Vista Mythbusters #6: Is Vista really more secure?

Vista Mythbusters #6: Is Vista really more secure?

Summary: Microsoft touts Windows Vista as the most secure Windows ever, but critics say the changes are mostly cosmetic and are so annoying that most users will simply turn them off. There are big changes in the User Account Control feature in RC1. Have they done enough to win over skeptical users?

SHARE:
TOPICS: Windows
159

Myth: Microsoft touts Windows Vista as the most secure Windows ever, but the changes are mostly cosmetic. In addition, the new User Account Control feature is so annoying that most Vista users will simply turn them off.

Reality: There's a lot more to security in Windows Vista than just a few dialog boxes, and anyone who takes advantage of all the new features will certainly be more secure. But no one can say for sure how effective the new tools will be for the broad community of Windows users until Vista is widely available.

User Account Control is the security star of Windows Vista. It gets the lion's share of the publicity, and through Beta 2 the reviews weren't good. In early builds, beta testers complained that User Account Control was annoying and confusing, overwhelming users with a blizzard of consent dialog boxes for seemingly simple actions.

eb_vista_security_small.png

In Vista Release Candidate 1, UAC has been toned down dramatically. I've put together an image gallery that shows what the security features in this near-final version look and feel like so you can see for yourself. If you install RC1, you'll see UAC prompts only when you actually try to change a system setting, install a new program, or access files and folders in protected locations. In Beta 2, for instance, simply opening Task Manager required consent via a UAC prompt; in RC1, Task Manager opens as usual, and consent is only required if you want to see processes that are owned by a system account or by an account other than the current logged-on user. After initially setting up a new PC, most users will barely notice UAC. Microsoft is hoping that will convince most users to leave this feature enabled.

But what about the larger picture? Do the new security features help? The answer is a qualified yes.

The biggest weakness in Windows XP from a security point of view is its poor support of limited (also known as standard) user accounts. Using any operating system in a standard account is a smart security practice, because security exploits typically work with the credentials of the logged-on user. A standard user who gets tricked into clicking a link that leads to a hostile web page or installing a piece of malware can't alter system settings. But anyone who's tried to run Windows XP using a limited account has probably given up in frustration within a few hours. Vista changes that experience architecturally, by virtualizing the directories and registry keys where programs are allowed to write. (See this page for an example.)

Many programs that fail when run under a standard user account in Windows XP run just fine under Vista, thanks to this change. In homes and on business networks, that means administrators (including parents) can set up users with standard accounts and severely limit the damage they're able to do, even if an attacker can convince them to try to install a program.

The companion piece to UAC is the new Protected Mode in Internet Explorer 7, which shifts browser add-ins into a sandbox and makes it more difficult for them to access system locations. An administrator who carefully sets up a new Vista system can protect users from themselves by restricting their ability to install malware or make changes that compromise the system. [Update: As commenter PB_z notes, Protected Mode IE runs the entire browser process in this sandbox, not just add-ins.]

But UAC and the new IE7 security features only ask questions; they don't provide detailed information that nontechnical users can rely on to make decisions. As images like this one show, a user who is confronted with a UAC dialog box often has only a filename or a snippet of technical gobbledygook available on which to base a decision. That raises the bar for scammers and attackers who use social engineering techniques, but only slightly. And critics say, with some justification, that users who leave UAC enabled will simply learn to click yes automatically, undoing most of the security benefits.

Corporate users have a whole toolbox of additional security options as well, including Bitlocker drive encryption, better support for authentication through Smart Cards, and policies that can lock down a system without locking out users.

Will Vista be more secure? Certainly. But it will be months, maybe a year or more, before we know how much of a difference it really makes.

For the introduction to this series, see Vista Mythbusters #1. For all posts in this series, see this page.

Topic: Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

159 comments
Log in or register to join the discussion
  • Yea, and what about the millions of lines of new code, plus all of the old

    hair ball for backwards compatibility???? Seems you "forgot" to take those things into account in you analysis. Do you really believe that MS can add all of those new features and lines of code without bugs????

    Well, did not expect much from a Dan Quayle type amateur blogger.
    DonnieBoy
    • Pure FUD

      And the ad hominem attack is nice, too.

      Please point to the place where I said that Vista will be bug-free. Never said that. This whole column is about the security infrastructure in Vista. And if a bugffer overflow is waiting in a new line of code, won't the system be more secure if the user who hits it is running in a less-privileged context.

      Are you seriously saying that undertaking a full-scale security review of every line of code and using new tools to detect areas where buffer overflows could occur is a bad thing?
      Ed Bott
      • Don't worry about DB's comments

        A day where he can't whine about something that Microsoft has done is a day when his panties are to tightly wound up in a bunch for him to even start thinking straight.
        Confused by religion
        • As long as MS is building products, there will be plenty of problems to

          talk about.

          Well, maybe if Balmer and Gates left and they lost the monopoly and were forced to give the customers what they wanted in terms of simplicity, reliability, security, we wouldn't have any more to complain about.
          DonnieBoy
          • There is...

            "Well, maybe if Balmer and Gates left and they lost the monopoly and were forced to give the customers what they wanted in terms of simplicity, reliability, security, we wouldn't have any more to complain about."

            There is an OS that does all th... Umm ... Ok maybe not, I guess MS, MAC and OpenSorce squashed it before it got out.
            zedman2006
          • Either you are jokeing or yopu are insane

            The only reason Windows has security risks is because it was made to be the most simple operating system to use, thats what the public wants, not an operating system that was simple to build but difficult to use like Linux.

            Just because you are built simple and are someone who is difficult to be around, you are mistaken if you think even a small portion of the public can stomach the likes of you and your nonsense, so why would they tolorate it from an operating system that was built simple and difficult to work with.
            Cayble
          • Because it's easy to use?

            Actually, no.

            Windows is certainly easier to use than Linux and perhaps not as easy as the Mac (although, overall, I'd dispute that). But there are two main issues that affect it's security. It was built to maintain compatibility with legacy software and hardware and it wasn't really designed to be a true network operating system at the beginning.

            The first does factor into ease-of-use with respect to setting up and adding to the computer. And MS has done an impressive job of it, considering how well it allows components of different eras and from widely different sources to function within the environment. But that has affected the company's ability to make a stable and secure OS. That's not a criticism, really. It's amazing how well the whole kludge works (especially a nightmare of a system like the one I have at home). But it's a design choice that has consequences.

            But the other can be laid at the feet of MS programmers. They get credit for setting the limited user accounts, but they should be lambasted for not building that in from the start for any OS designed to be networked. And that goes back to Windows for Workgroups. Over a decade ago. And far too many of the flaws were the result of sloppy coding. Gates admitted as much with his open memo on security a few years back.

            Granted, MS has made some impressive leaps ahead relative to where they were. But the starting point was far behind where it should have been. It isn't hard for a high school student to ace a test written for someone in the fourth grade (at least, it shouldn't be, but that's another topic). But that doesn't mean that he should get credit for it.

            Like it or not, DonnieBoy makes some good points. He may not have expressed in a way you like and you certainly don't seem to agree with him. But that's no reason to reduce this to a level of a personal attack.
            mds_z
          • Problems

            As long as anyone is writing something as complex as an OS to run on modern computers there will be problems. It's a fact of life that people aren't perfect and therefore their creations won't be.
            JimSatterfieldW
          • Your wound a little tight today, aren't ya.

            .
            Hrothgar - PCLinuxOS User
        • IF he had even one real point...

          But he never does. His ummm, "information" is nothing more than repeating what he reads from MS bashing sites. He has no experiance at all, he has no real facts, and apparently never will...

          Actually kind of sad when you think about it. Sort of like the kid that reads the backs of comic books for his fact gathering...
          No_Ax_to_Grind
      • Millions of lines of new code and tons of new features can NOT be added

        without huge risks, especially knowing the company. Yes, MS is trying to add security features and do a better job of auditing code. But, based on past experience, they talk a lot, but the security holes just keep poping up.

        The fact is that Microsoft put the emphasis on all kinds of new features (to help maintain lockin), when customers wanted security and simplicity.

        Vista could eventually be more secure than XP, though the promise of XP being more secure than Win98 never materialized. I doubt that the promise of Vista being more secure than XP will never materialize either.

        If security is important use Linux or Mac. Just that simple. If you really need to keep the Windows platform, but want to minimize risk, stay on Windows XP and use FireFox, Evolution, OpenOffice.

        Again, a Dan Quayle type trying to tell us it is a myth that Vista won't be more secure if pretty funny.
        DonnieBoy
        • DonnieBoy, you do more to harm Linux than any MS person.

          Keep ranting cluelessly, it shows the world just how desperate Linux and its supporters are.
          No_Ax_to_Grind
          • So, you are claiming that MS can add millions of lines of code and new

            features without impacting security??? You are about as smart as the blogger here, Dan Quayles brother.
            DonnieBoy
          • Exactly

            Microsoft rewrote IIS6 from the ground up after IIS5, and the result was a MUCH more secure webserver. IIS6 has had very few flaws discovered siunce it's release. Apache makes it look like fort knox.

            So how to do explain that Donnieboy. Obviously, rewriting IIS from scratch involved TON of brand new code. Where were the huge problems?
            toadlife
          • Well..

            I doubt they actually re-wrote everything, but that is just my own skepticism.

            The difference would be the part about maintaining backwards compatibility. Backwards compatibility for a web server is nothing. If there were alot of flaws found that would not look well on those programmers. Especially with all the tools available to find them. Then there is the issue of default install which causes many, many problems. They lock IIS down by default now.

            But trying to maintain that for Windows is a nightmare. Now, if Windows Vista had no backwards compatibility, then I might agree with you.
            Patrick Jones
          • re: Well

            My point was not that an OS and a web server are directly comparable - just that new code does not automatically imply new or more security problems. IIS6 has to have been rewritten because while issues are continue to be found in IIS5, the same flaws are not present in IIS6.
            toadlife
          • Whats wrong with you?

            Before you post another message at least answer that so we know what kind of doctor to call to cure your poor sick mind.
            Cayble
          • Do you think so?

            I mean, is there really anyone considering different platforms that is dumb enough to base their opinion off of one person? In the talkbacks? By someone going as DonnieBoy?

            I don't know who you deal with, but if anyone came to me saying "look how desparate Linux is because of DonnieBoy's rants," I think I would have to slap the stupid out of them.
            Patrick Jones
        • Man... The FUD is getting deep...

          [b]If security is important use Linux or Mac. Just that simple. If you really need to keep the Windows platform, but want to minimize risk, stay on Windows XP and use FireFox, Evolution, OpenOffice.[/b]

          Geeze. You sure don't know much about the Mac... While FreeBSD, OSX's root foundation IS indeed fairly secure, the OSX programming team tore down a LOT of the saftey nets surrounding FreeBSD to make things work better - more user friendly.

          Solutions that "solve" issues by delivering an OS that's main claim to fame is it's obscurity - no one bothers hacking them because the market penetration is too small aren't solutions. It's a bailing wire and duct tape solution.

          And Firefox, while it's a nice enough browser, has been found to be much less secure than it's originally been touted. Once it hit critical mass, hackers started paying attention to it. Now the bugs, exploits and security holes are coming out of the woodwork.
          Wolfie2K3
        • Mixed up logic!

          Obviously, the winner in the operating system wars will be the biggest target for the terrorists. If the Mac or Linux fans ever win over the masses, they will become the target. The winner draws the fire from the bad guys.

          And unless you have a genetic connection, Dan Quayle had nothing to do with your obvious stupidity.
          TerryNT