Vista Mythbusters #6: Is Vista really more secure?
Summary: Microsoft touts Windows Vista as the most secure Windows ever, but critics say the changes are mostly cosmetic and are so annoying that most users will simply turn them off. There are big changes in the User Account Control feature in RC1. Have they done enough to win over skeptical users?
Myth: Microsoft touts Windows Vista as the most secure Windows ever, but the changes are mostly cosmetic. In addition, the new User Account Control feature is so annoying that most Vista users will simply turn them off.
Reality: There's a lot more to security in Windows Vista than just a few dialog boxes, and anyone who takes advantage of all the new features will certainly be more secure. But no one can say for sure how effective the new tools will be for the broad community of Windows users until Vista is widely available.
User Account Control is the security star of Windows Vista. It gets the lion's share of the publicity, and through Beta 2 the reviews weren't good. In early builds, beta testers complained that User Account Control was annoying and confusing, overwhelming users with a blizzard of consent dialog boxes for seemingly simple actions.
In Vista Release Candidate 1, UAC has been toned down dramatically. I've put together an image gallery that shows what the security features in this near-final version look and feel like so you can see for yourself. If you install RC1, you'll see UAC prompts only when you actually try to change a system setting, install a new program, or access files and folders in protected locations. In Beta 2, for instance, simply opening Task Manager required consent via a UAC prompt; in RC1, Task Manager opens as usual, and consent is only required if you want to see processes that are owned by a system account or by an account other than the current logged-on user. After initially setting up a new PC, most users will barely notice UAC. Microsoft is hoping that will convince most users to leave this feature enabled.
But what about the larger picture? Do the new security features help? The answer is a qualified yes.
The biggest weakness in Windows XP from a security point of view is its poor support of limited (also known as standard) user accounts. Using any operating system in a standard account is a smart security practice, because security exploits typically work with the credentials of the logged-on user. A standard user who gets tricked into clicking a link that leads to a hostile web page or installing a piece of malware can't alter system settings. But anyone who's tried to run Windows XP using a limited account has probably given up in frustration within a few hours. Vista changes that experience architecturally, by virtualizing the directories and registry keys where programs are allowed to write. (See this page for an example.)
Many programs that fail when run under a standard user account in Windows XP run just fine under Vista, thanks to this change. In homes and on business networks, that means administrators (including parents) can set up users with standard accounts and severely limit the damage they're able to do, even if an attacker can convince them to try to install a program.
The companion piece to UAC is the new Protected Mode in Internet Explorer 7, which shifts browser add-ins into a sandbox and makes it more difficult for them to access system locations. An administrator who carefully sets up a new Vista system can protect users from themselves by restricting their ability to install malware or make changes that compromise the system. [Update: As commenter PB_z notes, Protected Mode IE runs the entire browser process in this sandbox, not just add-ins.]
But UAC and the new IE7 security features only ask questions; they don't provide detailed information that nontechnical users can rely on to make decisions. As images like this one show, a user who is confronted with a UAC dialog box often has only a filename or a snippet of technical gobbledygook available on which to base a decision. That raises the bar for scammers and attackers who use social engineering techniques, but only slightly. And critics say, with some justification, that users who leave UAC enabled will simply learn to click yes automatically, undoing most of the security benefits.
Corporate users have a whole toolbox of additional security options as well, including Bitlocker drive encryption, better support for authentication through Smart Cards, and policies that can lock down a system without locking out users.
Will Vista be more secure? Certainly. But it will be months, maybe a year or more, before we know how much of a difference it really makes.
For the introduction to this series, see Vista Mythbusters #1. For all posts in this series, see this page.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Yea, and what about the millions of lines of new code, plus all of the old
Well, did not expect much from a Dan Quayle type amateur blogger.
Pure FUD
Please point to the place where I said that Vista will be bug-free. Never said that. This whole column is about the security infrastructure in Vista. And if a bugffer overflow is waiting in a new line of code, won't the system be more secure if the user who hits it is running in a less-privileged context.
Are you seriously saying that undertaking a full-scale security review of every line of code and using new tools to detect areas where buffer overflows could occur is a bad thing?
Don't worry about DB's comments
As long as MS is building products, there will be plenty of problems to
Well, maybe if Balmer and Gates left and they lost the monopoly and were forced to give the customers what they wanted in terms of simplicity, reliability, security, we wouldn't have any more to complain about.
There is...
There is an OS that does all th... Umm ... Ok maybe not, I guess MS, MAC and OpenSorce squashed it before it got out.
Either you are jokeing or yopu are insane
Just because you are built simple and are someone who is difficult to be around, you are mistaken if you think even a small portion of the public can stomach the likes of you and your nonsense, so why would they tolorate it from an operating system that was built simple and difficult to work with.
Because it's easy to use?
Windows is certainly easier to use than Linux and perhaps not as easy as the Mac (although, overall, I'd dispute that). But there are two main issues that affect it's security. It was built to maintain compatibility with legacy software and hardware and it wasn't really designed to be a true network operating system at the beginning.
The first does factor into ease-of-use with respect to setting up and adding to the computer. And MS has done an impressive job of it, considering how well it allows components of different eras and from widely different sources to function within the environment. But that has affected the company's ability to make a stable and secure OS. That's not a criticism, really. It's amazing how well the whole kludge works (especially a nightmare of a system like the one I have at home). But it's a design choice that has consequences.
But the other can be laid at the feet of MS programmers. They get credit for setting the limited user accounts, but they should be lambasted for not building that in from the start for any OS designed to be networked. And that goes back to Windows for Workgroups. Over a decade ago. And far too many of the flaws were the result of sloppy coding. Gates admitted as much with his open memo on security a few years back.
Granted, MS has made some impressive leaps ahead relative to where they were. But the starting point was far behind where it should have been. It isn't hard for a high school student to ace a test written for someone in the fourth grade (at least, it shouldn't be, but that's another topic). But that doesn't mean that he should get credit for it.
Like it or not, DonnieBoy makes some good points. He may not have expressed in a way you like and you certainly don't seem to agree with him. But that's no reason to reduce this to a level of a personal attack.
Problems
Your wound a little tight today, aren't ya.
IF he had even one real point...
Actually kind of sad when you think about it. Sort of like the kid that reads the backs of comic books for his fact gathering...
Millions of lines of new code and tons of new features can NOT be added
The fact is that Microsoft put the emphasis on all kinds of new features (to help maintain lockin), when customers wanted security and simplicity.
Vista could eventually be more secure than XP, though the promise of XP being more secure than Win98 never materialized. I doubt that the promise of Vista being more secure than XP will never materialize either.
If security is important use Linux or Mac. Just that simple. If you really need to keep the Windows platform, but want to minimize risk, stay on Windows XP and use FireFox, Evolution, OpenOffice.
Again, a Dan Quayle type trying to tell us it is a myth that Vista won't be more secure if pretty funny.
DonnieBoy, you do more to harm Linux than any MS person.
So, you are claiming that MS can add millions of lines of code and new
Exactly
So how to do explain that Donnieboy. Obviously, rewriting IIS from scratch involved TON of brand new code. Where were the huge problems?
Well..
The difference would be the part about maintaining backwards compatibility. Backwards compatibility for a web server is nothing. If there were alot of flaws found that would not look well on those programmers. Especially with all the tools available to find them. Then there is the issue of default install which causes many, many problems. They lock IIS down by default now.
But trying to maintain that for Windows is a nightmare. Now, if Windows Vista had no backwards compatibility, then I might agree with you.
re: Well
Whats wrong with you?
Do you think so?
I don't know who you deal with, but if anyone came to me saying "look how desparate Linux is because of DonnieBoy's rants," I think I would have to slap the stupid out of them.
Man... The FUD is getting deep...
Geeze. You sure don't know much about the Mac... While FreeBSD, OSX's root foundation IS indeed fairly secure, the OSX programming team tore down a LOT of the saftey nets surrounding FreeBSD to make things work better - more user friendly.
Solutions that "solve" issues by delivering an OS that's main claim to fame is it's obscurity - no one bothers hacking them because the market penetration is too small aren't solutions. It's a bailing wire and duct tape solution.
And Firefox, while it's a nice enough browser, has been found to be much less secure than it's originally been touted. Once it hit critical mass, hackers started paying attention to it. Now the bugs, exploits and security holes are coming out of the woodwork.
Mixed up logic!
And unless you have a genetic connection, Dan Quayle had nothing to do with your obvious stupidity.