh, yes, there's the cup-holder bit in it as well.
It is used in work, play, education and relaxation - actually, the only time it's usually not used is during one's sleep.
And guess what - that means that yes, people do need to know about their computers. Unless they want to pay people like me to come and clean them up every once in a while.
After all, even the hammer, which is about the most primitive tool known to man, is still a tool you have to learn to use.
OK, so you don't have to learn for a long time, but the principle is the same - every tool you use, you have to know how to. Or you're risking injury.
Now, of course, improper computer usage will usually not result in grave injury, unlike improper car usage. That's why there are driving licences, but not computing licences.
I have said it before and I will say it again: every computer user should know at least a bit of programming.
Programming is the essence of computer use, no matter the purpose to which you're using the computer.
If you don't like it, as far as I'm concerned, you can just as well stop using it.
You might not get hurt, but your data will. Sooner or later.
And it won't be my fault.
FUD Fully Expected from The Register (Score:5, Insightful)
So, point by point:
While referring to IE's Protected Mode [msdn.com] feature:
However, there is a brokering mechanism that enables users to download files to any location they have access to, or to install browser plugins and extensions, and the like. So users are still invited to make a mess of their systems, and no doubt many will, while Microsoft has a chance to shift blame away from itself.
Uh huh. First, you can't install plugins/extensions (with the exception [msdn.com] of signed ActiveX) without admin privs. Period. Second, how, exactly, would you propose the user be able to save files to their Documents folder, or do any other file operation in their profile (or basically anyplace on the system) without this brokering mechanism? Would you prefer that Microsoft not allow users to download *any* files via the browser? Ya, that would work out well.
However, IE7 on Vista does still write to parts of the registry in protected mode.
IE7 is running as an extremely low-rights user. This does *not* mean that it doesn't have the ability to write to any part of the registry. It means that the register's ACLs must explicitly allow write access to the IE's low-rights user. Certain locations have been explicitly marked as write-safe for the low integrity process. The example given by The Register is one of them. In other words, it's not an issue.
However, DEP, when full on, may cause a number of applications to crash, or interfere with their installation. I'm betting that a majority of users will opt for the more conservative setting, and this of course means less defense for everyone.
You're betting that the majority of users, most of whom think "DEP" is an actor's last name, will go and hunt down the DEP setting and turn it off because it will supposedly cause lots of applications to crash? Really? You mean they won't selectively turn it off via the dialog box that comes up after a DEP-related crash that asks if you want to turn it off just for this application? Oh, and what quantitative study are you sighting that shows that lots of commonly used applications will crash because of DEP? Give me a break.
User Account Control (UAC) is another good idea, because it finally, finally, finally allows the machine's owner to work from a standard user account, and still perform administrative tasks by supplying admin credentials as needed on a per-action basis. You know, the way Linux has been doing it forever.
Windows has supported running individual processes as admin (or any other account) since NT4. It was integrated into the GUI in Windows 2000. That is not the point of UAC, and it's not how Linux does it at all. If you try and run an application or perform an operation on Linux or Unix that requires admin access, it will fail. It doesn't prompt you. It's a subtle, but big difference. And it's a critical difference in the Windows world where that vast majority of applications won't work without admin privs.
Of course, it only works if everyone stays out of the admin account as much as possible, and if everyone with an admin password knows better than to install a questionable program with admin privileges. And there's the catch: "Windows needs your permission to install this cleverly-disguised Trojan nifty program. Click Yes to get rooted continue."
Wrong. It works regardless of what user you *think* you're running as. An admin account on Vista (with UAC enabled) is NOT AN ADMIN ACCOUNT. It's a limited user. The *only* difference is that an admin account isn't prompted to t
Re:The OS that cried "wolf!" (Score:3, Insightful)
That's where I stopped reading. If you are going to lie at least come up with credible lies. At no point does Vista UAC pop up while changing your background. Even in early beta it did not do what you describe.
Re:Their biggest problem.... (Score:3, Insightful)
You just described SELinux to a T.
Careful, you live in a glass house. The entire Linux permission and security system is at it's heart so utterly outdated as to be almost rediculous. NT had (and all version s of windows based on it) a beter base persmission and security system (Regardless of the fact that people decided not to use it) than Linux has at it's heart even today.
SE Linux is a hack on top of a lacking persmission system of a level even worse than what you are describing (wich is mostly false anyway).
What Linux needs to do is completely scrap it's kernel level permission and security and start over from scratch. But.. that would pretty much upset the entire universe and everyone and all code within it. Which is why it hasn't been done. Sound familiar?
Please don't offer sage advice about other peoples OSes when your OS is in the same boat.
the Geek looks in a mirror...never out the window (Score:2, Insightful)
Interesting.
Consumer Vista has been in general release for less than one month. But the Geek knows that most people are disabling the UAC. The Geek knows how users will respond to all the changes in Vista.
He doesn't need a crystal ball. He only needs to read what other Geeks are posting to their blogs.