Forgot your password?
typodupeerror
Windows Operating Systems Software Security

Vista Security — Too Little Too Late 483

Posted by kdawson
from the five-years-work dept.

Thomas Greene of The Register has a fairly comprehensive review of Vista and IE7 user security measures. The verdict is: better but not adequate, and mostly an attempt to shift blame onto the user when things go wrong. From the review: "[Vista is] a slightly more secure version than XP SP2. There are good features, and there are good ideas, but they've been implemented badly. The old problems never go away: too many networking services enabled by default; too many owners running their boxes as admins and downloading every bit of malware they can get their hands on."

This discussion has been archived. No new comments can be posted.

Vista Security — Too Little Too Late

Comments Filter:
  • by Anonymous Coward on Wednesday February 21, 2007 @09:05AM (#18094688)
    .. A Dialog box asking if you wish to run the exploit or not.

    And it is the first thing to be disabled for sure.
    • by madcow_bg (969477) on Wednesday February 21, 2007 @09:36AM (#18094930)
      If that was it, then the security team has won the game!
      Alas... I think it is asking for everything, therefore asking for nothing. An automatic OK is just as bad as no confirmation asked. Even worse, IMHO.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Sounds like perhaps, they didn't do the most obvious thing, and kill ActiveX. There is absofuckinglutely no reason for a web page to execute native code. I'd say use C#, but from what I understand they didn't properly sandbox that for the web either. If we could at least get through to the web designer community, that might help. No respectable web site should use ActiveX. Period.

    • by KingSkippus (799657) * on Wednesday February 21, 2007 @10:06AM (#18095182) Homepage Journal

      This is exactly what Vista security is.

      My main problem with Vista security is that it is an OS that cries wolf. When I installed Vista, I had to click no less than 50 security confirmation dialog boxes (it's important to note that these were security dialog boxes) within the first hour or so in order to do simple, stupid stuff that clearly should not have needed confirmation. Stuff like changing my desktop background. Stuff like moving some documents around on a removable hard drive. Stuff like copying a line of text from an IE7 edit box. Stuff like pasting that line of text into a different IE7 edit box. Stuff like creating a new text file on my removable hard drive. And so on, and so on, ad nauseum.

      This isn't security. This is constant aggravation, and yes, I cannot imagine any normal user calling their geek friend after five minutes and saying, "How do I turn this damn thing off?" Even if they don't, they "mentally" disable it by simply clicking Allow without thinking. Hell, I'm a computer expert, and I did it. "You are installing the pwnzj00 virus." Allow. "You are sending your bank account numbers to Nigeria." Allow, allow, allow, dammit! Leave me alone!

      I try to give Microsoft the benefit of a doubt. I'm not a zealot or a Microsoft basher, seriously. I think they've put out some good software, but on this point, I have to agree with the folks who are saying that Microsoft isn't serious about security, they're simply trying to push the blame for when things go wrong onto the users.

      There's no way in hell that they could have conducted any usability tests and found the currently scheme acceptable. But they still let it out the door, most likely to meet some sort of artificial management deadline to keep the OS from shipping any later than it already had.

      So now, we've gone from OSes that never alert you to potential security risks to an OS that is even worse because it alerts you to everything, security risk or not.

      I'll be interested to see how Microsoft tries to fix this mess, both from a technical standpoint and a PR standpoint.

      • by Gzip Christ (683175) on Wednesday February 21, 2007 @10:55AM (#18095690) Homepage
        There's an "I'm a Mac" ad which covers this: http://images.apple.com/movies/us/apple/getamac/ap ple-getamac-security_480x376.mov [apple.com]
        • Re: (Score:3, Interesting)

          by Randolpho (628485)
          Yes, we're all familiar with the inaccuracies of Apple's ads. Here's a more accurate (but less funny) "man in black" statement:

          "You want to write a file to a directory you don't have permission to use. Please log in as an administrator to do so. Otherwise, fuck off."

          Of course in OSX you could just SU and go ahead and write that damn file wherever you please. Wait, that seems a little familiar...

          On a side note, since you brought up Apple's ads, I'd like to discuss the difference between Apple's ads and Micro
      • by Blue Stone (582566) on Wednesday February 21, 2007 @11:17AM (#18095990) Homepage Journal
        It's almost like Microsoft, sick and tired of all the complaints about poor security in their operating systems, said, "RIGHT! If you want security, we'll GIVE you security!" and then handed it out as a punishment.
      • Re: (Score:3, Insightful)

        by Barlo_Mung_42 (411228)
        "...Stuff like changing my desktop background..."

        That's where I stopped reading. If you are going to lie at least come up with credible lies. At no point does Vista UAC pop up while changing your background. Even in early beta it did not do what you describe.

    • There can't be an OS which you'll have to be root to actually be able to do something.
      Try to run win XP and see if you can get along with it without root permissions for one day.
      The programmers concept for windows is just wrong! you can not require root privileges to run Acrobat Reader, Adobe Photoshop or who knows what
      For that matter, try to get along with regular user on Linux, you'll be able to do so (and you'll stay of-course), why? cause Linux was built in as Multi user OS, un-like Windows in which
      • Re: (Score:3, Informative)

        by xtracto (837672)
        cause Linux was built in as Multi user OS, un-like Windows in which you have to be root to install un-related stuff which you can't even think of why it requires root permissions.

        I have always had problems trying to install RPMs or DEBs on any linux distribution /without/ root access. It is just not possible. The only way to *try* to do it is to download the source code and configure it with the --prefix option in order to change the installation directory. But to do that you must have the headers and othe
      • Safer than giving up and running as Administrator is to use Filemon and Regmon to find out what exactly the broken application is doing that it shouldn't, then changing the ACL for just those files or registry keys.

        Windows non-administrator LUA/UAC advice, tips and tricks [msdn.com].
  • I'm shocked at these allegations!!!
  • dear lord... (Score:4, Insightful)

    by tomstdenis (446163) <tomstdenisNO@SPAMgmail.com> on Wednesday February 21, 2007 @09:12AM (#18094744) Homepage
    can't believe I'm speaking up for Vista but ...

    User security, is like car safety. It's nice to design for "in case shit happens" but if you drive like a lunatic, you're likely to get hurt.

    I think a large part of security involves the self. People don't do enough thinking, and are too lazy to follow simple security procedures. No automated tool or system, that allows some freedoms can protect people entirely. Think about it, the OS'es solution to malware? Only allow MSFT signed binaries to run. But this is horrible as it means only MSFT can authorize binaries and it cuts out 3rd party developers.

    At some point the users themselves have to stop and learn how to use their computers properly, if they want to use them. If they're too lazy to figure it out, *and* demand security, they should not use a computer.

    Of course it's largely MSFT's fault for breeding a culture of contempt for knowledge. Oh look it's so easy anyone can use it with zero training.

    Imagine if MSFT made automobiles (but with the a yolk instead of a wheel/pedals, and other "standard improvements"). No training required!

    Tom
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Good idea. Let's lobby for mandatory computer licenses, with proper training and a test. People won't be allowed to use a computer unless they have a license.

      This plan is sure to succeed.

      • Re:dear lord... (Score:4, Interesting)

        by tomstdenis (446163) <tomstdenisNO@SPAMgmail.com> on Wednesday February 21, 2007 @09:23AM (#18094822) Homepage
        Well why not have it part of the school curriculum? When I went through school even keyboarding was voluntary. So in effect the majority of my fellow high school grads, knew JACK SQUAT about computers (we're talking circa 2000).

        I don't think you can simultaneously pull on the resources of society when you fall victim to fraud, malware, or viruses (e.g. turned into a bot), and then reject learning how the tools work. Why should I pay interest rates, taxes, and other socially collected fees [ISP rates for instance] to cover for people who willing put themselves into harms way?

        I never said we should have licenses though, you're putting words into my post (nice AC troll-fu btw). I just think society would be better served if as a whole, people had the first slightest clue about computers.

        And it's not like the majority of folk don't want to use computers. So why is making it a mandatory part of the high school [or better yet elementary] curriculum such a bad idea? Of course, I'd love to see such curriculum not focus solely on Windows, maybe through in OS X and a Linux distro for good measure.

        Tom
        • Re: (Score:3, Insightful)

          by planetmn (724378)
          So why is making it a mandatory part of the high school [or better yet elementary] curriculum such a bad idea? Of course, I'd love to see such curriculum not focus solely on Windows, maybe through in OS X and a Linux distro for good measure.

          I would love to see computers taught more in schools, but there are a couple of problems with doing it right now (which isn't to say in 5 years these problems will still exist).

          First of all, schools need to teach reading, writing, arithmetic, science, etc. You get
          • Re: (Score:3, Insightful)

            by tomstdenis (446163)
            I agree that a focus on the basics is more important than computers or tech. (judging by the spelling errors in my post ... maybe I should have paid more attention hehehe).

            But figure this out, you can do things like English and most sciences, with a computer. Typing up an essay, running numbers through a spreadsheet to get standard deviation, etc. Most uni students I know, have to have crash courses in computers because their professors expect them to use things like Fortran, maple, magma, etc.

            Granted, I
            • by planetmn (724378)
              The trick that adults give up on, is that children have a capacity to learn that can be untameable compared to adults. Add to the fact that they have all the time in the world to be a student (not like they have jobs or other responsibilities) and it's easy to see how they could pick up technology.

              You focus on the student side of the equation, which I agree, has room for the information. But not on the teaching side. There is infrastructure required (classrooms, equipment, support), teachers required (
          • So, you mandate that schools spend an hour every week teaching computers. Where does that hour come from? Math? Science?

            I think it would be nice if it came from the Creationism Class :P
          • by magicchex (898936)

            Second, and in my opinion, the real problem. Who will teach these courses? Most people who are knowledgable enough to teach these courses, don't teach. They can make much more money working elsewhere, and not have to deal with kids. Retraining teachers to teach computers could work, especially for basic tasks, but for more advanced subjects, they will not be adequate.

            As a student finishing up an education degree and getting ready to teach preschool and kindergarten in underprivileged communities, as well

            • Re: (Score:3, Insightful)

              by planetmn (724378)
              You don't have to tell me about it, my wife is a kindergarten teacher and has taught in the poorest districts and some extremely affluent areas as well. I have not met one teacher who did it for the money. My wife and I have similar educations (both master's degrees), both the same amount of experience, yet I earn more than twice what she does, and my earning potential is much, much, higher than hers.

              My concern is not that teachers won't do it, it's that the people who have the skills and abilities to
          • Re: (Score:3, Insightful)

            by Opportunist (166417)
            Not to mention that even after the training, you'll invariable have a few kids in the class who still know ten times more than the teacher. And they will use it, further undermining what's left of the flimsy imagination of authority.
        • by jackbird (721605)
          So why is making it a mandatory part of the high school [or better yet elementary] curriculum such a bad idea?

          It's not necessarily, but you could say the same thing about driving, cooking/nutrition, personal financial management, media literacy, and lots of other life skills subjects that don't relate to standardized tests. The problems are time, money, qualified teachers, and politicization/monetization of most of the subjects I listed above (see your average school board meeting about the sex ed program

    • by jimicus (737525)
      Imagine if MSFT made automobiles (but with the a yolk instead of a wheel/pedals....)

      But wouldn't you get covered in bits of egg?
    • by Zebra_X (13249) * on Wednesday February 21, 2007 @09:35AM (#18094920)
      Imagine if MSFT made automobiles

      It would be pretty horrific...

      Are you sure you want to unlock your car? (Yes/No)
      Please confirm this action: Start car (Allow/Deny)
      The manufacturer of this car is not trusted, are you sure you want to start this car? (Yes/No)
      The car is attempting to use gas that does not fall between 89 and 91 octane are you sure you want to continue? (Yes/No)
      Are you sure you want to turn on the radio (Allow/Deny)
      The manufacturer of this radio is not trusted, are you sure you want to turn on radio? (Yes/No)
      Station 104.7 is attempting to play content that requires special priveliges, do you want to play 104.7? (yes/no)
      Please confirm your administrative username and password.
      Please confirm this action: Change to D (Allow/Deny)
      This feature requires administrative priveligeges, please enter your username and password. ... ...

    • The simple reason in a nutshell: The user cannot make a qualified decision based on the information the system gives him.

      With the installer needing admin privileges, no matter if its trying to install a driver or a game demo, the user cannot make a qualified decision whether the privileges asked for are warranted or not. You could blame the user if it was not so. If the user could install a game with "reduced" privileges and it asks for full admin rights, he could smell the rat. He cannot in an environment
      • Look at where most demos and games come from, some anonymous, ad laden, 3rd party "download site".

        I'd trust a game download fetched from idsoftware.com more than gamesgamesgamesgalore.com. If a game requests admin rights to install for my user, that would raise a red flag, etc.

        Wow, two simple ideas that didn't involve a masters thesis from MIT.

        I must be a genious.

        Tom
        • Re: (Score:3, Insightful)

          by swillden (191260) *

          I'd trust a game download fetched from idsoftware.com more than gamesgamesgamesgalore.com.

          But think about why you trust an Id game more... and then about how a relatively new user of computers, who hasn't been playing Id games for a decade, would know to make the same distinction.

          You can't expect newbies to have the same base of computing experience to draw on that you do, to know what is historically trustworthy and what is historically shady. They don't know the history, and there's really no way to acquire that knowledge except through years of use.

          If a game requests admin rights to install for my user, that would raise a red flag, etc.

          It should -- but there are so many le

      • by BVis (267028)
        The user has access to all the information they need.

        Even the simplest user can type "www.google.com". The information is out there, they just need to go and find it.

        Sure, that's blaming the victim, but in this case the user is victimizing themselves.

        If they can't be bothered to do the most basic research, screw 'em. Once they educate themselves, subsequent situations become easier to handle. If they choose to remain ignorant, then it's their own damn fault and I have no sympathy.

        That being said, Vista's
  • er um (Score:2, Funny)

    by pizzach (1011925)

    "too many owners running their boxes as admins and downloading every bit of malware they can get their hands on."
    er um. I hope he's not talking about me.
  • by ip_freely_2000 (577249) on Wednesday February 21, 2007 @09:19AM (#18094800)
    "and downloading every bit of malware they can get their hands on."

    Come on. More than anything, Microsoft is in a no-win situation to try and protect people from themselves. If everyone ran Linux instead of Vista there'd be the same damn problems.

    If a thirteen year old wants to download smileys for their IM client, the kid is going to do it. If the software has spyware, then that spyware would do what it takes to open up or break the system. It's pretty damn hard to code against human behaviour.
    • by Bob54321 (911744)
      I agree with the parent completely. There is no way Microsoft can stop people downloading random piece of shit and installing it on their computer. If every time you tried to install something there was a pop-up saying "Are you sure you want to do this?" people would complain about too many pop-up causing people to ignore them. I suppose if the thirteen year old was in a non-root account there would be some stoppages but after enough going to the parent saying "I can't install this, it is essential, you
    • Apt-get (Score:2, Funny)

      by Anonymous Coward

      If everyone ran Linux instead of Vista there'd be the same damn problems.
      If everyone ran Linux, they wouldn't have these problems because people wouldn't know how to install anything.

      *ducks*
    • by exi1ed0ne (647852)

      Microsoft is in a no-win situation to try and protect people from themselves.

      I'd have to agree. People want computers to be a toaster - throw some bread in, mash a button, and get toast. That is the extent they want their involvement to be if it isn't in their realm of interest.

      To be honest though, there are plenty of other occupations that I'm clueless on. Put me in a fighter jet, or have me do someone else's taxes and your gonna see the same recipe for disaster. I'm sure there are plenty of people

  • Users (Score:3, Interesting)

    by drooling-dog (189103) on Wednesday February 21, 2007 @09:25AM (#18094830)
    Microsoft is always going to leave network services on by default because otherwise users might have to go admin and turn them on to get their software to work. Of course the goal is to relieve users of the need to be concerned about what's going on in their computers, but unfortunately it also relieves them of the opportunity to ever learn anything and thereby participate in their own security.

    So, you can be "insecure by design", or you can expect your users to educate themselves just a little about how things work and their own role in the security equation. I'm sure the focus groups all say, "We'll take our chances, just don't make us have to think!"
  • by Paulrothrock (685079) on Wednesday February 21, 2007 @09:34AM (#18094900) Homepage Journal

    I think that's a bit low. There are only about 30 viruses for Macs (most of which are holdovers from OS 8 days) and I've not encountered one bit of spyware or adware. I don't have experience with Linux, but I imagine it's similar

    I think the reason Windows is such a target isn't just its market share, but also its vulnerability.

    • Actually, it's also because the maximum number of clueless users on Windows far outstrips all other OSes combined, likely by a couple orders of magnitude. I would also venture that windows users are more likely to look for that "free ride" download instead of purchasing software. Linux also has its freeware crowd, but it's a totally different environment.

      Unfortunately, the old MS model - mostly pre-internet - ignored permissions, or implemented them poorly such that even trivial software is written expectin
  • by icedivr (168266) on Wednesday February 21, 2007 @09:36AM (#18094932)
    When the second paragraph contains this quote --

    In a nutshell, Windows is single-handedly responsible for turning the internet into the toxic shithole of malware that it is today.

    you know it's going to be fair and balanced.
    • Re: (Score:3, Insightful)

      by RAMMS+EIN (578166)
      ``In a nutshell, Windows is single-handedly responsible for turning the internet into the toxic shithole of malware that it is today.

      you know it's going to be fair and balanced.''

      The sad thing is that it's actually true.
    • Re: (Score:3, Insightful)

      by PhxBlue (562201)
      It may not be "fair and balanced," but that doesn't take away from the truth of the statement. This is slightly OT, but too many media entities today worry about being "fair," at the expense of giving their readers the whole story.
    • Re: (Score:3, Interesting)

      by Niten (201835)

      "Fairly comprehensive" and "The Register" never, ever belong in the same sentence together.

      This is one of those few times I've found myself wishing Slashdot had Digg's "Bury Story" feature – this article serves neither to enlighten nor to persuade. It's not aimed at the kind of intelligent, informed people at the center of the open source community who would genuinely be interested in how Vista's release affects Windows security; it only preaches to the choir of those poor and confused souls who hat

  • by pesc (147035) on Wednesday February 21, 2007 @09:38AM (#18094940)
    From the article:

    As Billg likes to point out, Windows is the platform on which 90 per cent of the computing industry builds, and this naturally means that it's the platform on which 90 per cent of spyware, adware, virus, worm, and Trojan developers build. That translates into 90 per cent of botnet zombies, 90 per cent of spam relays, 90 per cent of spyware hosts, and 90 per cent of worm propagators.

    This implies that Linux, Mac, Solaris, VMS, etc stands for 10% of the malware. This is not true. I would guess that non-Windows systems have less than 1% of the malware.
  • by d_jedi (773213) on Wednesday February 21, 2007 @09:42AM (#18094968)
    Oh, the article is from the Register. I see.. no surprises there.
  • by Don_dumb (927108) on Wednesday February 21, 2007 @09:48AM (#18095024)

    As usual, Windows enables far too many services by default.
    This is my number one Windows gripe. It not only reduces security (there's more vunerabilities running) but takes up resources and generally gets in the way.

    Microsoft can't fix the users, there will always be the crowd blindly clicking OK or tuning off the firewall because their game's troubleshooting tells them to.
    But reducing the number of services and installed programs running, can reduce the number of vunerabilities present and active by default. How long did it take for them to give the option of actually turning off Messenger, despite no one ever using it. The deault install should be the minimum needed to access the net and use office. If we are all used to prompts and downloading programs a wait of a few seconds to install a progam from a file in the Windows install folder, to run something new, shouldn't be too much of a problem.
    Especially if we have the option of actually uninstalling IE7 completely.

    And on another note, I have watched this Vista launch and still I wonder. -
    Why should I get it? I see alot of hype but not a single reason to upgrade.
  • For one thing, IE7, at least on Vista, is no longer such a dangerous web browser. It may still be the buggiest, the most easily exploited, and the most often exploited browser in internet history, and probably will be forever, but it has become safer to use, despite its many shortcomings.

    It's funny the way he uses "IE7" when he's apparently talking about a mixture of IE and IE7... As far as I know, IE7 doesn't have many security bugs known until now, and especially not on Vista due to protected mode... Thre

  • This is because MS has finally addressed IE's single worst and most persistent security blunder: its deep integration with the guts of the system.

    Because it's pretty obvious at that point the author is clueless.

    Then again, it's the Register. What else to expect but clueless Microsoft bashing ?

  • OS vulnerability (Score:3, Insightful)

    by Jason Buchanan (14443) on Wednesday February 21, 2007 @10:13AM (#18095234)
    The vulnerability of Vista or any other OS can be traced back to the requirement to modify the OS for software installation. It makes no reasonable sense that an end-user should modify the operating system when installing a software package (exceptions for servers but that's iffy, too). CONFINE the end-user software to the end-user's space (i.e., home directory) - and as suggested earlier, the notion of each user having an independent registry instead of the global system-wide Windows registry is a great idea. An infinite number of users should be able to use a Windows environment without any influence by one user upon another. This goes for all operating systems. I can't understand why this idea hasn't been pursued already. It's too late for Vista but in another 3 years or so this may happen.

    One of these days Microsoft will realize that system-wide changes are killing them. Perhaps when they start leasing remote desktop connections for $9.95 a month they will figure this out.
  • "You are visiting Slashdot with its very well known anti-Microsoft bias. Allow or cancel?"

    "you are about to read a scary story about the lack of security in Vista. Allow or cancel?"

  • by ThinkFr33ly (902481) on Wednesday February 21, 2007 @12:24PM (#18096962)
    I fully expected this kind of baloney from The Register. Do people here honestly think that a site that refers to Microsoft as "The Vole" would give a fair minded, intelligent, and well though out review of a Microsoft product. (Not sure why I'm asking that question on Slashdot... but whatever.)

    So, point by point:

    While referring to IE's Protected Mode [msdn.com] feature:

    However, there is a brokering mechanism that enables users to download files to any location they have access to, or to install browser plugins and extensions, and the like. So users are still invited to make a mess of their systems, and no doubt many will, while Microsoft has a chance to shift blame away from itself.

    Uh huh. First, you can't install plugins/extensions (with the exception [msdn.com] of signed ActiveX) without admin privs. Period. Second, how, exactly, would you propose the user be able to save files to their Documents folder, or do any other file operation in their profile (or basically anyplace on the system) without this brokering mechanism? Would you prefer that Microsoft not allow users to download *any* files via the browser? Ya, that would work out well.

    However, IE7 on Vista does still write to parts of the registry in protected mode.

    IE7 is running as an extremely low-rights user. This does *not* mean that it doesn't have the ability to write to any part of the registry. It means that the register's ACLs must explicitly allow write access to the IE's low-rights user. Certain locations have been explicitly marked as write-safe for the low integrity process. The example given by The Register is one of them. In other words, it's not an issue.

    However, DEP, when full on, may cause a number of applications to crash, or interfere with their installation. I'm betting that a majority of users will opt for the more conservative setting, and this of course means less defense for everyone.

    You're betting that the majority of users, most of whom think "DEP" is an actor's last name, will go and hunt down the DEP setting and turn it off because it will supposedly cause lots of applications to crash? Really? You mean they won't selectively turn it off via the dialog box that comes up after a DEP-related crash that asks if you want to turn it off just for this application? Oh, and what quantitative study are you sighting that shows that lots of commonly used applications will crash because of DEP? Give me a break.

    User Account Control (UAC) is another good idea, because it finally, finally, finally allows the machine's owner to work from a standard user account, and still perform administrative tasks by supplying admin credentials as needed on a per-action basis. You know, the way Linux has been doing it forever.

    Windows has supported running individual processes as admin (or any other account) since NT4. It was integrated into the GUI in Windows 2000. That is not the point of UAC, and it's not how Linux does it at all. If you try and run an application or perform an operation on Linux or Unix that requires admin access, it will fail. It doesn't prompt you. It's a subtle, but big difference. And it's a critical difference in the Windows world where that vast majority of applications won't work without admin privs.

    Of course, it only works if everyone stays out of the admin account as much as possible, and if everyone with an admin password knows better than to install a questionable program with admin privileges. And there's the catch: "Windows needs your permission to install this cleverly-disguised Trojan nifty program. Click Yes to get rooted continue."

    Wrong. It works regardless of what user you *think* you're running as. An admin account on Vista (with UAC enabled) is NOT AN ADMIN ACCOUNT. It's a limited user. The *only* difference is that an admin account isn't prompted to t

You are an insult to my intelligence! I demand that you log off immediately.

Working...