Vista Security — Too Little Too Late

Thomas Greene of The Register has a fairly comprehensive review of Vista and IE7 user security measures. The verdict is: better but not adequate, and mostly an attempt to shift blame onto the user when things go wrong. From the review: "[Vista is] a slightly more secure version than XP SP2. There are good features, and there are good ideas, but they've been implemented badly. The old problems never go away: too many networking services enabled by default; too many owners running their boxes as admins and downloading every bit of malware they can get their hands on."

Vista security is..

.. A Dialog box asking if you wish to run the exploit or not.

And it is the first thing to be disabled for sure.

Re:Vista security is..

[madcow_bg]

If that was it, then the security team has won the game!
Alas... I think it is asking for everything, therefore asking for nothing. An automatic OK is just as bad as no confirmation asked. Even worse, IMHO.

Re:Vista security is..

[Gription]

People running as admins isn't even close to the real problem with UAC. (User Aggravation Control) The real problem is their whole concept of security is flawed. Any conceptual framework that it relies on the user knowing enough about computers to make a decision about what you should and shouldn't do is going down in flames.

Here is a little tidbit to shock you...
The vast majority of users that use a computer don't really know anything about computers and they shouldn't have to!!! If a computer is operating correctly they shouldn't even have to think about their computer. They should be thinking about their task at hand. They shouldn't even want to "know about computers" because if they did they would have different jobs. (A lot of "computer people" can't get it through their heads that the users shouldn't have to know much about computers and if they all did the "computer people" would be mostly out of jobs.)

The very first example of MS's real conceptual problem with computer security is showcased by the first thing you see when you start up the computer. Let me ask you: What do you need to know to get into a computer? A username and a password. So MS's idea of increased security is to hand you a list of all the usernames on a platter so you can skip past the "find a valid username" step and go straight to the "lets find the user with a weak password" step. I haven't even been able find a way to force a 'classic' text login. We are 'clicking' our way into the pits of hell.

Right after XP came out Mr. Bill public stated that "the next version of Windows will not be an Operating System. It will be a Digital Rights Management Platform." He said it in public and everyone seems to have forgotten it. Why would anyone PAY for a system that's only reason for existence is to inhibit the user's actions? Bill is a master at knowing which way people will jump. (That is the only thing he is really brilliant at.) He knows that people won't rush out and buy a DRM/Platform so he has to sell it as something different. It is pretty easy to do too. People (are Raccoons. Give them something shiney and their eyes glaze over and they will clutch it with both hands and won't let go. Vista has every bright and shiny go-ga that MS could throw in. Will Vista be a "success"? Of course! The Raccoons will demand their bright/shiny (pointless) 'upgrades' because how can we live without a computer that will use video as a desktop image. (I think that running the movie Idiocracy as a desktop would be perfect!)

BTW - Has anyone figured out a hack to force an old style text login? I might even mod your posts up if you find a solution and share it! ;-)

Re:The OS that cried "wolf!"

[Blue+Stone]

It's almost like Microsoft, sick and tired of all the complaints about poor security in their operating systems, said, "RIGHT! If you want security, we'll GIVE you security!" and then handed it out as a punishment.