Slashdot Mirror
More Headaches from Vista Security
Michael Cooney writes to tell us Windows Vista may have some serious headaches in store for corporate users with third-party authentication systems like VPNs. From the article: "ISVs say rewriting their code for the new architecture will produce headaches that will extend to their customers that have deployed strong authentication such as biometrics or tokens, enterprise single sign-on and a number of other systems integrated with the Windows authentication architecture."
Hasta la Vista security.
$sig$
Wasn't it just a couple weeks ago we were lamenting "what could have been"?
Microsoft capitulates and disables large chunks of Vista security by default in order to appease corporate customers. People are up in arms.
Microsoft rewrites architecture to make things more secure. People are up in arms.
Me, I'm with the "Good!" crowd. Make things more difficult for me when I transition. It'll make things easier later on.
ACs are modded -6. I don't read you, I don't mod you, I don't see you. Don't like it? Don't be a coward.
Wait a minute! Did you just compare Windows Vista with Ferrari?
As expected the summary on /. is just trying to be inflammatory. The real gist of the article is as follows: Vista will require some programs to be re-written, espcially ones that interfaced closely with the old operating system. Thus many authentication systems will need to be updated. It's not really unexpected or unheard of for new APIs to break old programs. So if you want to bitch about how Vista is going to make you rewrite your code go ahead (I know I am not looking forward to it), but don't pretend it is a security problem.
Philosophy.
The more interesting question (imho) is why Microsoft abandoning GINA since "the company had started talking about it at its Professional Developers Conference last September."
This ain't a Microsoft problem. When Linus decided to change the driver model in the kernel, many hardware vendors had to rewrite their drivers. When Solaris 2.5 came out, all those SunOS 4.3 drivers became obsolete. Of course, if documentation of the upcoming Vista security model was hard to come by then these vendors would have a real beef, but no-one is saying that this is the case.
Vista Security - I sincerely hope that's not going to become another famous oxymoron like previous Windows releases. Remember how XP was the most secure operating system ever until a LAN flaw was found, then later Blaster made XP SP1 default security pointless?
If Vista's default installation isn't cracked wide open by a worm in the first 90 days, then it will be a victory for Microsoft.
Oh You POS
US Democracy:The best person for the job (among These pre-selected choices...)
Dont use windows use Linux problem solved
In other news, random Slashdot user creeves1982 blurts out the usual Slashdot banality about Linux.
It's not so simple and you know it. You can use Linux. I can use Linux, but many MANY people can't use anything but Windows, because they're not computer-oriented, have been trained with Windows-XX and Word/Excel-YY and wouldn't conceive anything else exists, must less be able to use it.
That's how the world is. Microsoft is still the biggest OS and software vendor in the world despite its many shortcomings and its outrageous economic practices because the Windows userbase is massively reluctant to change. The real challenge is to make Linux truly as user-friendly as Windows, and to get users to discover it and get used to it. Simply saying "use linux problem solved" is childish.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Corporation (in voice of Smithers): But if you do that, then no 3rd party software will work, and we will be forced to use MS.
Bill (in voice of Mr. Burns): excellent./p?
It puts the lotion on it's skin, or else it gets the hose again.
I have the feeling that at this point the managers in Redmond care less about security and more about actually _shipping_ the product.
;-)
To maintain backwards compatability with other Windows versions, of course...
Wait a minute! Did you just compare Windows Vista with Ferrari?
It's expensive to own, expensive to fix, and makes you curse like an italian.
Your point is ???
Take the cheese to sickbay, the doctor should see it as soon as possible - B'Elanna Torres, "Learning Curve"
Yep. Any time you're interfacing with the OS at that low a level, you have to consider that new versions of the OS might be different under the hood.
I used to run PCAnywhere on a Windows NT 4 server. We had to dance around on one foot while swinging a chicken around our heads, singing voodoo chants backwards to upgrade the OS and PCAnywhere at the same time, all so that we could get PCAnywhere to (a) work and (b) not crash the server on boot once we upgraded it to Windows 2000.
Here's a great idea:
Don't upgrade. You don't need Vista anyway.
There's 3 problems here.. all Microsoft's.
first, this is not enough notice for heavy duty security testing. Things like log in script changes should have been final with the first beta. Trivial changes would be OK, but at this point nobody should have to expect sweeping API changes. ID security products expect to have long term testing completed by the time Vista is on the shelf... that's not a starting point for testing key security features.
Why didn't Microsoft work with providers to solidify the API first, then maybe tweak it if necessary? Apple gives Devs a 3 - 6 month start for stuff like this at WWDC with the new features... why can't MS? I understand this is a huge change.. all the more reason to DOCuMENT it up front!!!
Lastly, if security is so important, why are they still mucking about with login changes 6 months before release?! Authenticating to networks is the core of security! cutting out the key providers of enterprise level stuff is just embarassing. All the more reason to look for MS on the way out soon.
Sadly the DRM functions in Vista is more about making the lives of intrusive spyware easier, not harder. This is because Vista has support for drivers untouchable by the users. Microsoft calls it security, i call it rootkits built into the OS. Blizzard and the rest of the pinheads will be using Microsofts DRM to make your computer a real VIP party for everyone byt yourself.
HTTP/1.1 400
The way "Windows authentication architecture" is extended in XP is very limiting - essentially you write DLL (so called GINA) that replaces part of XP log-in system and this DLL is responsible for retrieval of users credentials for Windows. However it was possible to have only single GINA installed at the same time, so if you wanted to have two security products installed - you were in trouble.
Now Vista will support new architecture for security providers with possibility of multiple providers registered at the same time. A definite improvement for users.
In fact the new architecture is not THAT different from the previous one, so the entire article is moot. Then again, it's SlashDot...
Slashdot - free anti-Microsoft propaganda 24/7
Oh, please! Learn your OS history. NT/XP never sat on top of DOS, Win3.x or Win9x. The original NT design was actually supposed to support multiuser UI sessions out of the box (hence the entire UI being designed around a client/server RPC model) but it didn't end up that way for any number of performance and time-to-market constraints.
The Vista design could best be described as a multiuser kernel that got hacked up to service a single user GUI that looked a lot like the existing single user product that was on the market, which was then moved into the kernel to improve performance, which then got a multiuser terminal layer hacked over the top (using the multiuser not-GUI-part-of-the-kernel that was already there), which then got morphed into "Fast User Switching".
The multiuser UI in Windows XP/Vista is most definitely a hack, but it's got nothing to do with Win3.x or DOS.
As for the original context - (yawn). OS upgrades change APIs. MS has been working on security so their security APIs are going to change. If you tie yourself to MS, then you get to do some work to use their new APIs. Nothing to see here - move along.
Fear: When you see B8 00 4C CD 21 and know what it means
Multiple GINA programs is fairly straightforward.
A single registry value holds what GINA to execute. If the registry value is blank, it executes MSGINA (the Microsoft default).
If you replace the GINA with a 3rd-party program (VPN, Wireless, Encryption, et cetera), then the 3rd-party is responsible for either (a) completely handling the logon, or (b) passing control to MSGINA when it is finished executing.
As a rule, this happens by your 3rd-party GINA keeping a value of its own (in the registry or INI) of what the previous GINA was. That way, if you install a new GINA, when it finishes executing, it calls whatever GINA *used* to be in the default registry location.
First you have MSGINA.
You install ENCRYPT-GINA.
ENCRYPT-GINA executes and calls MSGINA.
Then you install VPN-GINA.
VPN-GINA sees ENCRYPT-GINA as the GINA to execute when complete.
VPN-GINA executes and calls ENCRYPT-GINA
ENCRYPT-GINA keps its own value for what to call next and calls MSGINA.
Add all the GINAs you want.
It's true that *some* GINAs don't play nicely, or won't always execute if a certain GINA has executed before it (or comes after it) - but for the most part it works.
The only REAL problem is when a GINA is stupid enough to place itself incorrectly in the chain -- which can leave a machine executing GINAs in a loop...and Windows is smart enough to restore MSGINA when that happens anyway.
"Vista Security - I sincerely hope that's not going to become another famous oxymoron like previous Windows releases."
Hey, you hit on another oxymoron (at least with regards to Vista) - "Windows release".
Duck and cover, duck and cover...
#DeleteChrome
You're missing some important points where the analogy completely fails:
1. Ferraris are built extremely robust, so you can crash at 150+mph and walk away with a few scratches (google for the Enzo which crashed recently in California). I wouldn't call Windows "robust".
2. Ferraris are extremely attractive machines. Windows looks like it was designed by Fisher-Price.
Never said it (they) did. Actually if you look at your direct quote from my post, I used the term "paradigm". So, in that context, let me expand a bit: the paradigm was very much an assumption, one machine/computer, one user, hence the bizarre logical drives, all accessible to all levels by all users (by default at least -- yes, that's now changing, welcome to century 21).
As for intent, I was on the original NT Beta support team at Microsoft (there were 16 of us), and after walking in the door, I immediately began asking for information on setting up my machine with a multi-user configuration. The team treated me like I was some sort of nut case -- they emphasized multi-user meant multiple users could access services on one machine (file services, not new in NT though, etc.), not multiple users logged onto one machine.
They were barely comfortable with the notion of more than one user ever using one machine, even one user at a time!
As for all of this being a hack, you are absolutely right. I would actually probably be less adversarial with Microsoft if they were more candid about things like this, but to read their literature, they concede nothing, ever. (For example, the initial security access levels "rings" in the NT kernel were elegantly designed and promptly trampled to allow performance by granting direct video hardware access to non-privileged code -- go figure.)
I joined Microsoft in 1992 excited about being a part of what I thought was a sea change in their OS direction. I left shortly after when behind closed doors I discovered it was a facade designed to show Microsoft was ready to play on the same court with the big boys (namely, Unix). Unfortunately, they weren't. Unfortunately, they got away with it. Unfortunately, even today, they don't stand up to hardened Unix systems (they're closer than ever, but still not there).
It's not "a good thing" when they change how database connection pooling works.
It used to be recommended practice to stick the db connection in the session object at session.start.
Option Pack 4 changed this behaviour. But it didn't show up until the websites you had already deployed started to get "un-reproducable" errors. The unpooled connections hung around for 30 mins after the last request for that session. Once the site got enough traffic it started killing the application. Could be 6 months, could be a year. Took a while to work that one out, much to the annoyance of my customers, and at my expense "you wrote it, it must be a bug in your code, bug fixes are covered in our agreement". Getting off the MSDN treadmill was glorious.
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
Love 'em or hate 'em, Microsoft's historic strength was that they made it very easy (many would say TOO easy) to write software for Windows. Because Windows' genesis was in the pre Internet days, they designed it in a way that made it powerful for developers but insecure. Now that they're finally GETTING IT and making Windows Vista more secure, the people who have been writing software for Windows are going to have to do a little more work to make their stuff work. This is probably all for the best but it may open up opportunities for other platforms during the transition to secure Windows.
Windows may be breaking things for RSA Tokens that are expensive and expire in three years, but they are adding in much native support for smart cards that are much cheaper than RSA Tokens and do not expire in three years. US Department of Defense, US Federal Govt and big corporations like HP and Sun have adopted Smart Cards. I am not a MS fan, but re-architecting their login and vpn for native smart card support does not seem a bad idea. We should at least look into the economics of smart cards, they may save IT money in the long run.