Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Headaches from Vista Security

Posted by ryuzaki0 on from the bottle-of-pain-medication-shipped-with-every-sale dept.

Michael Cooney writes to tell us Windows Vista may have some serious headaches in store for corporate users with third-party authentication systems like VPNs. From the article: "ISVs say rewriting their code for the new architecture will produce headaches that will extend to their customers that have deployed strong authentication such as biometrics or tokens, enterprise single sign-on and a number of other systems integrated with the Windows authentication architecture."

5 of 240 comments (clear)

  1. Good! by Southpaw018 · · Score: 5, Insightful

    Wasn't it just a couple weeks ago we were lamenting "what could have been"?
    Microsoft capitulates and disables large chunks of Vista security by default in order to appease corporate customers. People are up in arms.
    Microsoft rewrites architecture to make things more secure. People are up in arms.

    Me, I'm with the "Good!" crowd. Make things more difficult for me when I transition. It'll make things easier later on.

    --
    ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
  2. Re:At this point... by From+A+Far+Away+Land · · Score: 4, Insightful

    Vista Security - I sincerely hope that's not going to become another famous oxymoron like previous Windows releases. Remember how XP was the most secure operating system ever until a LAN flaw was found, then later Blaster made XP SP1 default security pointless?

    If Vista's default installation isn't cracked wide open by a worm in the first 90 days, then it will be a victory for Microsoft.

    --
    Oh You POS
  3. Fortunately, there is a solution by Dachannien · · Score: 4, Insightful

    Here's a great idea:

    Don't upgrade. You don't need Vista anyway.

  4. Re:Lame... by mabhatter654 · · Score: 4, Insightful
    When you're talking about RSA, you're talking about ISVs expected to have "0-day" compatibility. IT people will want to buy a windows vista box for dev purposes then find out they can't authenticate to their network for months because there's no plugin available.

    There's 3 problems here.. all Microsoft's.
    first, this is not enough notice for heavy duty security testing. Things like log in script changes should have been final with the first beta. Trivial changes would be OK, but at this point nobody should have to expect sweeping API changes. ID security products expect to have long term testing completed by the time Vista is on the shelf... that's not a starting point for testing key security features.
    Why didn't Microsoft work with providers to solidify the API first, then maybe tweak it if necessary? Apple gives Devs a 3 - 6 month start for stuff like this at WWDC with the new features... why can't MS? I understand this is a huge change.. all the more reason to DOCuMENT it up front!!!
    Lastly, if security is so important, why are they still mucking about with login changes 6 months before release?! Authenticating to networks is the core of security! cutting out the key providers of enterprise level stuff is just embarassing. All the more reason to look for MS on the way out soon.

  5. Re:Win-Win by Grishnakh · · Score: 4, Insightful

    You're missing some important points where the analogy completely fails:

    1. Ferraris are built extremely robust, so you can crash at 150+mph and walk away with a few scratches (google for the Enzo which crashed recently in California). I wouldn't call Windows "robust".

    2. Ferraris are extremely attractive machines. Windows looks like it was designed by Fisher-Price.