Slashdot Mirror
Flawed Survey Suggests XP More Secure Than Vista
SkeeLo writes "One of Vista's big selling points is security, but a report from CRN concludes that Vista offers little in the way of security advancements over Windows XP. Ars Technica analyzed the report and found some methodological problems. 'The report faults Vista for "providing no improvement in virus protection vs. XP," but of course Windows Vista does not ship with antivirus software — something the reviewer fails to mention. Faulting an AV-less Vista for not stopping viruses is a bit like faulting a door without a lock for opening when the handle is twisted.' That's not all: 'It was also disappointing to see CRN completely ignore the issue of buffer overflows, which has been addressed well in Vista by most accounts. This was a major weak spot with XP, and so far, Vista looks strong in this area, strong enough that Vista may never get its own "SQL Slammer." Why CRN didn't address this is a mystery, as it is no minor matter.'"
That's life for being MS.
If MS put in a AV software, other AV companies will file for anti-competition lawsuits; If MS didn't, consumers will moan about it too.
Virtual Betting on Facebook for non-geeks.
By the time your AV software comes into play your already infected. So AV software is not the lock on your door. Its the rifle in your house.
Still important, But vary different.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
XXX#######
Or rather.. it's a bit like faulting the construction company when the wall in your house fell over because somebody knocked on the door.
Anywho, anti-virus and personal firewalls are ridicilous concepts. You shouldn't have userland applications necessary for keeping other userland applications out of the actual operating system.
"" How about taking the safety labels off everything, and let the stupidity-problem solve itself? """
I'm sorry, but if I bought a security door that claimed it would keep out 99% of criminals, I would be a bit pissed off if I got it home and realised that an actual lock for that door was considered an 'optional extra'. The idea of browsing the internet with IE, no anti-virus and the windows firewall for any length of time, even no longer than it takes to download zonealarm and avg, gives me the heebie-jeebies.
"If you want a vision of the future, Winston, imagine a boot stamping on a human face forever." - George Orwell, 1984
But OSX and Linux are 'antivirus free' too.
I don't see how that ever was an excuse for their security record.
Just sayin.
Jon
Of course from practical point of view XP right now is more secure. And I don't mean default install. For example take my company and few facts:
- we managed to make the machines behave as we will
- we have invested money into third party security software
- we have invested time (which equals money) into free (as in speech) third party security software
- we have some knowledge and experience into XP security -- after these - what like 7? - years who doesn't?!
Right now we have quite healthly and working infrastructure based on XP and surrounding (like VPNs, IDSs, AVs, proxies, backup, imagining etc.) services. We know how to do it, we have experience.
Now Vista from my standpoint is just big black hole - another system from MS that does not offer me anything significant but opens a can of unknown worms... I don't see any serious businesses building their security infrastructure around brand new shining Vista systems.
Of course in *theory* Vista can be more secure, but from practical standpoint it is new and untested product that has ben rushed to the market.
It really depends on your security definition. Security is not a product - security is a proces in which you have knowledge about what you are doing. In which you have educated users. In which you have policies and audits and so on. Vista isn't anywhere near to be even a stable product from security standpoint.
What about home routers? If you can hack into few million broadband routers, you've got yourself a major botnet with little to no antivirus. Not to mention you're past the primary protection of the average home network. From there, you could spam networked printers with ad printouts and read the contents of any netork shares. Not to mention sniffing and redirecting network traffic...
tasks(723) drafts(105) languages(484) examples(29106)
How does an OS know what apps are good and what apps are bad? That's what a virus scanner is: It's a list of known bad apps. If one wanted a real world analogy it wouldn't be like a locked door or anything, but rather a bouncer with a list of people who need to stay out.
Vista already has privilege escalation if that's what everyone is bitching about. So evil apps that want system access will have to ask for it, just like everything else. However if the user says "Sure, you can have that," what can the OS do about it? Apps don't have an "evil bit" they are just code to be executed.
Same deal with the real world. If you choose to unlock your door and let someone in, it's not the fault of the people who made the lock or the door that you did.
I think the grandparent is just another of many Windows haters that seems to think there's some magic that could be done to keep viruses out that MS just won't do. Well, actually there IS such a technology and that would be the scary version of trusted computing. If hardware enforced protections past what the OS could override, and checked signatures on apps, then only valid, signed apps could run. Provided the signing authority did their job, there'd be no viruses. Of course that would mean giving total control of your computer to a third party, something I think none of us want.
What it comes down to is there is no way for an OS to both give someone control of their system and protect them from themselves. The ability to grant the authority to run code at a privileged level implies the ability to do it for both good and bad code. Thus the necessity of virus scanners. They maintain a known list of bad code, and can warn you if you try to run that. I suppose you could build it in to the OS, but it changes nothing, it is just a virus scanner that's part of the OS now. There's no magic juju, other than taking away the user's administrative rights, that will work.
Just to be clear: By taking away administrative rights I don't mean running as a deprivileged user, Vista does that, I mean NO admin access AT ALL. No escalation, period. That'll do it. Indeed we do that at work as much as we can and on those computers, we have no problems as users simply can't install software. However to do it at home, well you can see how that'd be a problem.
I don't mean to nitpick, but have a glance over the Wikipedia page on plural of virus. A good discussion on the matter.
Let's face it. Anti Virus software is the day after pill. I daresay if someone relies on defending against viruses by antivirus software, the security model is already utterly, completely broken. So no, not including an anti virus software doesn't mean an operating system shouldn't employ design and tactics against viruses. Ars Technica is simply wrong.
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
The "security enhancements" in Vista were to protect Microsoft from piracy, not to protect Vista users. Microsoft still doesn't care about them.
"'The report faults Vista for "providing no improvement in virus protection vs. XP," but of course Windows Vista does not ship with antivirus software -- something the reviewer fails to mention. Faulting an AV-less Vista for not stopping viruses is a bit like faulting a door without a lock for opening when the handle is twisted.'"
No, it's like comparing an old door without a lock to a new door without a lock and saying that the new door is no more secure than the old door. (Which sounds reasonable to me)
dnuof eruc rof aixelsid
or ... you think acting like a lawyer wins you benes when it just gathers mala notes. ;-)
-- Tigger warning: This post may contain tiggers! --