Read more on Cloud Computing
January 27, 2006 3:22 PM PST
Allchin: Buy Vista for the security
- Related Stories
-
FAQ: Getting a handle on Windows Vista
November 29, 2006 -
Do Web filters protect your child?
January 24, 2006 -
Faster Wi-Fi standard gets draft approval
January 19, 2006 -
Microsoft to hunt for new species of Windows bug
January 9, 2006 -
Windows AntiSpyware becomes 'Defender'
November 7, 2005 -
Vista's answer to PC power woes
August 25, 2005 -
Longhorn's new name: Windows Vista
July 22, 2005 -
An early peek at Longhorn
April 14, 2005 -
Microsoft revamps its plans for Longhorn
August 27, 2004 -
After delays, Windows security update ready to go
August 6, 2004
(continued from previous page)
Another security change at the operating system level involves Internet Explorer. In Vista, IE 7 will run in protected mode by default, Allchin said. This mode will prevent silent installs of malicious code by stopping the Web browser from writing data anywhere except in a temporary files folder without first seeking permission. "We sandboxed all of IE," he said.
On systems with 64-bit processors, Vista will require digital signatures to run kernel-mode software such as device drivers, Allchin said. This is an attempt to block unwanted software such as rootkits from nestling deep into the PC.
Microsoft also has updated the security software in Windows Vista to help fend off threats. The firewall has been updated and now looks at incoming as well as outgoing traffic--in XP SP 2 only incoming traffic was watched. Also, Microsoft has made its anti-spyware tool, Windows Defender, part of the operating system.
"The first step is protection from doing things inadvertently or warning you about the level of impact it could have," Allchin said. "Then, if you let something in, Defender is there to (warn you) and you can undo it. If the thing gets in and has really done some awful things, using the equivalent of System Restore in Windows XP you can back up time and undo it," he said. Microsoft doesn't yet have a new name for System Restore, he said.
Videos
Microsoft Vista coming your way
Microsoft's Jim Allchin speaks about Vista.
A vista of Vista
CNET News.com's Ina Fried asks Microsoft's Jim Allchin questions from readers.
Does Vista mean business?
CNET News.com gets a look at Vista's office functions.
Other security features in Vista include BitLocker Drive Encryption to protect data on computers when lost or stolen. The encryption feature is designed to work with a chip called the Trusted Platform Module, which offers protected storage of encryption keys, passwords and digital certificates. BitLocker is the one remnant of Microsoft's grand hardware-based security plan originally envisioned for Vista.
For businesses, Vista will offer tighter control over removable storage devices by letting administrators centrally block the installation of, for example, USB (universal serial bus) flash drives and external hard drives. This feature is designed to help prevent intellectual property or sensitive data from being compromised or stolen.
IDC analyst Al Gillen said that Microsoft has taken much-needed steps with the operating system, such as the USB-blocking abilities.
"Those kinds of things are incremental improvements that really were pretty important," Gillen said.
But, like any software, Vista isn't hack-proof. In fact, Microsoft has already had to issue a security update for the operating system. The patch fixed the same vulnerability related to the processing of Windows Meta File (WMF) images found in earlier versions of the operating system. "That torqued me," Allchin said.
Microsoft was in the process of checking the parsing of all kinds of files and hadn't made it down to WMF yet, according to Allchin. "We would have caught it. It was on the list; we didn't get to it" in time, he said.
"At no time am I saying this system is unbreakable," he added. "Security is going to be an issue for the industry in all pieces of software, not just the OS."
189 comments
Join the conversation! Add your comment (Log in or register)
But before you buy, replace your PC, your graphics card, buy a new notebook..
Compatibility? Well.. some will work, most of them won't, upgrade your software..
Security.. haven't we heard the same song with XP SP2?
Hardware compatibility... some work, some will not. Your DVD-ROM is not fully RPC2? won't work. Your codecs are unsigned? no go..
Yeah, sure, buy Vista.. AstaLaVista for your money!
Windows or not we will have a hard time freeing ourselves from content control. New media formats will require it, end of story. Unless you'd rather skip multimedia altogether, you're probably going to have to accept a little rights managment.
Root disabled by default?
metadata search?
These, I already have. Malware free and liking it.
Built on a Mac.
Idiot.
Just think, OS X might possibly be as good as Windows XP and Vista someday, because Apple could get off its increasingly transparent high horse and sell me an operating system that will run on my existing hardware (like XP, like Vista). Windows NT and 2000 had hardware compatibility lists. It's not as if it's an impossible task to capture 50-75% of the existing hardware market based on support of NVIDIA/ATI/INTEL 8xx+ chipsets.
*scoff* Yeah, right. It'll never happen.
Mac OS X is like great Chinese literature. If you're fluent in Chinese, then kudos to you, but if you won't provide a translation for the rest of us, then it may as well not exist.
Linux has matured into a fantastic system for people to use. It's
DRM/spyware/virus free.
Or, go with a Mac, and get the best features in Vista NOW, and lose
all the problems with Vista.
things they are bringing in Vista and comparing it to what we
already have, and have had for quite some time, in Mac OS X.
For example, the article says Microsoft is "introducing" the
protected administrator privilege level. That sort of thing has
been around for a long time in other operating systems. And,
yes, I know XP has non-admin users, but there are lots of
problems with programs not running properly.
People love to say that the Mac OS has security through
obscurity. Although small market share is no doubt helpful, Mac
OS X has been using "protected administrator" privileges for
years. If Microsoft is now touting this feature as being a big
security boost for Windows, then other operating systems that
have it already should be recognized for having superior security
architecture now.
You want to use linux? Fine. I'm not going to tell you it's crappy. But you can show me the same respect. I am so tired of hearing linux users badmouth everything but their choice. It's getting old.
Why don't you do something novel like tell us what nice features linux has, how easy it is to do what you want to do, how simple it is to set up and load drivers. Tell us the wide selection of software available and how easy it is to install and configure. WHY DON'T YOU!?!?
That's like automobile manufacturer whose cars consistently have
the worst crash results year after year saying buy their latest model
- for "safety!"
lol
B4 u retire pls buy all the media companies so that they provide free music, movies, tv shows and softwares. That solves DRM issues.
perhap one day then people will put u in e leagues of Marx and Lenin. Imagine in 2100 people worshipping William H. Gates III and Gatesism.
Enjoy your Vista Honeymoon period, it ain't gonna last.
This article is aimed at the gullible and unsavvy web users, who are out of touch with the reality of software security.
Please don't let this guy give you a false sense of security, purely based on words, than factual information on how secure the new Vista really is.
Good day.
Instead Billy Boy has to get bit in the *** with 2K and XP security holes from heck to the extent that an e-mail "mandate" needs to be put out to the company that security comes first. Well duh. I'm not spending 3 figures on a software package just because MS got a clue late in the game. FU Microsoft.
Maybe it's just me, but read the earlier interview and now this one, and let me know what you think.
When I re-read that interview, and now this current one, I get that "AMWAY" feeling. You know, like I should put my teflon suit on or something so nothing will stick.
On a positive note, I'm glad he stopped using terms like "super-happy" and "super-hard-core."
Buying the VistaOS for security purposes when it also allows "People near me" to share app's and doc's? Excuse me?
Microsoft will never solve the security issues because they're a target, and their culture invites people to target them.
Security issues are always going to be an issue with a Microsoft OS. Even IF they eventually did solve the issues, could you ever completely trust that they did?
Hahaha! I thought the exact same thing. Meet the new OS same as the old OS.
Wow! what a nice back-door for hackers! I am sure they will have a lot of fun with this one when Vista is out.
Perhaps it was put their purposely by Microsoft marketing machine so that they could advertise for Vienna in the same way.
"Yeah, I know that Windows Vista was slightly crappy with that PC sharing feature and all, but we have super-security in Vienna!"
Hey, that is the way Microsoft do their business.
Put enough holes around so that they can be patched up in the next "Super OS - <put some name here>".
Wait, when did we hear that before?
Oh, right, when we had Windows 95,
then when we had Windows NT,
then Windows 98,
then Windows 98 Second Edition,
then Windows Millenium, which can't really be used anymore if you need to run any decent software, then we heard it again with
Windows 2000,
then Windows XP. Got the Home version? Get the Pro version at twice the price for even greater security.
The story of "improved, enhanced" Windows Security is getting old, Jim.
Tell us more about your forthcoming retirement.
Tell us what you'll be doing when your company launches Windows Vienna (the successor to Vista), which will be "even more than secure."
What will you be using then, Jim? A Mac or Linux box to make sure your memoirs aren't obliterated by the next piece of malware charging through all those secure Windows boxes?
They figured by building the OS from the ground up that it would take crackers years to find new exploits to harass Vista users with. Oooh, but wait...look at all the shiny GUI's. We'll be too busy drooling that we'll never notice the next zero-day exploit that blasts Vista a new one.
Look people. It's like politics. It's never going to change until the very roots of Microsoft changes. All the so called security that Windows users had been waiting for should've been there with Windows 2000, Windows XP, and 2003 Server. How long do you have to wait until the core mechanics of an OS are made responsibly? Why did we have to wait until now to finally rip Windows worst security liability (Internet Explorer) from being an integrated part of the OS? Why couldn't Microsoft fix all the exploits that spyware uses to install itself on your box with ninja like stealth? Why did you have to wait until now, or so Microsoft says?
It's a simple answer. It's so they could make you buy into their new OS to make you "feel more secure". Notice that word, "feel". It doesn't say you WILL be more secure, just that you'll have the delusion of security. The delusion is what keeps the bankrolls at Microsoft fat and happy. It almost makes me smile everytime that delusion is shattered in headlines about an exploit that Microsoft new about all the way back with Windows 98 (WMF exploit), but never chose to patch.
So, right now you must ask yourself several questions. Do you want to upgrade you OS to Vista that doesn't really promise more security (like Microsoft's ever been good on promises anyways), be restricted by DRM (Digital Rights Management) restrictions that could potentially control every aspect of how you manage your data ans systems with near Gestapo like abilities, and pay top dollar for it, too?
There are many other OS solutions that will offer you the security, software, support, and community that actually cares about making good and usable software without limiting what you can do. There are other solutions that aren't driven by greed, propoganda machines. The good thing is that most of the software I speak about won't cost you a single dime, and it's legal.
Sincerely,
A Happy SuSE 10 Linux User
(and yes, it was actually easier to setup than Windows)
What do you expect? For Allchin to admit that they copied this from Linux and this from OS X? And for the sake of marketing, why even mention the competition in an interview?
Some Microsoft articles did admit copying some security concepts from Linux/Unix for Vista. But there's no Microsoft article admitting they copied something from OS X. Who cares? It's obvious in Vista anyway... And I like them!
:D
Have you really tried them yet? Are you a beta tester of the Vista OS?
You know, it all sounds well and good, but we're really not going to be able to have an informed opinion on the Vista OS until we've actually used it.
I use both OS' - XP and OSX. If I do upgrade to Vista, and if those Vista features don't work as efficiently as they do in OSX, I'm going to be frustrated everytime I use my PC.
system for the whole package. in a word... tiger
This is just the next Microsoft Brain Fart.
You want security... DON'T CHOOSE Microsoft!!!
Linux is much more robust and secure and they patch it a lot quicker too!
I can't stand Macs, but hey... I'd still recommend them over Vista!
Walt
(Sorry, I kept clicking submit under the wrong categories, this has got to be the fourth one of these comments. This is where I meant to put it)
users were vulnerable all but six days. When Vista users can say
they have gone at least six months without a critical vulnerability
then MS will have some reason to say that Vista is more secure than
XP.
But, IMO, when that day comes Microsoft will have to compete with
headlines like H*ll Freezes Over, and Pig's Fly.
around him about future technologies...
Jim, Dude, get a clue....Microsloth "Security" is an oxymoron.
When oh when will Billy "Bob" get his act together & throw in the
towel.
Citizen Gates & Big Brother Ballmer need to RETIRE like Paul
Seahawk Allen did years ago & move on with their life.
DOJ was right when they wanted to break MS into three
companies, that would made them agile & competitive to solve
their technology & legal problem & actually BE INNOVATIVE.
Instead of endless beta programs sold as real program & all of
us are their security holes & virus riddled guinea pigs...
Vista = Microsith's Last Hope.
Windows CEMENT promised solid security like a block of cement - unbreakable. Its looks were made to adorn your sitting room- but it could not be switched on!
Windows CE + ME + NT = Windows CEMENT, Rock Solid.
Oh and is it just me or that "people near me" feature looks like a major security problem waiting to happen? The fact the machine is willing to broadcast that its windows vista is a risk. If its on open wifi all some hacker has to do is sit in a cafe and when there is a security problem in vista (and there will be) they can get a nice list of windows vista machines to attack, such a useful feature. I suppose you could use it to send targetted adverts. Find all vista machines: "It looks like your using vista. You really need to buy spyware scanner, want to buy ours?"
The real problem is soooo many people are allowed to get away with putting spware on machines becuase its in the EULA, or other such stuff.
And whats worse is major companies SUPPORT using hostile tools on there customers machines. Look at sony, we want to stop piracy so we put rootkits designed to comprimise windows machines to people who bought our CDs. What idiots, didn't they release that thoose people BOUGHT THE CD. They wanna be stopping people who download pirate copies not annoy the people who are trying to do things legit.
Oh and on the subject of anti-piracy, you guys REALLY have to drop all the registration stuff. My PC got hacked cause of registration! Windows was whining about it going to blow up if I didn't dial the internet or summit. As I was downloading updates and registering a damn virus got it. Ironicly windows update was proberly trying to update the fix for the flaw that let it in. Unfortunatly you can't get all the patches of dialup by the time a virus hits your machine :(.
May I suggest hardened mode for connecting to the internet for downloading patches the first time?
Oh and for securing IE, Get rid of it. Unfortunaly this is hard to do in XP because it is so tightly woven into the OS, which is proberly why IE bugs can comprimise a machine even when not using IE, yay.
What concerns me about Vista is its memory requirements---I've heard that it's a memory hog, and that it will probably run slowly or not function correctly on computers with less than 512MB of RAM. Many older computers, and some newer ones as well, will need to upgrade---an added expense. OneCare, which is Microsoft's beta anti-virus program, requires at least 256MB of RAM to function correctly. When you add this to the other security programs that will be required, as well as any other programs that a person wants to use, the memory requirements for PCs running Vista will be beyond the range of many. This may be a bad selling point for Vista.
I'd like to add that it seems Microsoft is the one with major memory problems. They seem to have forgotten the average consumer. In return, the average consumer may as well forget Vista. Perfect amnesia, all around.
I wouldn't be in the least surprised if Microsoft has struck a deal with Dell, or some other computer manufacturer. A NEW operating system for a NEW computer---maybe this should be Vista's slogan. If the average consumer resists Vista, it may be their only slogan.
Apple (and Apple fans) have been claiming superiority for a long time. From a 1992 pamphlet I have Apple not only claimed that Apples were faster than Windows, but also that people were 15% more productive when using them. In a 1993 pamphlet they claim that a Quadra was 40% faster than a 486 of the same MHz (33). But back then, I believed that the Mac was the future too. For me, Windows 95 changed my mind. It may be insulted by many today, but Win95 was an excellent comprimise of WinNT stablity and Win 3.1 hardware requirements, and it had many features that Apple fans had to wait till "Mac"OS X for. I keep these pamplets (as well as many others for Commodore, Atari and Acorn) to remind myself of the difference between potential and reality. (They are a good laugh as well, especially a Atari Falcon one that boasts of VR capabilities. I highly recomend watching the Apple Lisa TV ad with Kevin Costener in it.)
But stay in your bubble Mac fans. You will all be dual booting Vista soon and deep down you know it. Apple have made the mistake of screwing over their developers for the third time. It it good that Apple do write their own applications as they will be one of the few that write Mac Apps soon. I know what it is like to cling to a dying platform as I did it with the Amiga and the Acorns. But I learn from my mistakes.
substantiation than you have provided.
First, the software is special. Run Windows XP and then run OS X
Tiger. Look at the rendering on both. Toggle among tasks and
look for the response in the UI. I will simply invite everyone to
take this challenge (which really doen't require much time).
Second, WinNT did have many features that were way ahead of
anything Applet had for eight years. This is true (and you can
thank Dave Cutler of DEC for that just as Applet fans can now
thank Bill Joy and legions of others working on BSD). But NT's
implementation was not superior (it was better than Mac OS at
the time, this is true). It was only when Microsoft released
Windows 2000 that the implementation was good, although far
from great. Additionally, the UI experience was still relatively
poor. Apple was losing the race until September 2001. That was
when Mac OS X Puma came out and it compared relatively
equally to Windows XP. By the time Mac OS X Jaguar came out, I
believe that OS X pulled way out in front of XP. We can agree to
disagree on this point.
By the way, If you like Microsoft, then the OS you ought to be
championing (not having Vista right now) is Windows Server
2003. That is the OS where every Windows NT/2000 deficiency
was corrected. And if you champion Windows 2003 Server (no
client version), then you are going to have to take a look at Mac
OS X Tiger Server in order to make a fair comparison. Do this
next weekend!
Furthermore, it is not fair to compare Vista demos with OS X
Tiger. OS X Tiger is not Vista's competition as Tiger is already
out and Vista is not. Everyone has seen great Vista demos
(including me) showcasing all sorts of pretty things. Vista's
competition will be Mac OS X Leopard which is due at the end of
2006 (or early 2007).
Did Applet get arrogant with the Mac? Yes, and they were rightly
punished in the market place. Did Microsoft security problems
constitute a breach of consumer trust. Absolutely. And they
ought to be punished in the market place for this.
And you can say "yeah, but they won't get punished!" and laugh
at me. But, this competition will not be settled by old TV adds
and old generalizations. Hei, compare the new Macs with the
new Windows machines (either now or at the end of 2006).
Dude.
Sincerely,
jonnie savell
"Microsoft is the desktop OS king and will remain that way as there is nothing that compares to it as a package."
You left off "unless they begin to comply with the remedies imposed on them by the various judicial systems." M$ is number one because they are a predatory monopoly and they haven't stopped being one because they can still get away with it. If you don't know better than to spout such nonsense then you aren't just an innocent dupe.
In the Windows world you have 20 options for every application. In the Mac world you have 2 or 3 options in most applications. This narrow market means that more of the Mac users are using the same products.
If the Mac has 10% of the market, and you can capture 100% of that, instead of 5% of the Windows market, the Mac market is bigger for you.
It is all a matter of scale.
other box made. Not because it is necessarily the best choice.
To say that the platforms are increasingly similiar ignores some
facts:
1. They really aren't that similiar.
2. The similarities that are there are due to MS constantly adding
features that OSX has brought to market first.
It is interesting that you keep marketing material as some proof
of decision making. NEVER listen to marketing... from anybody.
Funny I am not hearing anything from developers on OSX about
being "screwed" over. Just the opposite in fact.
The thing in your remarks I find interesting is describing Win95
as a compromise. That is what Windows is always composed of...
compromises. Get a Mac, use it for a while and make an
informed comment, not something based on old pamphlets.
in. It's 2006 for cripes sake!!!! OS X and Apple has gained share
since 2001, and the digital living room technology (iTunes+OS
XFront Row) that Apple has developed will help to increase
market share.
You obviously have let technology pass you by with your
ignorance.
gain security. We purchased XP and we made a mistake.
Why should we pay again to get what should have been delivered
before? In fact, we shouldn't. They abused the trust that
consumers placed in them.
So, "crimes against humanity" was felt to be too extreme. But the
analogy is not without merit. Consumers should remember
Microsoft's past offenses; Consumers should not forgive.
Sincerely,
jonnie savell
After using Windows 3.x through XP, I have to say XP is by far the best and a vast improvement over 98 and ME. ME was the epitomy of crap. I'll never forgive MS for putting that junk out.