Slashdot Mirror
Windows Vista - Not So Bad?
Shantyman writes "ZDNet has a counterpoint to the negative impressions of Vista's Beta 2 going around. Entitled Vista Beta 2, up close and personal, Ed Bott writes: 'I've spent the last three months running beta versions of Windows Vista on the PCs I use for everyday work. February and March were exasperating. April's release was noticeably better, and the Beta 2 preview - Build 5381, released to testers in early May - has been running flawlessly on my notebook for nearly three weeks.'"
From the very first paragraph of the article:
Wasn't there a slashdot reference to an article in the last week where Microsoft "was considering" removing admin access from their employees? That doesn't sound like "eating their own dogfood". As long as they're all running Windows with the highest access levels (admin), they're potentially missing serious security problems.
Since Lowest User Access (LUA) is a huge issue around tightening Windows security, running Vista within Microsoft means little around testing security. And, unless they're shipping Vista with defaults of non-admin user accounts, the beta testing world isn't likely to bang on that code hard enough.
It's not clear from the article, nor do I know enough about the Vista beta (not about to try it on any of my machines...) whether the LUA concept is in play. Any beta testers out there care to weigh in?
April's release was noticeably better, and the Beta 2 preview - Build 5381, released to testers in early May - has been running flawlessly on my notebook for nearly three weeks.
I haven't tried b2 yet, but from my experience with b1, I didn't so much have a problem with "stability" as the fact that it had nothing new that I wanted.
Not to say it doesn't have PLENTY of new ways to waste CPU and memory, as well as DRM-to-the-core, but I can't really say I consider those a reason to upgrade.
Rearranging the clicky-widgets doesn't make it "new", and taking away the user's rights on their own machine doesn't make it "improved". Making it harder to pirate doesn't make it "secure". Throwing in an SQL server turned on by default might make it "biger", but not in a good way.
Me and some of my coworkers have been running vista build 5308 and I just installed build 5381 on those machines and they have been running very well. The install was improved and the interface is running a lot smoother and the new ati beta drivers are working good too. It's also running directx 10 now compared to 9L in the last build. We also have Office 2007 Beta 2 running on it and that too is working very well, We have both machines on a 2003 active directory network with exchange. The UAC does get annoying when it keeps asking you if your sure you want to do things, but a quick skim through the local security policy solved that :-) All in all I'd say Beta 2 has improved greatly over the past few releases. The memory usage at least is way down. It was using about 750mbs on our machines. I am upset that an Athlon X2 4200, with 4 gigs of ddr-400, a sata2 80 gig drive, and an atix1300 with 265mb on the card only gets a 3 out of 5 on the stupid rating system. Especially when everything works smooth, including the 3d page flip. I do feel that the "minimum requirements" that microsoft posted are of course a joke but that's nothing new.
I was just thinking "i know i like it better, but really, what do i like better about it?"
Then something occured to me.
Right now, i am copying 4GB of files off a usb disk to a network share. The shell file copy stuff has been completely re-worked (shell file operations has always been something that i have hated)
In vista, you get an expand/collapse pane to get details of what it is doing, and it seems to happen in its own thread. The copy dialog window shows up as its own window that you can minimize/restore/whatever, and best of all, it doesn't hang/slow down the shell in any way.
Note that XP and OS X (as of 10.3) get this badly wrong - the file copy dialog in both tends to be slow to repaint itself or to respond to window messages, and if you use a separate explorer/finder window to try and access the destination you're copying to, the window lurches slowly to try and redraw.
Not so with Vista.
So there you go - here is something that was so annoying to me in XP that I had just stopped using the shell to do any sort of large file operation - i'd break out cmd.exe and xcopy. Vista has fixed at least some of the file copy problems very admirably.
There are a lot of cool "small" things that I see, but maybe you have to be kind of nerdy to apprecate them? The task manager has some cool features on the build I am running. The eventviewer (eventvwr) is a completely new animal and is way cooler than the old one
A nice use of the pervasive desktop search integrated into the explorer windows is in Control Panel. We're pretty good about changing control panel wildly between releases, and I never remember which menu your system environment variables or enabling remote desktop or changing it so that the "Explorer:Start Navigation" sound is (none). Now i just hit "start->control panel", click in the search box for something like "sound" and i get search-as-i-type results that are pretty accurate and take me right to the control panel i want to go to.
Is any of that a big deal? No. Does it make me love Vista when i think about how much i hated doing that stuff on XP?
Yes
Apparently, there are a lot of "big" changes under the hood of Vista, but you don't always see them in a big way.
My opinions are my own, and do not necessarily represent those of my employer.
Sorry Microsoft, but I'll never buy (or even *use*) that kind of crap.
[javac] 100 errors
Please stop that hype about Vista. It's not even here... when it comes and is good, then start spreading articles about it. It's similar to cars... a lot of hype of some upcoming car, but nobody knows yet if it's safe and how does it work. Just some pictures and hype hype hype ;)
Pixel image editor - http://www.kanzelsberger.com
I have been involved in computer security longer than Microsoft has been shipping an OS with any security at all. That includes Xenix. I've been watching this train wreck called the Microsoft HTML control for a decade now, and every time I point out how horrible it is some Microsoft apologist comes up and tells me I'm trolling, and that Micrsoft has got it right this time.
.NET, honest".
So far they have never been correct.
If you had bothered to read almost anything about Vista from the last year, you'd know that they are much bigger on the non-admin roles.
Windows maze of interlocking privileges means that this doesn't matter. There's so many ways to boost privilieges that almost any combination of non-frustrating privileges is going to end up equivalent to root.
The first time I used WIndows NT, I tried out several obvious attacks on the privilege model, and succeeded more often than I failed. I was even able to boost Power User to Local System, which actually has more privileges than Administrator.
If you had done some more reading (say, some of the comments posted earlier on this story), you'd see that even if you are running as administrator you still don't have full root priviledges, and have to confirm certain changes.
"You have to cofirm certain changes" says absolutely nothing about the privileges you have.
Nothing.
Confirmation and approval dialogs are almost worthless from a security standpoint. They operate at the application level, and the component that generates them has to have the privileges they're allegedly protecting, since Windows doesn't use UNIX's far more flexible and secure "setuid" mechanism. This means that not only do they they provide little protection for accidents by users, they provide NO protection from exploit code.
None.
Zip.
Layered security is wonderful.
Unfortunately, Microsoft has yet to implement it.
One of the principles of layered security s that you design each layer as if it had to perform the whole of the security protection, then you implement the next layer *anyway*, and you design it under the assumption that the first layer will provide no protection.
Microsoft designs each layer so that it's only as secure as they feel convenient, in the naive belief that the other layers will be used and will cover for them.
Other operating systems allow you to bind services to unique ports and interfaces, so that local firewalls are an additional layer of security. Microsoft needs firewalls to prevent people from attacking insecure local services because they have no other way to limit them to listening only at localhost.
Other browsers treat untrusted documents as untrusted, and assume that if their security fails the whole system is broken. Microsoft has the browser trust the HTML control to do the job, and doesn't give the HTML control enough information to do the job, and rather than GET RID OF the whole pile of ActiveX and "Security Zones" and "trusted sites" they're now pushing people to use "we got it right this time in
If I were to tell you exactly what I thought of this approach to "layered security" I'd be banned from slashdot for abusive language.
Troll, forsooth, for nothing less than the simple truth.
Do you similarly think chroot (and other equivalents) implies everything else runs as root ?
[...] (b) they've given up on keeping IE from being a slutty little spyware freak, and assume that no matter what they do it's gonna get infected.
The primary purpose of a web browser is to download, parse and display data from untrusted, unverifiable sources. They are inherently insecure applications. I'd say bundling the web browser up into its own little isolated pocket of permissions is a damn good idea. Expect to see OS X and "user friendly" Linux distros follow suit within 12 months.