Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vista Security — Too Little Too Late

Posted by kdawson on from the five-years-work dept.

Thomas Greene of The Register has a fairly comprehensive review of Vista and IE7 user security measures. The verdict is: better but not adequate, and mostly an attempt to shift blame onto the user when things go wrong. From the review: "[Vista is] a slightly more secure version than XP SP2. There are good features, and there are good ideas, but they've been implemented badly. The old problems never go away: too many networking services enabled by default; too many owners running their boxes as admins and downloading every bit of malware they can get their hands on."

21 of 483 comments (clear)

  1. Vista security is.. by Anonymous Coward · · Score: 5, Insightful

    .. A Dialog box asking if you wish to run the exploit or not.

    And it is the first thing to be disabled for sure.

    1. Re:Vista security is.. by madcow_bg · · Score: 5, Insightful

      If that was it, then the security team has won the game!
      Alas... I think it is asking for everything, therefore asking for nothing. An automatic OK is just as bad as no confirmation asked. Even worse, IMHO.

    2. Re:Vista security is.. by KingSkippus · · Score: 4, Insightful

      if you had RTFA you might have learned a few things. Besides, most people probably don't even care/know how to disable UAC, so I doubt that will be a big problem...

      My sarcasm detector is a little wonky today, so I apologize in advance if that's what that comment was. Otherwise...

      Did you RTFA? If you did, it vehemently disagrees with what you said.

      In fact, UAC is the most complained-about new feature of Vista, and most people are disabling it as soon as possible. Why? Because MS still encourages the owner to set himself up as the admin, and work from that account. And when you're running in an admin account, UAC is nothing but a bother. Every time you try to take an action, and this could be as simple as opening something in Control Panel, UAC disables your screen and pops up a little dialog asking you if you really want to do what you just did. A pointless irritant that will cause the vast majority of Vista users to disable UAC, because the vast majority of Vista users will, unfortunately, be running as admins, thanks to MS's stubborn refusal to try to put everyone into a user account to the extent possible.

      (emphasis mine)

    3. Re:Vista security is.. by Gription · · Score: 5, Insightful

      People running as admins isn't even close to the real problem with UAC. (User Aggravation Control) The real problem is their whole concept of security is flawed. Any conceptual framework that it relies on the user knowing enough about computers to make a decision about what you should and shouldn't do is going down in flames.

      Here is a little tidbit to shock you...
      The vast majority of users that use a computer don't really know anything about computers and they shouldn't have to!!! If a computer is operating correctly they shouldn't even have to think about their computer. They should be thinking about their task at hand. They shouldn't even want to "know about computers" because if they did they would have different jobs. (A lot of "computer people" can't get it through their heads that the users shouldn't have to know much about computers and if they all did the "computer people" would be mostly out of jobs.)

      The very first example of MS's real conceptual problem with computer security is showcased by the first thing you see when you start up the computer. Let me ask you: What do you need to know to get into a computer? A username and a password. So MS's idea of increased security is to hand you a list of all the usernames on a platter so you can skip past the "find a valid username" step and go straight to the "lets find the user with a weak password" step. I haven't even been able find a way to force a 'classic' text login. We are 'clicking' our way into the pits of hell.

      Right after XP came out Mr. Bill public stated that "the next version of Windows will not be an Operating System. It will be a Digital Rights Management Platform." He said it in public and everyone seems to have forgotten it. Why would anyone PAY for a system that's only reason for existence is to inhibit the user's actions? Bill is a master at knowing which way people will jump. (That is the only thing he is really brilliant at.) He knows that people won't rush out and buy a DRM/Platform so he has to sell it as something different. It is pretty easy to do too. People (are Raccoons. Give them something shiney and their eyes glaze over and they will clutch it with both hands and won't let go. Vista has every bright and shiny go-ga that MS could throw in. Will Vista be a "success"? Of course! The Raccoons will demand their bright/shiny (pointless) 'upgrades' because how can we live without a computer that will use video as a desktop image. (I think that running the movie Idiocracy as a desktop would be perfect!)

      BTW - Has anyone figured out a hack to force an old style text login? I might even mod your posts up if you find a solution and share it! ;-)

  2. Re:Vista Security -- Too Little Too Late.... by jdwest · · Score: 4, Funny

    Vista reviewers are coming to a sad realization.
    Cancel or Allow.

    --

    Lorem ipsum dolor sit amet ...
  3. dear lord... by tomstdenis · · Score: 4, Insightful

    can't believe I'm speaking up for Vista but ...

    User security, is like car safety. It's nice to design for "in case shit happens" but if you drive like a lunatic, you're likely to get hurt.

    I think a large part of security involves the self. People don't do enough thinking, and are too lazy to follow simple security procedures. No automated tool or system, that allows some freedoms can protect people entirely. Think about it, the OS'es solution to malware? Only allow MSFT signed binaries to run. But this is horrible as it means only MSFT can authorize binaries and it cuts out 3rd party developers.

    At some point the users themselves have to stop and learn how to use their computers properly, if they want to use them. If they're too lazy to figure it out, *and* demand security, they should not use a computer.

    Of course it's largely MSFT's fault for breeding a culture of contempt for knowledge. Oh look it's so easy anyone can use it with zero training.

    Imagine if MSFT made automobiles (but with the a yolk instead of a wheel/pedals, and other "standard improvements"). No training required!

    Tom

    --
    Someday, I'll have a real sig.
    1. Re:dear lord... by Zebra_X · · Score: 5, Funny

      Imagine if MSFT made automobiles

      It would be pretty horrific...

      Are you sure you want to unlock your car? (Yes/No)
      Please confirm this action: Start car (Allow/Deny)
      The manufacturer of this car is not trusted, are you sure you want to start this car? (Yes/No)
      The car is attempting to use gas that does not fall between 89 and 91 octane are you sure you want to continue? (Yes/No)
      Are you sure you want to turn on the radio (Allow/Deny)
      The manufacturer of this radio is not trusted, are you sure you want to turn on radio? (Yes/No)
      Station 104.7 is attempting to play content that requires special priveliges, do you want to play 104.7? (yes/no)
      Please confirm your administrative username and password.
      Please confirm this action: Change to D (Allow/Deny)
      This feature requires administrative priveligeges, please enter your username and password. ... ...

    2. Re:dear lord... by GeePrime · · Score: 5, Funny

      You have gotten in an accident and the airbag wants to deploy (allow/deny)

    3. Re:dear lord... by mstone · · Score: 4, Insightful

      It's not even laziness.. it's economics.

      In today's world, people have to deal with too many different categories of information to become even competent laymen in all of them.

      Do you know how your clothes are made? Do you know how your local power grid is laid out? Do you know how groceries are stocked in the store, or how to manage the logistics of getting food from all over the world into a single building? Do you know how roads are paved, water is delivered, sewage is handled, or waste is disposed of? Do you know the legal legal issues relevant to any of those fields?

      Take fifteen minutes and try to list all the things you'd need to learn and build in order to make a ballpoint pen from scratch.. and I mean really from scratch. You don't get to order plastics and machinery from suppliers. Start with a patch of earth that magically contains all the funamental materials you need, and your bare hands. If you have to list fifteen different things before you even get to 'make a decent shovel', you're on the right track.

      Our society works because we all cooperate, and generally trust each other. We trust the experts in textiles, power, etc. to do their jobs well enough that we don't have to become experts just to meet our own basic needs.

  4. Re:Vista Security -- Too Little Too Late.... by minus_273 · · Score: 4, Funny

    allow...

    --
    The war with islam is a war on the beast
    The war on terror is a war for peace
  5. Let me get my flame-proof suit on and say...... by ip_freely_2000 · · Score: 4, Insightful

    "and downloading every bit of malware they can get their hands on."

    Come on. More than anything, Microsoft is in a no-win situation to try and protect people from themselves. If everyone ran Linux instead of Vista there'd be the same damn problems.

    If a thirteen year old wants to download smileys for their IM client, the kid is going to do it. If the software has spyware, then that spyware would do what it takes to open up or break the system. It's pretty damn hard to code against human behaviour.

  6. Re:Why should they have a problem? by Architect_sasyr · · Score: 5, Funny

    There doesn't seem to be an official Slashdot stance on Microsoft either... about the only thing you *do* notice is that most of the windows supporters post as AC's...

    Back on topic: Vista tests for my corporation have been far from impressive in both security and performance. I'll stick with the XP Upgrade method I think. "Skin XP to look like Vista... open up the case, remove half the RAM and clock the CPU back a few notches"

    --
    Me failed English...
    FreeBSD over Linux. If my comments seem odd, this may explain...
  7. Article is putting Windows in too good light by pesc · · Score: 4, Informative

    From the article:

    As Billg likes to point out, Windows is the platform on which 90 per cent of the computing industry builds, and this naturally means that it's the platform on which 90 per cent of spyware, adware, virus, worm, and Trojan developers build. That translates into 90 per cent of botnet zombies, 90 per cent of spam relays, 90 per cent of spyware hosts, and 90 per cent of worm propagators.

    This implies that Linux, Mac, Solaris, VMS, etc stands for 10% of the malware. This is not true. I would guess that non-Windows systems have less than 1% of the malware.

    --

    )9TSS
  8. Re:Limited User Accounts by DrPizza · · Score: 5, Interesting

    They don't do it because typing a password is too damn annoying.

    UAC is still useful as an Administrator. Until you elevate your privileges, a UAC user *is* a regular user (essentially they have two possible tokens, a regular user token and an Administrator token, and unless you elevate, they're using on the regular user token). This means that the "protection" that it offers is the same; what differs is the ease with which you can switch between the two kinds of user (click a button vs. enter a password). So I don't think that's actually a huge problem.

    Whenever something is done for which the regular user token isn't good enough, you can elevate to an Administrator token. That brings up the UAC prompt; it does it for broadly the same category of operations that MacOS X or Linux will demand root access for.

    The thing is, the prompt is quite annoying. It's not any more annoying than it is on other OSes; they're annoying too. But a password is even more annoying than clicking the box. And if something is annoying, well, people are going to try to avoid it.

    That's the dilemma faced by MS. If they make the thing too annoying, everyone will one way or another disable it. Originally UAC not only required a password, but also a ctrl-alt-del (so that the password couldn't be intercepted or anything). ctrl-alt-del to enter the password was too annoying; it was too intrusive. So they disabled that by default (though you can reinstate it if you want, through a GPO). Entering a password by default was also too intrusive, so again, they disabled it by default (and again, you can reinstate it across the board, even for Administrators, if you want). The reason they did this is because they want the level of annoyance to be livable. If UAC is so annoying that people outright disable it, it's useless. If it's a minor annoyance, they probably won't turn it off.

    I've been using Vista since it went RTM, and I have to say, I don't see many UAC prompts any more. I did at first, when I was installing all my software, but now, it's pretty infrequent. It's certainly something I can live with. I did try cranking it right up--passwords for all users, with ctrl-alt-del to enter them--but it's far too annoying to put up with. I can't really fault MS for making the trade-off the way they made it. Hopefully, as applications improve, elevation prompts will become more infrequent (for example, I have to elevate to play Battlefield 2, because Punkbuster "needs" admin rights... this is something that they really need to fix), and when this happens, demanding a password to elevate won't be so onerous. But as things stand right now, there are just too many problematic applications. This isn't really MS's fault (it's not like NT's DAC is new...), but it is something that they've got to live with, and provide a solution for.

  9. The OS that cried "wolf!" by KingSkippus · · Score: 4, Insightful

    This is exactly what Vista security is.

    My main problem with Vista security is that it is an OS that cries wolf. When I installed Vista, I had to click no less than 50 security confirmation dialog boxes (it's important to note that these were security dialog boxes) within the first hour or so in order to do simple, stupid stuff that clearly should not have needed confirmation. Stuff like changing my desktop background. Stuff like moving some documents around on a removable hard drive. Stuff like copying a line of text from an IE7 edit box. Stuff like pasting that line of text into a different IE7 edit box. Stuff like creating a new text file on my removable hard drive. And so on, and so on, ad nauseum.

    This isn't security. This is constant aggravation, and yes, I cannot imagine any normal user calling their geek friend after five minutes and saying, "How do I turn this damn thing off?" Even if they don't, they "mentally" disable it by simply clicking Allow without thinking. Hell, I'm a computer expert, and I did it. "You are installing the pwnzj00 virus." Allow. "You are sending your bank account numbers to Nigeria." Allow, allow, allow, dammit! Leave me alone!

    I try to give Microsoft the benefit of a doubt. I'm not a zealot or a Microsoft basher, seriously. I think they've put out some good software, but on this point, I have to agree with the folks who are saying that Microsoft isn't serious about security, they're simply trying to push the blame for when things go wrong onto the users.

    There's no way in hell that they could have conducted any usability tests and found the currently scheme acceptable. But they still let it out the door, most likely to meet some sort of artificial management deadline to keep the OS from shipping any later than it already had.

    So now, we've gone from OSes that never alert you to potential security risks to an OS that is even worse because it alerts you to everything, security risk or not.

    I'll be interested to see how Microsoft tries to fix this mess, both from a technical standpoint and a PR standpoint.

    1. Re:The OS that cried "wolf!" by Blue+Stone · · Score: 5, Insightful

      It's almost like Microsoft, sick and tired of all the complaints about poor security in their operating systems, said, "RIGHT! If you want security, we'll GIVE you security!" and then handed it out as a punishment.

      --
      Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
  10. Re:Why should they have a problem? by Valdez · · Score: 4, Funny
    ^^ No AC ;)

    What security or performance "tests" did you run that you found "far from impressive"?

    Note:
    1) Open web browser
    2) Load www.slashdot.org
    3) Read what other people who haven't actually tested Vista posted

    ... is not a valid test. ;)

  11. Re:Limited User Accounts by JohhnyTHM · · Score: 4, Insightful
    It'll make the SAME prompts when trying something that requires admin rights as a limited user

    So changing the desktop wallpaper is a security issue in Linux too?

    The problem is not that Vista asks for permission where admin is required, it's that it asks for permission everywhere.

  12. What you said, except more amusing by Gzip+Christ · · Score: 5, Interesting

    There's an "I'm a Mac" ad which covers this: http://images.apple.com/movies/us/apple/getamac/ap ple-getamac-security_480x376.mov

  13. FUD Fully Expected from The Register by ThinkFr33ly · · Score: 4, Insightful
    I fully expected this kind of baloney from The Register. Do people here honestly think that a site that refers to Microsoft as "The Vole" would give a fair minded, intelligent, and well though out review of a Microsoft product. (Not sure why I'm asking that question on Slashdot... but whatever.)

    So, point by point:

    While referring to IE's Protected Mode feature:

    However, there is a brokering mechanism that enables users to download files to any location they have access to, or to install browser plugins and extensions, and the like. So users are still invited to make a mess of their systems, and no doubt many will, while Microsoft has a chance to shift blame away from itself.

    Uh huh. First, you can't install plugins/extensions (with the exception of signed ActiveX) without admin privs. Period. Second, how, exactly, would you propose the user be able to save files to their Documents folder, or do any other file operation in their profile (or basically anyplace on the system) without this brokering mechanism? Would you prefer that Microsoft not allow users to download *any* files via the browser? Ya, that would work out well.

    However, IE7 on Vista does still write to parts of the registry in protected mode.

    IE7 is running as an extremely low-rights user. This does *not* mean that it doesn't have the ability to write to any part of the registry. It means that the register's ACLs must explicitly allow write access to the IE's low-rights user. Certain locations have been explicitly marked as write-safe for the low integrity process. The example given by The Register is one of them. In other words, it's not an issue.

    However, DEP, when full on, may cause a number of applications to crash, or interfere with their installation. I'm betting that a majority of users will opt for the more conservative setting, and this of course means less defense for everyone.

    You're betting that the majority of users, most of whom think "DEP" is an actor's last name, will go and hunt down the DEP setting and turn it off because it will supposedly cause lots of applications to crash? Really? You mean they won't selectively turn it off via the dialog box that comes up after a DEP-related crash that asks if you want to turn it off just for this application? Oh, and what quantitative study are you sighting that shows that lots of commonly used applications will crash because of DEP? Give me a break.

    User Account Control (UAC) is another good idea, because it finally, finally, finally allows the machine's owner to work from a standard user account, and still perform administrative tasks by supplying admin credentials as needed on a per-action basis. You know, the way Linux has been doing it forever.

    Windows has supported running individual processes as admin (or any other account) since NT4. It was integrated into the GUI in Windows 2000. That is not the point of UAC, and it's not how Linux does it at all. If you try and run an application or perform an operation on Linux or Unix that requires admin access, it will fail. It doesn't prompt you. It's a subtle, but big difference. And it's a critical difference in the Windows world where that vast majority of applications won't work without admin privs.

    Of course, it only works if everyone stays out of the admin account as much as possible, and if everyone with an admin password knows better than to install a questionable program with admin privileges. And there's the catch: "Windows needs your permission to install this cleverly-disguised Trojan nifty program. Click Yes to get rooted continue."

    Wrong. It works regardless of what user you *think* you're running as. An admin account on Vista (with UAC enabled) is NOT AN ADMIN ACCOUNT. It's a limited user. The *only* difference is that an admin account isn't prompted to t

  14. You're absolutely right by Gzip+Christ · · Score: 5, Funny

    You are absolutely right, the Mac ads are horrendously misleading. The lines from that commercial aren't actual Vista prompts. Even more scandalous: John Hodgman isn't really a PC and Justin Long isn't really a Mac ! Shame on Steve Jobs for his lies.