Slashdot Mirror
Vista Security — Too Little Too Late
Thomas Greene of The Register has a fairly comprehensive review of Vista and IE7 user security measures. The verdict is: better but not adequate, and mostly an attempt to shift blame onto the user when things go wrong. From the review: "[Vista is] a slightly more secure version than XP SP2. There are good features, and there are good ideas, but they've been implemented badly. The old problems never go away: too many networking services enabled by default; too many owners running their boxes as admins and downloading every bit of malware they can get their hands on."
.. A Dialog box asking if you wish to run the exploit or not.
And it is the first thing to be disabled for sure.
I'm shocked at these allegations!!!
can't believe I'm speaking up for Vista but ...
User security, is like car safety. It's nice to design for "in case shit happens" but if you drive like a lunatic, you're likely to get hurt.
I think a large part of security involves the self. People don't do enough thinking, and are too lazy to follow simple security procedures. No automated tool or system, that allows some freedoms can protect people entirely. Think about it, the OS'es solution to malware? Only allow MSFT signed binaries to run. But this is horrible as it means only MSFT can authorize binaries and it cuts out 3rd party developers.
At some point the users themselves have to stop and learn how to use their computers properly, if they want to use them. If they're too lazy to figure it out, *and* demand security, they should not use a computer.
Of course it's largely MSFT's fault for breeding a culture of contempt for knowledge. Oh look it's so easy anyone can use it with zero training.
Imagine if MSFT made automobiles (but with the a yolk instead of a wheel/pedals, and other "standard improvements"). No training required!
Tom
Someday, I'll have a real sig.
If Microsoft wants to advertise here, to a crowd that largely doesn't care for them, more power to them.
And if Slashdot wants to take their money and then be critical of them, what's the problem with that either?
And there doesn't seem to be an official Microsoft stance on Slashdot anyway.
Except for ending slavery, the Nazis, communism, & securing American independence, war has never solved anything.
As dissatisfied as I tend to be of Microsoft's "advancements", I have to say that they should not be responsible for making their system impossible to screw up. Daddy just needs to learn to spend money on the high quality porn, instead of the cheap, virus loaded "Click for more!" free porn. But that doesn't address the fact that home users log in as admin. every time - no, that's a different hell right there; MS should make restricted access user accounts mandatory.
Once you start despising the jerks, you become one.
It's pretty obvious that you can't build a fort on a foundation of shit. Without a solid base to hold your fort up, it will sink into the fecal marsh and smell like high heaven.
The security of Windows has always been built upon such a foundation of shit. That's why it's had so many problems. Instead of drawing from the proven security models of systems like UNIX and VMS, the Windows developers went and rolled their own. And you know what? It was shit. It didn't have a solid theoretical underpinning like the security model of other systems have. It's been over 20 years later, and they still haven't looked to the proven models for inspiration.
"and downloading every bit of malware they can get their hands on."
Come on. More than anything, Microsoft is in a no-win situation to try and protect people from themselves. If everyone ran Linux instead of Vista there'd be the same damn problems.
If a thirteen year old wants to download smileys for their IM client, the kid is going to do it. If the software has spyware, then that spyware would do what it takes to open up or break the system. It's pretty damn hard to code against human behaviour.
Microsoft is always going to leave network services on by default because otherwise users might have to go admin and turn them on to get their software to work. Of course the goal is to relieve users of the need to be concerned about what's going on in their computers, but unfortunately it also relieves them of the opportunity to ever learn anything and thereby participate in their own security.
So, you can be "insecure by design", or you can expect your users to educate themselves just a little about how things work and their own role in the security equation. I'm sure the focus groups all say, "We'll take our chances, just don't make us have to think!"
With UAC on, the only difference between an admin account and a limited user account is that Windows doesn't ask for a user name and password when you need to use admin rights; it just asks you to OK it. Unless you OK admin rights to an app, you're still running with limited user rights.
If someone figures out an exploit to make that "OK" automatically, yes, running as admin will be significantly less secure. Until someone figures that out, though, running admin with UAC on is just as secure as running as a limited user.
And as far as users finding UAC "annoying", riddle me this: how is any more annoying than Linux? Linux will do the SAME DAMN THING as Vista's UAC. It'll make the SAME prompts when trying something that requires admin rights as a limited user. The only difference is that Vista gives you the prompts while running as root, too. You can't blame M$ if stupid users disable security features they find "annoying" while praising Linux for doing the same thing.
My sig can beat up your sig.
I think that's a bit low. There are only about 30 viruses for Macs (most of which are holdovers from OS 8 days) and I've not encountered one bit of spyware or adware. I don't have experience with Linux, but I imagine it's similar
I think the reason Windows is such a target isn't just its market share, but also its vulnerability.
I'm in the hole of the broadband donut.
*ducks*
When the second paragraph contains this quote --
In a nutshell, Windows is single-handedly responsible for turning the internet into the toxic shithole of malware that it is today.
you know it's going to be fair and balanced.
From the article:
As Billg likes to point out, Windows is the platform on which 90 per cent of the computing industry builds, and this naturally means that it's the platform on which 90 per cent of spyware, adware, virus, worm, and Trojan developers build. That translates into 90 per cent of botnet zombies, 90 per cent of spam relays, 90 per cent of spyware hosts, and 90 per cent of worm propagators.
This implies that Linux, Mac, Solaris, VMS, etc stands for 10% of the malware. This is not true. I would guess that non-Windows systems have less than 1% of the malware.
)9TSS
Oh, the article is from the Register. I see.. no surprises there.
I am the maverick of Slashdot
There are so many poorly written applications, form the bad ol' 9x days, or programmers who program like it's the bad ol' 9x days, that people often need admin just to use the application, because it wants to write files to protected parts of the FS, or to the registry. You can use tools like filemon and regmon to find this, but it's a pain in the but to find/fix it.
I just sent a suggestion to Microsoft. A virtual registry/file directory structure stored in each users profile, under the local settings folder. Whenever they try to write to one of those where they don't have privleges, it instead writes to the virtual system instead, transparently. If they have their settings set right it may prompt them to optionally write to the virtual system or fail, but most users won't want this, so it ought be off be default IMO. Next since the directory/registry-key structure is cached in memory (not the actual files!), or cached on a quick-to-read-file if there isn't enough memory, then it shouldn't add too much latency for the read-check. people who find they aren't using it should be able to turn the whole thing off without needing to give themselves administrator to keep the system working.
34486853790
Connection too slow for X forwarding? Try "ssh -CX user@host"
They don't do it because typing a password is too damn annoying.
UAC is still useful as an Administrator. Until you elevate your privileges, a UAC user *is* a regular user (essentially they have two possible tokens, a regular user token and an Administrator token, and unless you elevate, they're using on the regular user token). This means that the "protection" that it offers is the same; what differs is the ease with which you can switch between the two kinds of user (click a button vs. enter a password). So I don't think that's actually a huge problem.
Whenever something is done for which the regular user token isn't good enough, you can elevate to an Administrator token. That brings up the UAC prompt; it does it for broadly the same category of operations that MacOS X or Linux will demand root access for.
The thing is, the prompt is quite annoying. It's not any more annoying than it is on other OSes; they're annoying too. But a password is even more annoying than clicking the box. And if something is annoying, well, people are going to try to avoid it.
That's the dilemma faced by MS. If they make the thing too annoying, everyone will one way or another disable it. Originally UAC not only required a password, but also a ctrl-alt-del (so that the password couldn't be intercepted or anything). ctrl-alt-del to enter the password was too annoying; it was too intrusive. So they disabled that by default (though you can reinstate it if you want, through a GPO). Entering a password by default was also too intrusive, so again, they disabled it by default (and again, you can reinstate it across the board, even for Administrators, if you want). The reason they did this is because they want the level of annoyance to be livable. If UAC is so annoying that people outright disable it, it's useless. If it's a minor annoyance, they probably won't turn it off.
I've been using Vista since it went RTM, and I have to say, I don't see many UAC prompts any more. I did at first, when I was installing all my software, but now, it's pretty infrequent. It's certainly something I can live with. I did try cranking it right up--passwords for all users, with ctrl-alt-del to enter them--but it's far too annoying to put up with. I can't really fault MS for making the trade-off the way they made it. Hopefully, as applications improve, elevation prompts will become more infrequent (for example, I have to elevate to play Battlefield 2, because Punkbuster "needs" admin rights... this is something that they really need to fix), and when this happens, demanding a password to elevate won't be so onerous. But as things stand right now, there are just too many problematic applications. This isn't really MS's fault (it's not like NT's DAC is new...), but it is something that they've got to live with, and provide a solution for.
When you first install ubuntu, you will be prompted to create an user during installation, that users is automatically placed in the sudo list. When you tried to configure something that require admin privilege, it will prompt you for your password. So is command prompt, you will need to put sudo in front of the command to get admin privilege. However, for linux, your windows manager would remember your elevated privilege for a while so the same task would not ask you for the same login/password again for a while. For windows, it's kept coming back again and again.
Microsoft can't fix the users, there will always be the crowd blindly clicking OK or tuning off the firewall because their game's troubleshooting tells them to.
But reducing the number of services and installed programs running, can reduce the number of vunerabilities present and active by default. How long did it take for them to give the option of actually turning off Messenger, despite no one ever using it. The deault install should be the minimum needed to access the net and use office. If we are all used to prompts and downloading programs a wait of a few seconds to install a progam from a file in the Windows install folder, to run something new, shouldn't be too much of a problem.
Especially if we have the option of actually uninstalling IE7 completely.
And on another note, I have watched this Vista launch and still I wonder. -
Why should I get it? I see alot of hype but not a single reason to upgrade.
If this were really happening, what would you think?
The only story I want to hear about Vista security is what it fixes. We already know what Microsoft broke.
I've been telling you for years and I'll tell you again. The fix is:
Diversity is the only solution to internet security. The user gains immediate security in the short term. The community gains security in the long term as weak platforms are eliminated and can no longer be used to attack strong ones. Everyone wins when the monoculture ends. Free software provides both transparency and a diversity of hard targets. Confronted with rising costs, criminals will go back to their usual meat space businesses.
Friends don't help friends install M$ junk.
...is to lock it up by default and then the users will be FORCED to learn to make stuff work.
And I don't mean those pesky dialogs "Allow application to run?" but rather default low-permission accounts (which implies making it hard to create an administrator account -- which exists already), minimum services out-of-the-box and a checklist of stuff needed to be turned on for apps to function. It's not too hard to enable and start the printer spooler when installing a printer, is it? Or enabling the DHCP client service when needed?
IMHO, the whole idea of a centralized registry to keep all configuration for every installed application AND the OS is flawed.
It's funny the way he uses "IE7" when he's apparently talking about a mixture of IE and IE7... As far as I know, IE7 doesn't have many security bugs known until now, and especially not on Vista due to protected mode... Three letters - F, U, D.
So how exactly could this be better? By preventing the user to install/run any applications downloaded from the internet? It seems that the author of the article never heard about Security vs Usability tradeoffs (however he mentions them somewhere else, which makes it even worse...).
Oh my god, how surprising...
Some references would be nice, as well as proving that DEP and address space randomization won't be enough to counter the threat present due to those services...
That might be true, however it has nothing to do with the remark that Vista won't be enough to make the internet have less malware, etc.
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
"You can't polish a turd."
I think it would be nice if it came from the Creationism Class
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
This is exactly what Vista security is.
My main problem with Vista security is that it is an OS that cries wolf. When I installed Vista, I had to click no less than 50 security confirmation dialog boxes (it's important to note that these were security dialog boxes) within the first hour or so in order to do simple, stupid stuff that clearly should not have needed confirmation. Stuff like changing my desktop background. Stuff like moving some documents around on a removable hard drive. Stuff like copying a line of text from an IE7 edit box. Stuff like pasting that line of text into a different IE7 edit box. Stuff like creating a new text file on my removable hard drive. And so on, and so on, ad nauseum.
This isn't security. This is constant aggravation, and yes, I cannot imagine any normal user calling their geek friend after five minutes and saying, "How do I turn this damn thing off?" Even if they don't, they "mentally" disable it by simply clicking Allow without thinking. Hell, I'm a computer expert, and I did it. "You are installing the pwnzj00 virus." Allow. "You are sending your bank account numbers to Nigeria." Allow, allow, allow, dammit! Leave me alone!
I try to give Microsoft the benefit of a doubt. I'm not a zealot or a Microsoft basher, seriously. I think they've put out some good software, but on this point, I have to agree with the folks who are saying that Microsoft isn't serious about security, they're simply trying to push the blame for when things go wrong onto the users.
There's no way in hell that they could have conducted any usability tests and found the currently scheme acceptable. But they still let it out the door, most likely to meet some sort of artificial management deadline to keep the OS from shipping any later than it already had.
So now, we've gone from OSes that never alert you to potential security risks to an OS that is even worse because it alerts you to everything, security risk or not.
I'll be interested to see how Microsoft tries to fix this mess, both from a technical standpoint and a PR standpoint.
Because it's pretty obvious at that point the author is clueless.
Then again, it's the Register. What else to expect but clueless Microsoft bashing ?
The simple reason in a nutshell: The user cannot make a qualified decision based on the information the system gives him.
With the installer needing admin privileges, no matter if its trying to install a driver or a game demo, the user cannot make a qualified decision whether the privileges asked for are warranted or not. You could blame the user if it was not so. If the user could install a game with "reduced" privileges and it asks for full admin rights, he could smell the rat. He cannot in an environment that asks for admin privs by default for installations.
The only way he could would be to sandbox everything he plans to install and then trace and analyze everything the software does to his system, the files it produces, the data it downloads and/or uploads to/from certain servers, the entries it creates, changes and deletes in the registry... And of course he'd first of all have to know how to interpret this information.
If Vista would give the user sufficient information to actually make a qualified decision, I'd agree. Blame the sucker for being dumb enough to run the trojan. But simply telling him "Flash installer wants admin rights to install, continue?" is not giving him any information at all. What if I simply labeled a Trojan "Flash installer"? Of course it would ask for admin rights to install, that's what an installer does by default.
Give the user enough information to actually make the decision, then blame him if he makes the wrong one. If the user cannot make a qualified decision, all that remains is a game of chance and luck. And you could just as well get rid of those questions, simply because the user cannot answer them anyway with the information the system gives him.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
What I don't get is why they don't make the user a limited user to begin with.
It is.
Administrator in Vista != Administrator on XP (or earlier)
[article is not] fair and balanced.
That depends on your perspective. If you are Bill Gates, or drugged or both, you might think it's not fair M$ is blamed for all the M$ born malware that threatens the internet and every machine on it. If you are anyone else, you're dumbfounded the authors bothered to run Vista at all. It's funny how people keep doing the same thing and expecting different results. It's not surprising M$ results make people angry, but it is surprising people keep listening to them and giving their software a fair chance to fall on it's face.
The details in the article are pretty irrefutable. Eris's journal entry is not a bad summary if you don't have time to read further than the second paragraph.
Friends don't help friends install M$ junk.
The vulnerability of Vista or any other OS can be traced back to the requirement to modify the OS for software installation. It makes no reasonable sense that an end-user should modify the operating system when installing a software package (exceptions for servers but that's iffy, too). CONFINE the end-user software to the end-user's space (i.e., home directory) - and as suggested earlier, the notion of each user having an independent registry instead of the global system-wide Windows registry is a great idea. An infinite number of users should be able to use a Windows environment without any influence by one user upon another. This goes for all operating systems. I can't understand why this idea hasn't been pursued already. It's too late for Vista but in another 3 years or so this may happen.
One of these days Microsoft will realize that system-wide changes are killing them. Perhaps when they start leasing remote desktop connections for $9.95 a month they will figure this out.
I just sent a suggestion to Microsoft. A virtual registry/file directory structure stored in each users profile, under the local settings folder.
Congratulations. You've just suggested to Microsoft they do exactly what they've already done in Vista.
Isn't %APPDATA% similar to what you're talking about? Except, of course, that APPDATA is hidden from the user, and so impossible to properly back up unless you already know the ins and outs of what MS hides from the user.
It doesn't mean much now, it's built for the future.
Newflash, "If everyone ran Linux" then malware writers would target Linux distributions with malware they way they target Windows now. Monocultures are targets like that. Linux is great, but it's not unbreakable. If the average person has root access, they can do serious damage.
Now, if everyone ran Linux and knew what they were doing I suspect malware authors would have a much more difficult time accomplishing anything. But that isn't really a fair comparison, because if Windows users knew what they were doing, it would be much harder for malware authors too (remote exploits notwithstanding. But even these problems can be mitigated by knowledgeable users.)
"you are about to read a scary story about the lack of security in Vista. Allow or cancel?"
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
no, that still has to be programmed manually.
This would be in the lower levels of the operating system on an fopen type call.
fopen -> do you have privleges?
yes -> write file
no -> check to write to the virtual setup
yes -> write to the virtual setup
no -> fail with a no privleges error.
So legacy programs (or poorly written non-legacy programs) will still work, even if the coder doesn't know about %APPDATA%.
34486853790
Connection too slow for X forwarding? Try "ssh -CX user@host"
"And as far as users finding UAC "annoying", riddle me this: how is any more annoying than Linux? "
Piece of cake.
UAC annoys you when you try to run a setup program, _any_ setup program, for whatever reason, even a screensaver or desktop picture if it is a setup format.
In Linux you are not asked root's password to change desktop picture or installing random program and that's a major difference. Installed program has user account rights, but _that's the assumption_ and most programs respect that and, contrary to MS-systems, _can be installed and run_ just on user rights.
In MS-environment, _every_ program_ _must have_ (major) write-access to registry and system directories -> UAC every time you try to install or change anything. That's a _big_ difference. Like 1 to 100.
The idea that every program may write whatever they want in registry is outrageous. Only an idiot could design something like that.
Windows is still the only popular OS that has no decent security by default. With Mac OS X, Linux or BSD you got to have a bad admin if your box gets owned. With windows you only need a clueless user and you're screwed. So there has to be something wrong with the design. You can't blame the user for everything; "you shouldn't have clicked that", "you should have been running a better firewall", "you should have bought a better anti-virus software".
No wonder mr ballmer is worried about the competition
Ballmer repeats threats against Linux
really? I've never once seen documentation of this feature, got a link? Does it automatically shunt file-write attempts to there if done by a underprivledged user? Does it read from there first (if something exists) rather than from the file elsewhere?
34486853790
Connection too slow for X forwarding? Try "ssh -CX user@host"
Try here. Search for "File System and Registry Virtualization".
If you want more details, consult MSDN or Google.
There can't be an OS which you'll have to be root to actually be able to do something.
Try to run win XP and see if you can get along with it without root permissions for one day.
The programmers concept for windows is just wrong! you can not require root privileges to run Acrobat Reader, Adobe Photoshop or who knows what
For that matter, try to get along with regular user on Linux, you'll be able to do so (and you'll stay of-course), why? cause Linux was built in as Multi user OS, un-like Windows in which you have to be root to install un-related stuff which you can't even think of why it requires root permissions.
The lesson is, that most of programmers of big companies are basing their programs on the fact that 95% of Windows users runs as Admins.
And also, the whole concept of multi-users is in-fact okay, but the implementation, dir oh lord, is just wrong.
That's why Windows Security just sucks. no matter what
Do what feels good, switch to Linux
The key, the only key to successfully implementing security in Vista or any other MS codebase is not to work from the assumption that everything can be locked down 100% and nothing bad can ever be made to happen. That's just stupid. Feel free to write an airliner fly by wire system and charge consumers a million dollars for each copy.
No, the problem with Vista and XP and.....is that they think they can both build an elegant system which simultaneously checks everything all the time and prevents an unknown thing from occuring.
The approach should be 180 different from that. It should be to assume that problems will occur and simply mitigate the damage or the extent of the damage they can cause. Build it such that even if it's botnet'd that the outbound traffic is blocked and the damage is limited to that one machine. Build it so that buffer overflows only go as far as that one application or subsystem.
Sandbox sandbox sandbox and when you're done, virtualize it. I really thought that when Intel announced the dual core processors we'd finally see some progress. We'd see one of the two cores devoted to all of the security and protection functions from port scanning, to encryption, to firewalling (in both directions) and so on. But instead we got the dancing bears 3D lucite animated we spent 10 million dollars developing the SOUND that the taskbar makes interface.
What a colossal waste of time and effort. Most of the problems associate with Windows security are DIRECTLY traceable to the fact that none of any of the original problems were ever addressed. They were embraced and layered over with yet more code. Sometimes the code is a workaround, sometimes it's nothing more sophisticated than an alert.
"Do you want to execute this program?"
I don't know. Is it bad? Why don't you tell me? Why don't you give it a whirl in a contained environment, let me know if it's bad, and if not write a sig to the system that lets it know the next time I want to run it it checks that sig for verification purposes.
One of the big complaints in this article is about UAC. It's too bothersome.
I just don't understand the reasoning here. First, the Windows bashers complained that Windows requires you to work as an admin user to perform a lot of common tasks. That's true.
"In Linux I get prompted by a GUI sudo program whenever root privileges are required. MacOS does this too. Windoze is so stupid because you HAVE to run as an administrator! There's no sudo!"
OK, fair enough. Vista adds UAC, which does just what those GUI sudo programs do. The Windows bashers bitch and moan that they're getting prompted too often and decide to disable the feature.
What do you guys expect? Jesus Christ. If Windows requires user confirmation to escalate privileges, you're going to get prompted for your password, plain and simple. If you're foolish enough to be running as an admin, you won't be prompted for your password but you will be prompted to "allow" or "deny". And that's too annoying for you guys? Sheesh. Last time I checked, you don't get prompted AT ALL for ANYTHING when you run GNOME or KDE as root. At least Windows tries to keep things safe in that regard.
So my question to you guys is: what do you want? Windows now has "sudo" functionality, which everyone was complaining about, but the claim now is that it's too intrusive. Can Microsoft ever win with you guys?
The italics are mine. That's probably the most well-put statement about parenting, children, and the internet I have ever come across. I don't think I could have summarized my thoughts on this any better. And since I can't, I won't expound on it any further.
Oh, I had not read about that before. Dang, that's pretty good.
It's interesting that the nicer features of Vist so rarely get mentioned. I'm gonna have a friend try that oun on her vista box... I don't have one avaiable to me right now.
34486853790
Connection too slow for X forwarding? Try "ssh -CX user@host"
You can't legislate intelligence.
If people are happy to practice unsafe web surfing and software download/installation, then they're gonna have a problem. People need to be taught, informed, educated, whatever term you want to use. Most people are simultaneously trusting of, and in fear of, the computer. When it does something they want, they're happy. When it does something they don't want, suddenly it is all a mystery.
Next up: an article on how people who don't pay attention while they drive, get into more car accidents... despite enormous advances in automotive safety technology.
$nice = $webHosting + $domainNames + $sslCerts
That is the only thing I can think of. I suppose, in the next two years or so, msft plans to strong-arm the game makers to use only directx 10. Other than that, four or five years down the road, you will need Vista to run the latest ms-office, msie, and ms-media player.
So changing the desktop wallpaper is a security issue in Linux too?
The problem is not that Vista asks for permission where admin is required, it's that it asks for permission everywhere.
I've tried running as a normal user account on Win XP SP2 for several months, with an admin account only when I need to. It helps to stop spyware and such. It also helps to stop me using my system normally. Since then I went back to running as admin, deleting the old admin account (which wasn't a good idea, since applications will sometimes still assume the admin account under which they were installed, still exists. NetLimiter fails, even after uninstall/install, Second Life had to be reinstalled and there were a few more).
Some applications don't work properly in non-admin and there was this very anoying detail of not even being able to see the little calender you get which doubleclicking the time. In understand not being able to change it, but couldn't they have just disabled the [OK] button instead of the entire dialog?
In the end I came to this very simple conclusion:
Windows isn't designed be use as non-admin.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
This argument has been used by Microsoft for years in defending their abyssmal security record. It sounds plausible, but unfortunately, there's no truth in it.
The truth is that Linux does not give average user root access. There's no need for that. It is a superior design. Period.
The root cause that Microsoft screw up again and again in security is their attitude towards the end user. They just want to manipulate the user. Had they put 1/10 the effort they used to implement DRM, or treat every Windows installation as pirate, or crush their competitors using unfair means, the Windows security hell would have long gone away!
People who dislike China tend to mention Tiananmen Square a lot, but they always forget the Tank Man is also a Chinese.
So the improved security is better for non power users but annoying for power users. Besides Aero (which requires me to upgrade hardware) what is in Vista that is worth the upgrade?
Well, there's spam egg sausage and spam, that's not got much spam in it.
Linux will allow a normal user to install normal user programs without root access. It just installs them only in that user's space, so they can't potentially hurt other users. You only receive admin prompts when doing things that affect the whole system, like installing OS updates. I don't care how restricted a user you are, I don't think I've EVER seen linux prompt for permission when cutting and pasting, how asenine is that? OOH, you changed your wallpaper, better make sure your REALLY want to do that, since we all know the potential system wide implications of changing from prairie rain to a picture from digital blasphemy. I can sometimes go a week or longer without seeing a linux admin prompt and doing normal things, whereas I challenge you to work on your computer as you normally would and go an HOUR without getting a UAC prompt for something UTTERLY STUPID.
On *ix machines, you usually have a rather fine grained security and permission system, allowing you to give a user pretty much unrestricted access on his personal space without being able to interfere with the system. You can actually configure a system in a way that allows the user near unrestricted permissions, but only in his own user space, including such "features" as installing his own software (only minor limitations apply, mainly in the network areas), and there are very few applications I could think of that cannot be installed and used with user level permissions only (applications that a user wants to run, that is).
Certainly, if people run around as root, they're just as vulnerable in *ix as in any Windows environment. But people would not even notice that they ain't root. They have their standard account which has all their software they need, and the few times they are actually asked to allow root they would notice this as the exception, not the rule (as it is now with Windows) and they would certainly not brush it off as some inconvenience but it would be taken as a warning. Especially if some program from a not really trustworthy source asks for those permissions, just to install a bunch of smileys or a demo of a game.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Are you advocating Microsoft create it's own software repositories, vet all submissions to make sure they are not malware, and only allow windows to install software from those repositories?
.deb and install it with dpkg. Now, if I write some nasty little app that turns your box into a spambot, roll it into a deb and put it up on a website as "Cool_new_gaim_smileys.deb", what is going to stop little Johnny from downloading and installing it? Remember, once he types in his root password, he is totally screwed.
Apt-get is great, if the software you want is available from your distributions repositories. If it isn't, like the last piece of software I installed on my Ubuntu box, then you are left to download a
The alternative of course is to only install packages from your distributions repos. Which is all well and good, until you want something they don't contain. As soon as you allow a user the ability to install non-distro-approved software, you allow them to install malware. There is absolutely no workable way around this which does not either remove the users control over their system, or third party vendors ability to distribute software without the approval of the distro vendor. If I know the root password for a box, and I can install any program I want on it, then I can break it. That holds true for Linux, OSX, Windows, or any other OS you care to mention.
"I realise this is not a very popular opinion but it's the truth, and there for needs to be said" -Bill Hicks
If someone figures out an exploit to make that "OK" automatically, yes, running as admin will be significantly less secure. Until someone figures that out, though, running admin with UAC on is just as secure as running as a limited user.
I know a great way to do that, but it will take a lot of work from the inside. What if we spent an entire decade using operant conditioning to force people to click "OK" over and over and over again just to keep their machines operating and doing normal tasks and without ever giving users useful options. They'd be so conditioned to clicking "OK" they would do so automatically regardless of what the dialogue box said. Sure it would only work on 99% of users, but that's quite a few... oh wait someone beat me to this and started this scheme more than a decade ago. Never mind.
And as far as users finding UAC "annoying", riddle me this: how is any more annoying than Linux?
On Linux most software installs and runs just fine in a regular user account. To date, this is not so with Windows, leading to more, useless prompts. On Linux, authentication persists for a period of time so if you take privileged actions you only need to authenticate once, not once per action, like copying files from a network share and then copying them to a privileged location (which should not have to be two steps anyway, but seems to be on Vista.
You can't blame M$ if stupid users disable security features they find "annoying" while praising Linux for doing the same thing.
Yes I can because MS has more money than god and should be able to spend some of it on a good UI that takes security into account, as well as more granular security features. Mainly I blame Windows for not implementing an appropriate level of security for their OS. Windows machines are compromised by automated worms, en masse every day. If that was true for Linux, Linux developers would fix the problem in a a few months tops by implementing MAC, trust levels, etc. I don't blame MS for any given technological decisions. Everyone makes mistakes. I blame them for not giving a shit about user security because as a monopoly it does not affect their bottom line. No other OS would tolerate this level of compromises because they have to be responsive to end users.
There's an "I'm a Mac" ad which covers this: http://images.apple.com/movies/us/apple/getamac/ap ple-getamac-security_480x376.mov
In MS-environment, _every_ program_ _must have_ (major) write-access to registry and system directories -> UAC every time you try to install or change anything. That's a _big_ difference. Like 1 to 100.
The idea that every program may write whatever they want in registry is outrageous. Only an idiot could design something like that. Using Ubuntu/Fedora, you install most of the programs using aptitude/yum and that requires root password. The idea that any program can write its configuration into a centralized system (the registry) could be better than having 100's of configuration files around in different places (The fact that any program can write in any part of the registry is obviously bad).
User-level security can only protect users from each other. Desktop machines are usually single-user. Therefore, user security is protecting nothing except operating system and program files, which can be trivially replaced by re-installing them. Most users would consider their personal document much more important, yet these are not protected! User security will not stop a virus from searching your home directory for your tax return and mailing it off to some identity theft. Nor will it stop a virus from accessing the internet to launch DDoS attacks, send spam, or reproduce.
Yet, Microsoft and Unix users alike continue to insist that it does some good. Why? All it does is make life more difficult as you constantly have to switch between user and admin to install programs.
We need to move to a model of program-level security, where every program you run is granted only permissions to do the things you actually want it to do. And we need to develop a user interface which can automatically figure out what permissions you want to grant to programs (e.g. if you select a file from the file->open dialog, then it should grant the program permission to read that file). See Capability-based security.
I ask this question in all seriousness, knowing that it is very hard to get a serious answer on Slashdot where Microsoft is concerned: Is it time to start holding software vendors, like Microsoft, financially and criminally liable for an inability to correctly implement fundamental security measures in their products? Enough is enough, and perhaps it is time for government to step in. If an automotive vendor engineers bad vehicles, they are still liable for the people they hurt, no matter how hard the task of good safety may be for them. Why should it be any different for software vendors?
...En að Besta Sem Guð Hefur Skapað Er Nýr Dagur
You don't think there's a boatload of money that's been trying to prove you correct for quite a long time now? If Linux were equally insecure, it's a certainty that this would have been demonstrated and advertised, no expense spared. I do admit, though, that a more ignorant user base would go a long way, which is why these may seem like the good old days if Linux ever passes a share of 10% or so of home users.
Part of the problem, though, is in the nature of open-vs-closed software. Even "legitimate" closed-source commercial software is full of spyware and other crap that would be flagged and stripped out immediately if the source code were open and subject to inspection. Why? Because if you can't look at the code (or rely on other independent eyes who can), neither you nor anyone else outside of the original vendor can easily know what the code is really doing when you run it. That means that for the vendor, "the customer" is not only you, but potentially anyone else who can profit by manipulating or collecting information about you. Not all companies will turn down the additional revenue stream.
One of things you get used to with Open Source is that software - whether or not it's of high quality - serves the user, not the other way around. It's much harder to come to the party with a hidden or malicious agenda when anyone can spread the word or fork your code and distribute it with the garbage removed.
For Microsoft, this is another matter. They want to control the world. They don't really care about the user.
It is too easy to blame the clueless users. But who put those vulnerabilities in Windows in the first place? As an OS vendor, MS should prevent clueless user doing random stupid things. This is not rocket science. It's common sense.
People who dislike China tend to mention Tiananmen Square a lot, but they always forget the Tank Man is also a Chinese.
They bought vista! I can't wait for some M$ guy to say that. Like it will ever happen...
A virtual registry/file directory structure stored in each users profile, under the local settings folder.
...I'm sure there's still some environment variable that shows the user's home dir. I'm just too knackered to bother looking for it.)
Gee, I thought they had this in 2k (well, 95 even I think, but I KNOW 2k at least did it right)... called "C:\Documents and Settings\%username%" and HKEY_Current_User... Who needs VIRTUAL stuff? It's BUILT IN.
The problem is every bloody program wants to install, by default, to 'C:\Program Files' and HKLM which is 755 by default, instead of Docume~1 and HKCU which is 707.
(Side note, yea, I know Vista's C:\Users\%username%
You can have a privacy-protecting, DRM-free, open source system that also has good security - these goals are not mutually exclusive. A few years ago Apple implemented a sudo workalike for OS X that lets you run a system as a normal user; the so-called 'administrative' Mac user is not really one with root privileges, but is just allowed to sudo if you provide authentication. Many UNIX flavors and and Linux distributions had this as a configurable option for years, but after OS X some common Linux distros (Ubuntu comes to mind) started implementing a nearly identical configuration and integrating it with the GUI. Microsoft would have been wise to emulate this as well, as it's extremely easy to use, and relies on existing authentication models, but prevents you from messing up your system.
This is just an industry best-practice, well implemented by everyone else but ignored by Microsoft. The 'elitist' you are referring to might seem elite to you because he thinks like a sysadmin.
OK, maybe there are Administrators and Administrators - I don't know, but does Vista still have a default Anonymous account and an Everyone group like XP?
Excuse me, but please get off my Pennisetum Clandestinum, eh!
You're saying Debian is secure because there is a centrally controlled repository of software. Vista requires signed kernel-level drivers and you'd say that Microsoft is cutting out open-source developers.
So is centrally controlled the desirable feature, or is ability to develop your own software without requiring approval?
This argument has been used by Microsoft for years in defending their abyssmal security record. It sounds plausible, but unfortunately, there's no truth in it.
MS Bashing threads are so funny.
The first time I installed Linux for myself many years ago, it was hacked in a half-hour as I took a break and went to get some freaking lunch downstairs. I was lucky I knew enough at the time (although not that much) to know that someone was in the machine and uploading some crap when I got back and continued work on setting it up. Did I stop using Linux because its security is teh suxx0rz and I got a lot of flak about being dumb from 'the community' as I asked questions about how to secure the thing? No.
Will hackers attack anything they can find? Yes. My Windows box has never been attacked because I know enough to keep it secure. The better / worse design discussion is pointless and in a lot of cases incorrect anyways, as others have pointed out on here.
I agree with a lot of other stuff I've been reading, MS has themselves a bit of a pickle. They want to make an accessible product (i.e., your 10-year-old sister can sit down and start using it without apt-getting), and at the same time they have to try to protect those people from themselves to some extent. To add more problems, because their product is sold, they get all the critical press, because the press loves doing that.
Then there's the DRM issue. Why does everyone on here just complain about Vista and DRM? Newsflash folks, it's not just Vista!! What about all the hardware manufacturers building the same sort of capabilities into their products? Computer components, stereo components, even bloody cables now... how about complaining about them? Nah, it's just Microsoft. In fact, they invented DRM. BALLS.
For once, I'd like to see a thread on Slashdot complaining about the other enablers; they're not making their products only "because Vista says so". Products advertise HDMI and HDCP as features now.
Malware is a business. All that matters is simply, how much money can be generated in how little time. The times of bragging rights and proving that you can do it are over. The amount of that kind of viruses is pretty much equal for all platforms. Btw, the ones existing on Mac and Linux are almost 100% of that "I wanna show it is possible" kind.
Windows also has, sorry to say it, the most clueless user base. I wouldn't claim the reverse (i.e. that Windows users are dumb), but dumb users usually use Windows. They COULD use Mac, but dumb people are rarely the ones with the money to spit out for a Mac.
Linux still has the air of the "geek system" and, frankly, it does take more than two brain cells to use it (with one cell being busy trying to figure out how to get the machine to look for pr0n).
So it's the mix that makes it: You have almost all the dimwit clickmonkeys, you have a system that was never meant to be used as a networked multiuser/multitask system and you have the sizable market share.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I'd take the article a bit more seriously if it wasn't The Register. They read like a blog, and they tend to have a tad more than a little anti-microsoft bias. Point me to the study that shows me where a majority of users disable the UAC and I'll start paying attention.
Tluin natha Linux xxizzuss uriu olt bwael mon'tun.
Oh, that's right, because it bashes Microsoft and this is Slashdot. Never mind.
>And as far as users finding UAC "annoying", riddle me this: how is any more annoying than Linux? Linux will do the SAME DAMN THING as Vista's UAC.
You're right; it's not any more annoying--to us Linux users. We're used to it; the Principle of Least Privilege is drilled into us. Windows users aren't, so it will be annoying to them, and they'll turn it off in a heartbeat.
Then there's hubris: once a Windows user posted to her LJ that her XP system wasn't recognizing a piece of hardware. In passing, I innocently said in my response: "You are running non-administrator by default, aren't you?"
You'd think I'd insulted her... the reply came back, "I KNOW what I'm doing."
Ha ha ha. Its working. Users are being blamed for the lack of security on MS Windows. Once we get rid of these pesky security whiners, there'll be no more reason for Linux.
Pardon me, but I thought the reason Windows was crap was because it was so simple to write spyware/malware that COULD run on it, not becasue it lacked security features that disabled users from changing settings.
As long as we blame users for bad software, MS will rule the world and Linux will be a distant second.
Here will be an old abusing of God's patience and the king's English.
You either have no freaking idea what you are talking about or you are skillfully trolling. When Digital fired most of its VMS team in a cost cutting frenzy, Microsoft had the good sense to hire them up. David N. Cutler who was the VMS project leader became the NT project leader at MS. Cutler brought most of his team with him. The result was that NT was in many ways a clone of VMS with a Win32 API and Win16 API layer on top. The story is famous and is told here. Vista is NT and NT is partially a re-implementation of VMS, to the point that Digital sued MS. MS had to pay a settlement to Digital and agree to support the Alpha on NT. Some people speculate that the letters WNT is an increment on VMS and is an inside joke at MS. AFAIK, Cutler is still working at MS and helped with Vista.
sure Windows can be insecure, but if someone takes the time and responsibility they can secure it just fine. You dont blame the gun manufacturers for the person who doent know how to use a gun... Do you blame linux when a user logs in as Root and tears things up?
Thanks to file sharing, I purchase more CDs
Thanks to the RIAA, I buy them used...
on at least one count. It says that the typed URLs in the registry don't get purged when you clear the history. I just tested it, and it does get purged. It's the one thing I tested, and it was wrong. Doesn't give me a whole lot of faith for everything else in the article (including the fact that there was another correction listed at the end of the article).
The difference is still that the user cannot make that decision based on the information given. Vista requires admin rights for nearly everything, how should the user be able to determine whether foul play is involved?
In Unix, you only need root permissions for very, very few and very core and system related issues. Changing the kernel, installing a device, most low level network stuff. You certainly don't need root to install a program for a user. And that's the main source of malware that requires user interaction: Some "funny nice thing" you got from the 'net. Why should a greeting card display tool or a game demo require admin privileges to run or install?
You cannot even "sandbox" it in Vista. You can't create a new account and tell Vista to install it locally, for this account only. Vista by default runs an installer with administrator privileges. How is the user supposed to be able to discriminate between programs that really need those rights and programs that want to infect him, if everything is by default requiring admin privileges?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
My experience with UAC has lead me to turn the damn thing off as soon as I can. Everytime the UAC dialog box pops up, Both of my monitors go into sleep for 1-2 seconds, then turn back on like nothing ever happened, and now the UAC dialog box is there. If everything were to just gray out and the box pop up, and not have my monitors sleep on me, then I would maybe be more inclined to leave UAC on. I run linux. When I run it strictly as a user, I never have to agree to launch a program I clicked on, or downloaded. UAC is annoying because the underlying registry system of Windows is broken.
On every old webpage.
Ignore this signature. By order.
No, that was someone who thinks you are a douche-bag.
Have a little less respect for yourself.
(This was too easy. Please try harder, kthx)
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
As you say you're never going to get a completely secure system given the possiblity of unsavvy user. But you can make it much more unlikely given that the user is unsavvy. Make it dead simple to install approved apps and make it somewhat complicated to install apps that aren't on the unapproved list. So if the package isn't in the repository and it isn't signed by an approved organisation then require the user to go to the command line to install it. An experienced user won't have a problem doing this, and in fact might prefer the command line. But a novice user would just click the icon and get an error about "Cool_new_gaim_smileys.deb" being unapporved. Yes the website he downloaded it from could include instructions about how to go into the command line and running "dpkg -i" to install it. But hopefully the user will just think its too much work and not bother, not be able to find where they downloaded the file, or maybe become suspicious of the file and ask someone else why they type all these commands when "usually I click the icon and it just works!"
Of course the downside of this scheme is that smaller companies and organisations might get screwed. But since I see no shortage of smaller projects in the debian repositories, it's obviously not a problem to vet a lot of little programmes for security issues. It would be more difficult for MS to do it given there's a lot more people targetting MS than debian. But MS has a lot more resources than debian.
[spit take]
[replaces coffee-soaked keyboard]
Twitter, you're still operating under the delusion that nobody knows your sock puppets? Although I do appreciate the Freudian slip: You spelled it "Eris". She is, of course, the Greek goddess of discord. But you probably knew that in the first place, which is why you made her your pseudonym's pseudonym.
This sig intentionally left blank.
That sounds perfectly reasonable. But if you look at OSX, you'll know these are just excuses. Microsoft's trouble is not that they can't come up with a better solution, but that they are unwilling to do so.
For once, I'd like to see a thread on Slashdot complaining about the other enablers; they're not making their products only "because Vista says so".
People criticize MS more because they are agressive in pushing DRM. Other aggressive are also flamed. Remember Sony? Apple, on the other hand, allows their iPod to play non-iTunes stuff, thereby appears to be less annoying to the customers. Steve Jobs even spoke against the DRM philosophy in public recently. Why should people see Apple in the same league as MS?
MS get all the bashing they deserve, because they behave badly. It's all that simple.
People who dislike China tend to mention Tiananmen Square a lot, but they always forget the Tank Man is also a Chinese.
So, point by point:
While referring to IE's Protected Mode feature:
However, there is a brokering mechanism that enables users to download files to any location they have access to, or to install browser plugins and extensions, and the like. So users are still invited to make a mess of their systems, and no doubt many will, while Microsoft has a chance to shift blame away from itself.
Uh huh. First, you can't install plugins/extensions (with the exception of signed ActiveX) without admin privs. Period. Second, how, exactly, would you propose the user be able to save files to their Documents folder, or do any other file operation in their profile (or basically anyplace on the system) without this brokering mechanism? Would you prefer that Microsoft not allow users to download *any* files via the browser? Ya, that would work out well.
However, IE7 on Vista does still write to parts of the registry in protected mode.
IE7 is running as an extremely low-rights user. This does *not* mean that it doesn't have the ability to write to any part of the registry. It means that the register's ACLs must explicitly allow write access to the IE's low-rights user. Certain locations have been explicitly marked as write-safe for the low integrity process. The example given by The Register is one of them. In other words, it's not an issue.
However, DEP, when full on, may cause a number of applications to crash, or interfere with their installation. I'm betting that a majority of users will opt for the more conservative setting, and this of course means less defense for everyone.
You're betting that the majority of users, most of whom think "DEP" is an actor's last name, will go and hunt down the DEP setting and turn it off because it will supposedly cause lots of applications to crash? Really? You mean they won't selectively turn it off via the dialog box that comes up after a DEP-related crash that asks if you want to turn it off just for this application? Oh, and what quantitative study are you sighting that shows that lots of commonly used applications will crash because of DEP? Give me a break.
User Account Control (UAC) is another good idea, because it finally, finally, finally allows the machine's owner to work from a standard user account, and still perform administrative tasks by supplying admin credentials as needed on a per-action basis. You know, the way Linux has been doing it forever.
Windows has supported running individual processes as admin (or any other account) since NT4. It was integrated into the GUI in Windows 2000. That is not the point of UAC, and it's not how Linux does it at all. If you try and run an application or perform an operation on Linux or Unix that requires admin access, it will fail. It doesn't prompt you. It's a subtle, but big difference. And it's a critical difference in the Windows world where that vast majority of applications won't work without admin privs.
Of course, it only works if everyone stays out of the admin account as much as possible, and if everyone with an admin password knows better than to install a questionable program with admin privileges. And there's the catch: "Windows needs your permission to install this cleverly-disguised Trojan nifty program. Click Yes to get rooted continue."
Wrong. It works regardless of what user you *think* you're running as. An admin account on Vista (with UAC enabled) is NOT AN ADMIN ACCOUNT. It's a limited user. The *only* difference is that an admin account isn't prompted to t
In MS-environment, _every_ program_ _must have_ (major) write-access to registry and system directories -> UAC every time you try to install or change anything. That's a _big_ difference. Like 1 to 100.
The idea that every program may write whatever they want in registry is outrageous. Only an idiot could design something like that.
You have absolutely no idea what you are talking about.
HDMI and HDCP are features. They allow you to view DRM'd HD content at full resolution. Sceens that lack HDCP can't do this.
The movie industry right now isn't willing to sell HD content without DRM. You can choose to buy or not buy this DRM'd content. I choose to not buy it myself because it seems like the HD isn't worth the hassle of DRM. But other people may value HD content more than I do. and given the choice between no HD content and DRM'd HD content, they choose to put up with the DRM. And if they want to watch HD content on their computer they're going to have to buy hardware that supports DRM.
I know the popular opinion here is "OMG clueless noobs are getting suckered by DRM! MS is taking away people's rights without them knowing it!" but really the situation isn't like that at all. Whenever you buy a product you make an assessment of value of the product vs. its price. Part of the price of HD content from the major movie studios is the hassle of dealing with DRM. For me, DRM pushes the price of HD too high. But then HD content isn't really all that important to me, DVDs are good enough. But other people value HD more than I do.
Fair use is a defence you can use if someone accuses you of copyright infringement. Fair use is a feature that is available on some products but not on others. Fair use is *not* a constitutional right. If the movie studios don't want to offer fair use as a feature than thats their decision. If someone wants HD content and thinks its worth the hassle of having to buy all the DRM hardware neccessary for it then that's their decision. If you don't want DRM'd HD content then don't buy it.
Ok I'm sure to get modded troll for this, but its all true. DRM doesn't take away anyone's rights. It may be a pain in the ass, and a bad decision by the movie companies since it lowers the value of their products, but it has nothing to do with rights.
Is cruft piled on top of cruft... So much of windows was written with no thought for security, since it was never meant to be networked nor multiuser. Not just the flawed code, but many of the basic ideas are flawed, so even if rewritten, it will still be flawed or incompatible.
Windows is hugely complicated, far more so than any other OS out there, this huge complexity plus the maze of legacy interfaces results in an unmaintainable and unsecureable mess.
The fact that "server" versions of windows are essentially desktop versions with extra stuff bolted on top, instead of the other way round doesn't help either.
Microsoft have often tried to increase the complexity of windows and make it as proprietary as possible on purpose, to make it difficult for competitors to produce compatible clones (as happened with dos), this decision is now a huge cause of problems.
Note that unix is a lot older, but the basic design is more flexible, modular and less flawed, as well as being widely understood and documened.
Microsoft need to do as apple did, and ditch their crufty old spaghetti codebase, and start again fresh.with a codebase designed with the modern world in mind, and temporarily implement their old environment under a virtualization environment which is only used for running legacy apps. Doing this has worked well for apple, OSX has gained them significant numbers of new users, is much cleaner and capable than OS9 ever was, and they have been able to ditch the backwards compatibility mode in recent versions.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Bingo. I would even go farther than that: I would completely purge the GUI execution of binaries. There is hardly ever a reason to run a binary in Windows, unless it is an installation binary, and the packager should take care of those. (BTW, I would really like to see that as a default setting in Gnome and KDE, before they hit the mainstream.)
This is a valid concern. But all Microsoft has to do is to provide 99% of all requested software, and then strongly discourage the clueless from using alternative methods of installation (which must be available, duh). This will be enough to curb most of the malware, which matters, don't you think? Sure, the vendors can still distribute by themselves, but what benign vendor would refuse to host a binary package at an MS-approved repository? That's where most people will look first. As others have said, Debian perfected the software installation years ago. For a consumer OS, not following the suit only shows how little care they have about designing the networked OS to be secure.
I already moderated in this thread, but I'll cancel it out to reply to this.
Windows installers can ask for the level of access they need. If an installer doesn't request an access level (as most don't) then the default is to assume it needs maximum access. This is so that Vista can install XP/2000 etc apps are still able to install.
It's a good thing that Vista shows an annoying box if no level is set in the manifest, because hopefully it will mean developers write installers that only ask for the access level they need.
darn it microsoft! stop pointing finger at the dumb ones. those intelligent programmers u have... well tell them to do something!
That is wrong, if your setup program is authored correctly to install per-user in a location that the user has rights to then UAC should not pop up. This includes locations in the registry, you must not write to machine wide locations in the registry or you need admin rights to do this. I still blame Microsoft for the fact that few pieces of software are correctly written as its a result of the non-security in past OS versions. That said, more and more programs are coming out not to require elevation in order to install and I think that as time goes on the majority of user side programs will be able to install as non-admin.
One disadvantage of installing per-user programs in a per-user location is that if multiple users on the machine want to use the software you end up with duplicate binaries. If this really becomes an issue log in as admin and install the software per-machine.
I guess the long and short of it is that Vista doesn't ask for admin rights more often than it should but instead that apps were written with the assumption that it didn't matter if you needed admin rights because everyone had them. This causes windows to seem like it needs admin rights for more things but it really doesn't. When apps become correctly written for vista and we retire our older apps Vista should ask for admin rights about the same amount as OSX or Linux.
"You can now flame me, I am full of love,"
Challenge accepted. Challenge completed retrospectively for the last week and a half since I got Vista
I just had my younger cousin ask me last night my thoughts on Vista. After a 10 minute rant on lack of security, bugs, drivers, DRM & PMP, she stepped in and said. "A friend of mine has it, and hates it" "It asks her 'Are you sure you want to do this?' every time she does anything on the damn thing"
I hope the negative word of mouth spreads like wildfire on this one.
Relocating to San Francisco / Palo Alto... Hire me?
You are absolutely right, the Mac ads are horrendously misleading. The lines from that commercial aren't actual Vista prompts. Even more scandalous: John Hodgman isn't really a PC and Justin Long isn't really a Mac ! Shame on Steve Jobs for his lies.
I've always claimed that Window's problems are purely an engineering issue where performing normal operations involves an unreasonable amount of risk. People who claim "It is the user's fault" miss the fact that many attack vectors are from normal user activities.
It is like claiming "cars can never be safe because people drive them" which is true but fallacious. Under normal operation, a car is safe because it is engineered to be safe. If however you purposely act reckless there isn't a whole lot of engineering in a car that can stop someone from driving off a cliff into the ocean.
What is going on in Windows is that people are performing normal operations that involve either a large amount of unnecessary knowledge to perform correctly or are tricked into thinking important system altering actions are trivial and harmless (or maybe both). For instance:
- Browsing the Internet is a normal user operation. The system may "own" the hardware and software driver for system facilities like the NIC but there should be no reason why it should require anything more than the user having permissions to run an executable. The reason why a scanner is needed on Windows is to make sure IE is behaving properly and isn't subverted because it can invoke any number of other OS functions which it probably should have never been designed too in the first place. The reason why AV software scans traffic on each transaction is that it is impossible for humans to correctly determine if query/responses are going to make IE behave badly or not. This sounds like an engineering flaw in IE more than anything else.
- People want to install "gadgets" like toolbars. It shouldn't require system modification to install a toolbar, desktop applet, or any other gadget. It shouldn't require an elevation of privileges to run them either. It is questionable engineering to require any of these things and requires extra knowledge to do it right. There are specialized pieces of software that do require system modification and they should behave and install differently so there is no confusion. Treating a driver install like a toolbar install is a huge engineering issue.
- It is entirely possible that someone is purposely or accidentally installing something bad, but it shouldn't bring down the entire machine doing it. The user, using user permissions, should not be able to wreck the system no matter what they try on purpose or on accident. They might succeed in ruining their own private stuff but never anything outside their sandbox. Windows doesn't do this and Vista has still not properly addressed the engineering issue if they put up many more "Allow or Deny?" dialogs. Or to put it another way, the user should never be faced with an "Allow or Deny?" dialog in the first place. Asking the user "Operation could break your system. Allow or Deny?" is a silly question to pose. The system needs to be engineered to avoid posing the user with questions just like that.
People interact with hundreds of machines everyday and yet are designed for some misuse. It seems disproportional that Windows has been engineered in such a way it can't take missteps or abuse very well. Accidents happen. Users can be silly. Windows should be engineered better because it doesn't seem to protect against breaking very well nor does it allow for easy recovery.
Hmm...
Oops.
Seriously dude, why would you want to make money for the lawyers by suggesting something so bass-ackwards? I've got to ask, R U A LAWYER? IANAL and pretty much hate all these class action/anti-monopoly crap that just seems to enrich some fat cat lawyer. I remember the coupons that I got for being in California as part of the MS settlement. What a joke.
You don't think there's a boatload of money that's been trying to prove you correct for quite a long time now?
Thing is though, the only way you could prove (or disprove) that Linux having a huge marketshare would mean that more malware would be written for Linux is for Linux to actually have a huge marketshare and for malware makers to start making or not start making malware for it. So all you can really argue with now are hypotheticals and previous examples, making the whole thing moot. Of course this leads to a catch 22; if Microsoft or someone really wanted to use their boatload of money to prove that a Linux monoculture would get lots of malware, they'd have to decimate their own install base to find out anything conclusive, by which point the whole thing would have been entirely pointless.
The best example I can think of is Firefox. Since it's growing rapidly in popularity, some seedy websites now try and install spyware using XPIs, if I recall correctly. However, since Firefox's share is still low compared to IEs, the malware XPIs are few and far between. Firefox being a web browser and Linux being an OS, however, introduces all kinds of differences.
By summer it was all gone...now shesmovedon. --
How? Most (or all) system-wide configuration files are in the /etc directory tree, which makes them quite easy to find. In addition, they are almost always made up of text, which makes it much easier to understand what they say. In Windows, programs and components usually write into a registry subtree accessed through the component GUID (the CLSID83127-432423-32432-3423423 identifier). How's that for transparency?
Did you all really want Vista to come out and be ultra secure & perfect? That is just not Windows.. Without all the issues that are inherent with a MS OS... the world would be a more ..boring place.
I for one welcome are new bloated, insecure OS overlords.. as it will provide a source of humor and bashing for the next couple years.
-As well as give Linux more time to get up to speed with games. -perhaps this is where Linux will never change?
Kill your TV
And BTW, I'm actually curious - how do you justify constantly shilling for yourself when you accuse everyone of doing the same? The ends justify the means, sort of?
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
This is a valid concern. But all Microsoft has to do is to provide 99% of all requested software, and then strongly discourage the clueless from using alternative methods of installation (which must be available, duh).
.deb or the .tar.gz on my program's website and leave it at that.
Do you honestly think OpenOffice.org, Gaim and other such programs would last long under this scenario? Of course, NOT allowing them would be incredibly bad PR, but this move would introduce all sorts of complications, not least being that people wouldn't be able to get new software fast enough. What about boxed software? How would that work? Would you have to have a sort of Steam for all the software on the system? Wouldn't that introduce a whole new range of privacy violations and such?
The way it is in Debian now is a good way. I've written my little program, and if I want to get it in the Debian Archive then I have to test it, run lintian on it to make sure the package is in good shape, run it past Debian QA etc...but then, if I really want to I can just host the
If anything, if Microsoft offered some kind of certification scheme, where you could submit your program to Microsoft and get it certified for a nominal sum ($20 or so) that would be handy. But even that introduces even MORE complications...
By summer it was all gone...now shesmovedon. --
Being outside of that, I'm free to say whatever I want about the tin-horns who are busy calling free software "a cancer", "communist" and all that jazz. No respect has been earned and none is paid.
And by the same token, people are free to call you a FUD-spouting cretin who for some reason is megalomaniacal enough to think that his witterings (or should that be twitterings? LOLOL) on a piddling discussion website are of any kind of import to a massive corporation with actual critics who write things about them in actual journals/magazines.
By the way, I've never called free software "a cancer", "communist" or anything else in that vein. Nice try though. At least this time you're not quoting yourself to make a point.
By summer it was all gone...now shesmovedon. --
Word.
Other than installers, the only programs that I have to run as admin are games that use Punkbuster, which needs the rights to sniff out cheating apps. Other than those, I've never had to give anything root access.
My sig can beat up your sig.
So why does Vista run all setup programs as Administrator then?
I'll tell you what. If you can figure out some kind of way that we can have a trusted escrow, I'll bet you a large sum of money that I'm not lying and can supply evidence of such.
Actually, it's just the opposite. You seem to be wearing pro-MS rosy-color-glasses, and have no idea what you're talking about. If you're not experiencing these issues with Vista, I'd say that you are the one who hasn't even tried it, as it's common knowledge—and yes, personal experience—that it is, indeed, this bad.
Still, if you stick with open source software from reasonably active and widely-known sources, you're going to be safer from malware than if you run proprietary software exclusively (and especially if you download pirated versions of it!). That's going to be true regardless of operating system; it's all about transparency and operating in the light of day.
Oh my sweet turtle in the sky, I can almost hear the "OMFG MONOPOLIEZ KILL KILL KILL" cries of dispair on this one - regardless of whether or not it's Microsoft's own software being distributed.
Yeah, I totally look forward to having Microsoft helpfully suggest what I should install on my computers. And I just cannot wait for the flurry of bullshit lawsuits by companies that are offended when Microsoft says their crap is nothing more than malware. Oh yes. And the lawsuits by up-and-coming state GAs with political agendas over prices (free markets babeee!!). And of course, Microsoft being forced to offer Word Perfect for download, because, well, that's the way it "should be".
How about you just keep your paradigms to yourselves and let us deal with ours? Centralized software repositories and package management - broken as they are in many cases - work only because of the nature of open source. It would never work with commercial software. Ever.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
Since this Randolpho guy seems to have no idea what he's talking about, and I'm just as much a stranger to you, do this.
Don't trust either of us. Talk to your friends that have recently bought computers with Vista and ask them what they think. Read what the media is saying about it. Go try it out yourself on someone's computer who will let you tinker with it as if it were your own for an hour or two. Then decide for yourself which one of us is drinking Kool-Aid.
Oh, and if you're not too busy, come back here and let us know what you decided and what your impressions are. I'm in the mood for a little vindication today. ;-)
It's not your luck, and it's not my copy of Vista. It's a hideously broken OS.
one: People criticize MS more because they are agressive in pushing DRM. Other aggressive are also flamed. Remember Sony? Apple, on the other hand, allows their iPod to play non-iTunes stuff, thereby appears to be less annoying to the customers. Steve Jobs even spoke against the DRM philosophy in public recently. Why should people see Apple in the same league as MS?
two: HDMI and HDCP are features. They allow you to view DRM'd HD content at full resolution. Sceens that lack HDCP can't do this.
I agree with everything you're saying here, just for what it's worth. The point I was trying to make was that if people are going to complain about software pushing DRM-related technologies (Vista or otherwise), they should also be complaining about hardware that enables DRM-related technology. I recognize HDMI and HDCP as features (heck, my new monitor supports HDCP), but it's still an enabler, a link in the chain that lets the DRM get "crammed down our throats", as it were. Samsung has had to make the same decision to support those technologies in their monitors, as will any video card manufacturer supporting the data stream. However, Samsung, NVidia and ATi (as examples) are not quite portrayed as evil here in that respect.
This is a separate point from whether or not the movie studios are right to force DRM or yet unknown use-related technologies onto their consumers. Yeah it's their choice, and I also choose not to subscribe for the moment. I'm also with you that DVD is just fine for me and I also think that if it gets to a point where being able to view the content requires more hoop-jumping than the entertainment the content provides, people will just say "gah, no thanks." (e.g., if they stopped manufacturing DVDs today and only offered their modern HD 'replacements', I don't think the two replacements' sales would go up as high as DVDs currently sell... everyone's starting from scratch again and I can't watch it on my computer with a $30 drive).
Vista security to DRM, talk about tangents :D
Actually I do think its a huge pain in the ass to click on it for almost every stupid thing. And don't tell me I can change permissions or I'm doing it wrong. It's not me I'm worried about; it's all my friends and family who fail to understand that there are alternatives to scrapping there two year old computer to get a new OS.
As for entering a password vs. clicking a button - sudo on Mac OS and Ubuntu Linux (and probably any other sane configuration of sudo out there) ask for the password and then cache it for while so you can perform a series of admin tasks. That is intelligent. Or I can use sudo to get a root shell or on some configurations su to root for what I need. I don't need to turn anything off temporarily (and potentially forget about it later), just one of a few ways to do something and I have root privileges for the time it takes me to get my root jobs done.
I, as you, hope that applications catch up to the new model but I can't believe that they will, not easily anyway. It's been the same since MS introduced security into the OS and I believe it will continue to be the same. There methods for dealing with privilege separation are just too flakey and have evolved too weirdly for anyone to take seriously. They've bred a culture of mediocrity. Just as MS does, app vendors don't spend the effort on security and design, they concentrate on "features" and "look-and-feel" changes because that's how they get the boxes to move off the shelves of Wal-Mart, Best Buy, etc.
Anyway, no one I support has Vista yet, but as soon as one does I am going to start counting a) how many ask me how to turn off UAC and b) how long it takes them to ask.
Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
My point is that no one is forcing anything on anyone. This is no different from any other feature samsung offers on their screens. I have a smasung screen in front of me now and it has image lock (I don't even know what that does), color adjustment, halftone menu, and the ability to change the menu to other languages and some other stuff that I don't need. So is Samsung forcing these things onto me? No. Samsung just determined that there was a portion of their market that wanted these things and so they added them. With economies of scale its easier to mass produce stuff with some features that people don't need than to custom build monitors with different features for everyone.
So you end up with a monitor with HDCP, even though you don't need that feature. No one is forcing it on you anymore than they are forcing spanish menus onto you. If you don't need the feature then don't use it. The movie studios can't force anything on anyone either. People have the choice of buying their products or not buying their products. The movie studios can choose to sell a product you want or choose to try to sell a product you don't want (DRM'd content). But they can't force you to buy a product you don't want. Maybe it sucks that they are capable of producing a product you want (DRM free content), but choosing not to produce that product does in no way force you to buy the product they want to sell you.
"As for entering a password vs. clicking a button - sudo on Mac OS and Ubuntu Linux (and probably any other sane configuration of sudo out there) ask for the password and then cache it for while so you can perform a series of admin tasks. That is intelligent."
Well, no, it isn't, because malware will attack it; OS X has already had vulnerabilities relating to this very thing (applications could detect when privileges have been raised and silently perform privileged operations in the background).
"Or I can use sudo to get a root shell or on some configurations su to root for what I need."
Much like how in Vista you can create an elevated command-prompt/Explorer/etc. that doesn't need to prompt, you mean?
The same argument applies to me and using Windows Vista. I'm not interested in the HD content, DVDs are fine in my system, and I am continuing to encode my own CDs with my own encoder at a bitrate I want to a format that plays in my car, without any DRM that a commercial 'ripper' would put on it. So in effect, I am also choosing to not use those features. That's the same reason I don't own an iPod or download from iTunes: I'm not anti-Apple (I love my buddy's Mac Book Pro), it's just that the usage model doesn't fit what I want and need.
I am not using the HDCP feature in my monitor, the same way I am not using it in Windows. So to repeat / restate my argument, singling out Microsoft as the enabler rather than just one of the enablers is incorrect. They've had the same requirements placed on them as has my monitor manufacturer. In this respect, Microsoft is no more 'evil' than Samsung in enabling the technology. I really feel that this argument focused again and again on what I see as the wrong organization and / or target.
Note that I'm not saying Microsoft is 'bad' or 'good', I'm only focusing in on this one particular aspect of a very large product, as I see it. Like it or not, it is here, and it will more than likely stay. It will also change: there was no such thing as the Security Center when XP was released.
I think if you look at the numerous exploits (and there have been many), you'll find that they're mostly implementation bugs & poor default options, not architectural flaws. As noted by other posters, the fundamental base of Windows is actually pretty solid.
Systems like VMS and UNIX, on the other hand, were built from the ground-up as multi-user systems, and thus took into consideration the security needs of such usage patterns.
VMS maybe, Unix no. IIRC, the first versions of Unix had no concept of security at all.
Well no, they don't all have perl and python installed. They don't have the same directory structure by a long shot and that has kernel module implications. They don't all run samba by choice, though they may have clients, and sshd is not installed by default on most. They may or may not be running xorg, but the configurations will be different. Many have their own kernel versions and compiles. The only way you could think anything else is to have never done any real work on as much as one distribution. The differences are easy for a human to navigate, but difficult for a worm - and this is why there is not a Linux Monoculture and one of the reasons there are no gnu/Linux hosted worms of any significance.
Friends don't help friends install M$ junk.
Are you advocating Microsoft create it's own software repositories, vet all submissions to make sure they are not malware, and only allow windows to install software from those repositories?
Yes. As usual, the only acceptable thing for Microsoft to do is to unconditionally surrender their codebase and release it GPL. They may, after that, vet their own distribution with better efficiency than they currently do. Even then, it would take years for people to build trust in it.
If it isn't, like the last piece of software I installed on my Ubuntu box, then you are left to download a .deb and install it with dpkg. Now, if I write some nasty little app that turns your box into a spambot, roll it into a deb and put it up on a website as "Cool_new_gaim_smileys.deb", what is going to stop little Johnny from downloading and installing it?
"apt-get search smiley", followed by "apt-get install gaim-themes" works great and so does the GUI equivalent, so Johny gets what he wants without having to trust a net nasty like yourself. Contrary to M$ opinion, Johny is not stupid.
Friends don't help friends install M$ junk.
You're saying Debian is secure because there is a centrally controlled repository of software. Vista requires signed kernel-level drivers and you'd say that Microsoft is cutting out open-source developers.
No, a community controlled repository like Debian's is verifiable and something anyone can trust. M$ has cut off everybody, as usual, not just free software developers. It is not verifiable and is usually proved nasty.
Friends don't help friends install M$ junk.
Now currently the vast majority of "Linux" boxes out there are servers, which reduces the attack surface significantly - and not only because they tend to be run and maintained by people who know what they're doing. That doesn't mean any number of them are not routinely rooted and crapped on. When and if the majority of Linux boxes are desktops then you're going to be singing a different song. You'll be blaming the users for not patching their machines and for doing stupid things that put them in danger. The same thing you seem to be so insulted about when someone makes the same point about Windows.
You are full of it simply because of the simple fact that there are enough "Windoze" machines out there that work just fine and have no malware, viruses or other crap. They're not part of botnets. They're not spam zombies. It's quite simple to secure a Windows desktop even though it has more attack vectors than Linux or OS X. That there are large numbers of people who are incapable of doing that is the problem. What, you think all these hundreds of millions of people will suddenly increase their computer savvy index just because you give them a Mepis live CD? For your sake, I hope to hell you're right.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
You are raising good points, but it is not as bad as it sounds.
Not sure what you mean here.Easy. Optical drive = trusted repository.
It seems to me that most problems arise from the software packages being proprietary. If true, that would only mean that proprietary software is inherently incompatible (to an extent) with a secure distribution scheme. But I think that most of these hurdles can be overcome by a company like Microsoft, to a great benefit for the end user.
Hehe, are you saying that proprietary software cannot be in principle distributed as safely and securely as FS? I don't know if that is true, but if so, it is one more reason to reject it.
Hehe, no. But thanks for playing.
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
The big win would be tiered privileges - you can grant a user or process (or program) certain priv's to access resources. It is a powerful tool and coupled with ACLs (access control losts) made the security of VMS hard to beat. (In theory, anyway - there were still cock-ups in programs that leaked priv's or allowed exploits, but the security platform was better than most out there.)
.. paranoid crackpot leftover from the days of Amiga.
Interesting.
Consumer Vista has been in general release for less than one month. But the Geek knows that most people are disabling the UAC. The Geek knows how users will respond to all the changes in Vista.
He doesn't need a crystal ball. He only needs to read what other Geeks are posting to their blogs.
Safer than giving up and running as Administrator is to use Filemon and Regmon to find out what exactly the broken application is doing that it shouldn't, then changing the ACL for just those files or registry keys.
Windows non-administrator LUA/UAC advice, tips and tricks.
.....because hopefully it will mean developers write installers that only ask for the access level they need........
Why is it that in order to get a program into Windows it needs an installer in the first place? Why is it that Windows STILL needs this dumb thing called a registry? On OSX many programs (even MS office) only need the user to drag a folder from the CD or downloaded disk image to the desired folder. A limited user on OSX may then run any program. If such a program wants to alter system settings, only then does the user gets asked for a admin password. What is the main reason for having a registry in Windows? Other OS can work just fine without it. How do they accomplish whatever the registry does? In VISTA, if the registry gets corrupted, is it still possible for the computer to stop working entirely, as is the case with previous versions of Windows?
All theory is gray
...the underlying registry system of Windows is broken.....
Too bad that MS did not finally get rid of that registry albatross. Why is that needed? Other OS get along fine without such a monstrosity. If VISTA is not anything more than a warmed over version of XP, sort of like XP with SP 5 or 6, why did it take them so long? How do the OS such as OSX provide the functions that the registry does in Windows?
All theory is gray
Hmm... I changed my desktop background yesterday... and I typed this up in Notepad before copy & pasting it into Firefox... And I haven't seen a UAC prompt in a week...
I hereby call bullshit on your entire post, have a nice day.
My sig can beat up your sig.
This that you describe is extensively supported and documented in windows.
Any given user (or individual process, through the granting of tokens) can be granted or revoked any desired level of granularity of permissions or abilities.
Windows programs don't NEED installers. Just put the executable on the system and most programs will work; sometimes you'll need to register some files, which CAN be done from a command prompt if you know what you're doing. Installers are just an easy way for a developer to make sure that a clueless user can get their program up and running easily.
As far as why Windows has a registry to begin with, it was created so that there wouldn't be config files in a thousand different locations. Sure, it's easy to change a setting under Linux, but only AFTER you know which of the gajillion different files in it's gajillion different locations you need to edit. No, the registry isn't the most elegant solutions, but YES, it does serve a purpose.
My sig can beat up your sig.
Let's face it, the best scenario for Linux is the one you have at the moment. It's free and you have all the software you need, and you don't have the preponderance of users, stupid or not, making it worse for everyone. Unfortunately, the more laymen you attract to the Linux desktop just makes it a worse experience for everyone.
Only someone from M$ could loath users like you do. The beauty of free software is the way it shares knowledge and experience without additional cost to the authors. As you might imagine from the class I help teach, I welcome everyone to the code I know and love. The growth of free software desktop market share is a good for me and everyone else.
Friends don't help friends install M$ junk.
Windows Vista is a version of windows that just modified and improved a liitle bit from Windows XP. What it changed is just added some newest security features and enhanced the GUI only. Windows Vista is inherited most of the bugs from windows XP. Since the Windows 98 available in market, Microsoft had been put alot of effort in taking out all the bug in the codes. One of the serious problem they face is that many of the old version windows programmers not longer working for Microsoft. Due to this, they left many unknown bugs in the codes. Microsoft tried to understand the coding but is too difficult to understand million lines of codes one by one. So, in my opinion, Windows Vista had so many vulnerability is because they not willing to rewrite the code in windows.