Vista Security — Too Little Too Late

← Back to Stories (view on slashdot.org)

Vista Security — Too Little Too Late

Posted by kdawson on Wednesday February 21, 2007 @01:02AM from the five-years-work dept.

Thomas Greene of The Register has a fairly comprehensive review of Vista and IE7 user security measures. The verdict is: better but not adequate, and mostly an attempt to shift blame onto the user when things go wrong. From the review: "[Vista is] a slightly more secure version than XP SP2. There are good features, and there are good ideas, but they've been implemented badly. The old problems never go away: too many networking services enabled by default; too many owners running their boxes as admins and downloading every bit of malware they can get their hands on."

3 of 483 comments (clear)

Min score:

Reason:

Sort:

Re:Limited User Accounts by SCPRedMage · 2007-02-21 01:30 · Score: 3, Informative

With UAC on, the only difference between an admin account and a limited user account is that Windows doesn't ask for a user name and password when you need to use admin rights; it just asks you to OK it. Unless you OK admin rights to an app, you're still running with limited user rights.

If someone figures out an exploit to make that "OK" automatically, yes, running as admin will be significantly less secure. Until someone figures that out, though, running admin with UAC on is just as secure as running as a limited user.

And as far as users finding UAC "annoying", riddle me this: how is any more annoying than Linux? Linux will do the SAME DAMN THING as Vista's UAC. It'll make the SAME prompts when trying something that requires admin rights as a limited user. The only difference is that Vista gives you the prompts while running as root, too. You can't blame M$ if stupid users disable security features they find "annoying" while praising Linux for doing the same thing.

--
My sig can beat up your sig.
Article is putting Windows in too good light by pesc · 2007-02-21 01:38 · Score: 4, Informative

From the article:

As Billg likes to point out, Windows is the platform on which 90 per cent of the computing industry builds, and this naturally means that it's the platform on which 90 per cent of spyware, adware, virus, worm, and Trojan developers build. That translates into 90 per cent of botnet zombies, 90 per cent of spam relays, 90 per cent of spyware hosts, and 90 per cent of worm propagators.

This implies that Linux, Mac, Solaris, VMS, etc stands for 10% of the malware. This is not true. I would guess that non-Windows systems have less than 1% of the malware.

--

)9TSS
Re:The OS that cried "wolf!" by malfunct · 2007-02-21 04:35 · Score: 3, Informative

Its possible that the version he tried was a beta or RC in which case there were more dialogs popped and have since been fixed.

--
"You can now flame me, I am full of love,"