Slashdot Mirror
Vista Makes Forensic PC Exam Easier for Lawyers
Katharine writes "Jason Krause, a legal affairs writer for the American Bar Association's 'ABA Journal' reports in the July issue that Windows Vista will be a boon for those looking for forensic evidence of wrongdoing on defendants' PC's and a nightmare for defendants who hoped their past computer activities would not be revealed. Krause quotes attorney R. Lee Barrett, 'From a [legal] defense perspective, [Vista] scares me to death. One of the things I have a hard time educating my clients on is the volume of data that's now discoverable.' This is primarily attributable to Shadow Copy, TxF and Instant Search."
If one was stuck with Vista, I could see VMWare being quite popular. Just run all of your "other activities" under a VMware computer. If the computer ever falls into enemy hands, just wipe out the virtual computer and you're good to go.
Another reason I'm sticking with XP.
He who laughs last is at 300 baud.
These are all legitimate, useful features. It's the implementation that's wrong.
All potentially damaging (ie, all) data should be written to an encrypted store in such a way that recovering it from a lost/stolen/seized machine is hard to impossible without assistance from the owner. That's just good design practice in an environment where there is more than enough computing power available.
I'm aware that there are places where you have to hand your keys over to law enforcement... with which I have no real problem provided the due process of law is followed. But at least properly managed/segmented encryption can prevent a fishing trip. And in the worst case if you were being falsely accused of something really awful then you might decide that the penalties for not handing over the keys were less severe than the penalties for having the data available. At least you would get the choice.
So now with shadow copy Vista not only saves all versions of goatse and tubgirl that I ever will encounter, I'm most likely unable to remove all traces to those pictures from my machine. And with instant search everybody can find them easily.
Now that's progress.
To make sure my Windows is running at peak efficiency and performance, I got into the habit of completely reinstalling Windows every Thursday at 10am.
This habit was developed during Win95, WinSE, WinXP SP1, and WinVista Beta
What? There was evidence there? Ooops, sorry... my standard operating procedure wipes the disk once a week.
What good points? It has a resource intensive "shiny" interface. It has levels of DRM heretofore unseen in an operating system. It is claimed that it is secure, yet still has gaping security holes. It is claimed that it is safe, yet has to be made un-safe for users to be able to do anything with it. It is expensive, clunky, space consuming, privacy invading, insecure, unsafe, and is more interested in protecting the interests of major Hollywood distributors than its users.
Care to highlight why I'd want to use Vista?
Goten Xiao
Because there aren't any. Seriously. I've been using Vista (Business) all summer; I should know. Yes, it has fancy GPU-accelerated graphics. But they don't do me any good because they suck my battery life (it's the difference between lasting through a lecture worth of note-taking in OneNote, or not). Yes, it has better support for Tablet PCs... but only ever so slightly better. Other than that, the only differences I notice between it and XP are all negative: shitty or missing drivers, annoying bugs, infuriating UAC (if it asked me to confirm an action once, it'd be okay. But it often asks me twice: once by the app, and once by the OS). It's so bad that -- even though Tablet PC users should have the most improved experience in Vista of any group -- I'm switching either back to XP or to Ubuntu once the semester is over.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
As for privacy, to the extent that this sort of thing requires a legal order to hand over the information, I can't really see that it's an issue of privacy. If it is accepted that preserving the rule of law sometimes requires surrendering information that would otherwise be considered private, then that is the end of the matter: the information in such instances has ceased to be private.
If a PC is stolen, that is another matter, but in such cases, encryption can be used to prevent private data falling into the hands of thieves. This arguably makes a PC with appropriate encryption enabled safer than paper records.
But if you went back in time to cover your tracks, there would be no tracks to cover in the present, therefore you wouldnt have to go back in time in the first place. But if you didnt go back in time in the first place, your tracks wouldnt be covered so you'd need to go back and cover them! But if you went back in time to cover your tracks, there would be no tracks to cover in the present, therefore you wouldnt have to go back in time in the first place. But if you didnt go back in time in the first place, your tracks wouldnt be covered so you'd need to go back and cover them! But if you went back in time to cover your tracks, there would be no tracks to cover in the present, therefore you wouldnt have to go back in time in the first place. But if you didnt go back in time in the first place, your tracks wouldnt be covered so you'd need to go back and cover them! (etc...)
Then: you are using Linux, what have you got to hide ?
The next step is: Only criminals use Linux
I have just realised: I am typing this at a Linux box. I had better go down and turn myself in at the cop shop.
Yes, we know it's more resource intensive, but it's not just the interface that's doing it. One article is from an Apple fansite which either fails to understand or doesn't want to and the other doesn't claim it's the interface at all. Bad start.
The DRM only applies to (shock) DRM-enabled content that you buy. It was a choice between layering in the DRM or not allowing people to view that content on the PC at all, a choice enforced by the big media companies who own the content. Yes, Microsoft could have stood up and said no, and in doing so crippled Blu-ray and HD-DVD functionality in Vista. Surprisingly, despite Slashdot's wanton hatred of it (I don't particularly care for it either), very few consumers care about DRM, so they went ahead and gave people access to that content.
For security, two of your articles were published before Vista was even released to the public, and the only relevant link just explains that if an installer requests admin mode, you can give it admin mode and it can do what it likes, citing a 'malicious freeware Tetris installer'. The article fails to mention that this happens in the same way for both OS X and Linux, instead of trying to be useful and educate readers on using their common sense when downloading software.
Saying 'security has to be disabled for Vista to be useful' is just plain bullcrap. Turning off UAC merely stops giving you the choice to run programs as admin. UAC doesn't prevent any programs from running unless you say you don't want it to run. You may want to clarify that point.
Expense (as always) is in the eye of the beholder (I paid my £70 and have never regretted it), and considering hard drive costs are down to 30-40 cents a Gigabyte, then the extra space costs are inconsequential. As most people only get a new OS with a new computer they will probably never even concern themselves with this point.
You didn't provide links to prove 'clunky' or 'privacy-invading', which doesn't surprise me.
The article you linked to for 'insecure' says "Microsoft, Kaspersky and Sophos think that you don't need kernel access to keep it safe from viruses, but Symantec and McAfee don't agree. They're bigger than the other two vendors and Microsoft is biased so they must be right".
Your final link takes the cake because it links to a list of blogs and none of them mention Microsoft at all.
So, why would you want to use Vista? You wouldn't. Nothing to do with usability, or features, but because you obviously prefer using Linux to the extent that you're prepared to parrot the FSF line without actually understanding it.
My plus points with Vista include:
- Playing MP3s and DVDs without breaking the law (fair law or not, still a law)
- Being able to play the latest games without needing a degree in Computer Science
- Being able to perform 99% of my system tasks without referring to the CLI
> Vista is actually selling quite well
g -systems/features/why-nobody-wants-windows-vistav 2006/tc20061129_739121.htm7 721
No, Vista is being pre-installed on new computers.
Vista is not selling well, people do not want it, and
companies are being told to stay away from it*
> and many people I know are using it without any complaints.
Many people I know are switching to Ubuntu. See how that statement works?
> Why are the good points about Vista never mentioned on Slashdot?
Um because most of the people that come here just see history repeating
itself.
[*]
http://www.tech.co.uk/computing/software/operatin
http://www.businessweek.com/technology/content/no
http://www.theinquirer.net/default.aspx?article=3
boycott slashdot February 10th - 17th check out: altSlashdot.org
Disclaimer: I use Mac laptops, Linux servers, and Windows desktops (in the main). I am *not* a Microsoft shill.
Right, karma to burn. How the hell is this "Informative"? "+5 Groupthink", or "+5 Telling me what I want to hear", sure. But there is no information here at all - Vista does have some "good features", regardless of what some people think. Answering your points specifically
1) Eye Candy: If you don't like it, turn it off.
2) Missing or shitting drivers: I have not noticed, nor do I know anyone who has noticed, Vista not supporting hardware that XP supported. Shitty drivers, well, this is a more reasonable concern, but it applies in my experience only to graphics, and then only to people for whom a 5-10% drop in performance (until nVidia get their ass in gear) is a "shitty problem". It's *vastly* better than Linux in this regard.
3) UAC: You're doing it wrong. I have not seen a UAC prompt that wasn't because I launched an app that required admin priviledges for weeks. Sure, when you're setting up the system, you get them a lot - much like in Linux, where you prefix half the first weeks commands with "sudo". After that, if you're seeing it more than once or twice a week, you need to seriously look at what kinds of software you're running that constantly need "root" access.
As to a sample of "good points"
1) New graphics and sound stack is vastly superior - I can set sound volume on a per application basis, automatically, using an simple interface built right in. No more stupid Flash in Firefox blaring away at 80db when I'm listening to music via iTunes.
2) Integrated search - Works as well as Spotlight for me, and I thought Spotlight was the best thing since sliced bread.
3) UAC - Yes, in my eyes, this is a good thing (and the biggest step forward in Vista). Windows no longer uses an "Admin for everything" model, something most people have been crying out for it do have for years.
Does it add anything *huge* over OS X, or even XP? No. Since when has a new OS release added anything world changing? They have been, since OS X 10.0, Linux 2 and Windows 2000, incremental. Is the DRM stuff a bad route? Yes. Does Vista use too many resources? Well, the idle footprint over my OS X machine isn't significantly greater - I would say it *does* use a too much, but frankly, as my machine is fairly modern, I don't notice. In many operations, it's faster than XP.
Should we all move to desktop Ubuntu? I don't know - I use Linux on servers, but it's still not ready for desktops, in my eyes. A technically semi-literate friend installed it on his Laptop, as someone had preached too him, and it *mostly* worked - except sound, which was a huge pain in the ass, and even I (with years of Linux experience) couldn't make work. Mostly is not good enough (he bought an OS X laptop to replace it, and is very happy). When Linux sorts out these issues, and gets a decent suite of end user software (no, Openoffice is not good enough to be an Office replacement), I might consider putting friends and familiy onto it.
Is Vista the devil? No. It's no worse than XP, and has several significant features that make it better, much like XP over 2000.
For quite some time, it's become easier to find out anyone's business as they used their computer, even in Windows XP. It just seems that with Window Vista, it's easier to make the discovery. Keep in mind, it's not just the operating system doing the copies, but it's also applications that do so as well.
From the "temporarily copied" documents viewed in Microsoft Outlook, to the cached images stored by Internet Explorer, and still yet to the meta-data stored in Word documents. (There have a been a few times I have read a Word document meant to be anonymous only to find the creator in the document's properties.)
While it might take the career of the computer forensic scientist down a peg and be a boon for any prosecutor, it does nothing more than make it easier to find information that hasn't been deleted by force from its owner.
Don't be surprised if the market now swarms with applications that will allow you to 'view' data while wiping all trace evidence after it's been seen; or still yet allowing you to create documents that are completely wiped of meta-data. Sure, you won't be able to find something unless the search has to delegate to its bits and bytes, but at least they can't find someone's manifesto by name. (Of course, you have to be sure that it wasn't e-mailed.)
It's encroachment on privacy like this that creates entirely new markets for people to leech from the truly paranoid; which seems to be quite a majority of the population since everyone seems to have some skeleton in their closet.
On a funny note, this one co-worker had an embarrassing image pop up every time he went to print; the image itself was attached to an e-mail from a co-worker who loved to send around joke e-mails. He wasn't able to get rid of the image from the preview, until I pointed him to the directory (which is stamped in the registry) where Outlook stores its temporary files (usually most attachments, images, etc.) Apparently this fellow never opens any e-mail from this co-worker anymore.
Spoken like a true totalitarian. What happens when the laws change and the perfectly legal and moral things I do on my computer become immoral and illegal according to the government? Sorry bud, but I'll hang on to my privacy.
... my disks are encrypted
http://sourceforge.net/project/showfiles.php?group _id=37015
Not sure if it helps in this case, though.
Bypass Compulsory Web Registration -- http://bugmenot.com/
If you wish to be secure in your illegal activities, you'd probably be wise to avoid keeping any records at all.
Allow me to edit the above:
If you wish to secure your data from unwanted intrusion, you'd probably be wise to avoid using Vista which records your activities using methods not found in previous Microsoft systems, or other systems in general.
I do all my illegal activities on an Abacus.
Red bead attempting to slide right.
Cancel or Allow?
Please stop stalking me, bro.
What is forgotten here is an OS really should be an OS - designed to run the computer and what not.
Now, when that OS has deliberate code to track and monitor a users 'usage', it really is no more a tool to run a computer, but rather a tool to watch a user. The main job of that code is absolute control of the computer taken away from the user.
MS have been trying to do this for years, and now it looks like they have succeeded ~ and the sheep follow and buy the crap.
It is pretty scary that this succeeds at all. I mean, nobody in their right mind would buy a car that recorded every single journey and 'phoned home' every time you exceeded a speed limit, or the car stopped at changing traffic lights, even though you didn't need to... the world would be in uproar and the car would most definitely not sell at all.
Yet the sheep still but this crap...
The reality is that most users like the ability to index and search their data, and to recover previous versions of a file, as well as the better reliability offered by transactional file operations. In the general case of a non-criminal user, these features provide far greater benefits than the potential harm of having their activities more effectively analysed by law enforcement officials, in the highly improbable case of a legal order to hand over their data.
Arthur Dent: Is it safe? Ford Prefect: It's perfectly safe. It's just us who are in danger. -- Douglas Adams (HHGTTG)
I think the issue here is choice.
YOU should be the one to decide if your OS phones home, if it stores every keystroke you ever made, if it keeps copies of all the files you ever had, etc.
Just like a bad doctor who decides for his patient, Microsoft has decided to take choice away from the user. The only choice you are limited to now if you don't want the OS to do this is to choose another OS.
Seven puppies were harmed during the making of this post.
The Republican's sure aren't going to want to upgrade...
If only my ancestors had truly understood the horrible dangers of "pads of paper", whose insidious nature permitted forensic recovery of exact handwritten correspondence. The prosecution needed only a #2 pencil to reveal damaging evidence by merely wiping the edge of the pencil "lead" across the page whose surface had been silently altered to store the impressions of the writer's penmanship.
Besides, I much prefer to use an operating system that not only doesn't keep shadow copies of my work, but rather, in a heroic effort to safeguard my privacy, quickly loses the originals ("file not found", "seek error at track nnnnn", etc.).
I say "boo" to Windows Vista. We don't need no stinkin' backups of our data.
Since things like computers didn't exist back when the Constitution was written. You can't just say "no" to anything that might convict you. For example you can't refuse to hand over a key to your house (not that they can't break the lock anyhow) or refuse to give a blood sample. So an encryption key is a real grey area. On the one hand, it isn't really testimony per se, it is more akin to a physical key and thus you should have to hand it over. On the other hand it is something that is stored solely in your head, and the intent of the 5th is that you could keep your mouth closed if you wanted to.
Something like this would probably have to be argued in court if it came up. There is probably some precedent both ways, and I don't think there's any rulings on this specific topic.
If you haven't tried it yet do the following: corrupt the networking part in VPC (or disable networking in VMWare), then load Windows Vista or XP SP2 and use it on a regular basis (you don't even have to load anything, no updates or so), never allowing networking and since it's a corporate version you don't need to activate.
I think after about 90 days (more or less, I don't use it that much) I have noticed the Windows installation corrupts itself everytime with the same error (blue screen on startup saying it can't find a specific file in the \system folder), call Microsoft and all they know is that you should apply the latest patches (but I'm not on the Internet, I'm in a controlled environment)
I have had it with different systems (Mac, PC, Linux) and there was no special software running on the virtual machines and all networking and file transferring was blocked.
Custom electronics and digital signage for your business: www.evcircuits.com