November 20, 2006 10:54 AM PST
Is Vista security a selling point?
- Related Stories
-
Gates on Vista, Linux and more
November 17, 2006 -
Study: No Vista for majority of European businesses
November 14, 2006 -
IE 7 comes a-knocking--eventually
November 13, 2006 -
How quickly will businesses adopt Vista?
November 13, 2006 -
Vista views: Final version's cool features
November 10, 2006 -
Microsoft: Vista is ready to roll
November 8, 2006
(continued from previous page)
"I've got clients at the moment who are getting very excited about BitLocker," Vista's hard-drive encryption technology, Okin added.
This encryption feature is a long-awaited improvement to a Windows operating system that ethical hacker Peter Wood says is a definite move in the right direction.
"The BitLocker technology is quite an interesting approach. We've been pushing a long time for (corporations) to take whole-disk encryption seriously, particularly on laptops and other devices outside the physical perimeter, and the majority of people we've spoken to still don't have a strategy in place," Wood said.
However, Wood also suggested that BitLocker, like other Windows features, could yet be undermined.
"We use PGP (the Pretty Good Privacy encryption program) for our whole-disk encryption because it is independent of the operating system," Wood said. "My experience to date with Microsoft's controls of these systems is that there is usually a way around it because it is so part of the Windows environment."
Security as a selling point
Wood said that determined hackers may discover that searching for holes in the operating system will offer the path of least resistance. But he admits he has yet to get his hands on Vista and is basing his criticism on the ease with which he has cracked past Microsoft code.
And he remains to be convinced Microsoft can learn from all its past mistakes.
Probability plays a part, said Wood: "It's an enormous chunk of code and it is going to be full of holes because anybody's code would be."
BitLocker, though, will most definitely be an improvement, because encryption that could potentially be cracked is still better than nothing. But as with any new technology, Wood's major concerns with Vista relate to the biggest potential security weakness: the end user.
And because encryption will be tied to individuals' Windows user accounts, Wood fears this, too, will make BitLocker inherently insecure.
He doesn't share Okin's confidence that two-factor authentication--and Vista's greater receptiveness to stronger authentication--will make much difference, or even be used.
Wood fears that for all Vista's improvements, passwords--a "perpetual, primitive and stupid problem"--will still be the Achilles' heel for many businesses rolling out the operating system.
And while biometrics and smart cards are an improvement on passwords, he says, they are still only a superficial improvement. He instead favors pass phrases, which he says could dramatically increase the security of any Vista environment and make its other features work more effectively.
But the bottom line is it seems Microsoft is going to need more than one generation of secure code under its belt before people start to believe the prerelease Vista hype. All in all, Accenture's Okin isn't convinced security will have much to do with how well Vista sells.
"The clients I work with today are probably looking at migration because they are using Windows 2000 and they aren't about to switch to XP," Okin noted. "I've seen economics around power usage and around lost laptops and savings that could be made from BitLocker and everything else, but even jointly they are not compelling."
It's more likely businesses will be swayed by other factors, such as the timing of their equipment-replacement cycle or by a wish to not be out of step with employees using Vista's home edition outside of work.
Okin says chief technology officers are telling him: "I don't want my guys to go home and have a better experience."
"If you are on Windows 2000, then of course it's compelling and you may as well go. Those on XP will be trialing and can pick their time to go.
"But are they doing it because of the security features? No. Have I seen security features as part of a business justification? Part of them, yes, but really the business justification (based on Vista's security features) is weak as a whole."
Will Sturgeon of Silicon.com reported from London.
See more CNET content tagged:
security feature, security, Gartner Inc., improvement, Microsoft Windows Vista
62 comments
Join the conversation! Add your comment (Log in or register)
admit that Vista will be more secure than XP. Why? After all
these years, Microsoft has finally adopted some of the security
features that have been part of Unix for years. For most is a
more meaningful separation between user and administrator
privileges. Why has Microsoft adopted these features? Because
these security features work!
That said, Vista will still be plagued by security problems for
years to come. Why? Rightly or wrongly, Microsoft has
emphasized backwards compatibility. Microsoft will only be able
to produce and OS that approaches Unix's security, if they make
a clean break as Apple did in their transition between OS 9 and
10.
The OS's out there that are reasonably secure(Linux, OSX, Unix) do so without getting in the users way. Linux does it and only bugs the user when the root password is needed.
So why did MS go the opposite direction?
Simple, they know they can't secure the bloated pig they have so now they can avoid working on real security solutions and just blame the end-users.
Reason #232432243 why no one should buy this POS, and move to an alternative. Before you whine about not running your favorite program in a non-windows environment, you should know that many programs run perfectly(especially games), and there are great alternatives to the software that is keeping you stuck to an incompetent software company.
For the same functionality vista does not nag you anymore than linux or osx does!!!.
Nagging happens when you are trying to do that you should not be doing anyway and thats nothing wrong with it!!!
Of the top twenty games that are selling for computers today, how many will run on linux? Name one. I didn't see a single title that listed linux in the system requirements.
All that aside, I'm not quite sure which platform you're referring to that will run Windows games "perfectly". Mac OS will do it, but it still lacks the hardware versatility of the Windows/*nix platforms. Most of the hardcore gamers I know - and even some of the casual ones - are hardware junkies and wouldn't switch if their mother's life depended on it.
When many of those features, like ActiveX, like VBScripting, like overly-integrating IE, provided additional functionality to Windows. In a controlled environment, each is useful, and the insecurities can be mitigated.
Home users, as the era of spyware demonstrated, were not given the tools (or the intelligence) to protect themselves. If there had been a firewall in Win98, the world would be a different place today.
been in wide use for a year or so. Microsoft uses the "most
secure version of Windows" marketing every time so that means
nothing.
So Vista may indeed be the most secure version of Windows ever
developed - and still carry on the tradition of being the least
secure operating system in wide use.
Time will tell.
If you want something secure go with anything but Windows.
The problem has always been that providing backwards compatibility with what was an OS that simply had no security at all layered onto that foundation and then trying to retrofit security into that layer has resulted in an OS that still needs work. Had MS been able to totally drop backwards compatibility there would've been a lot fewer problems.
Or you can free yourself and go to anything else.
security, why is that I wonder ?
Seriously - why would a typical Windows user want to upgrade? Let's hit the highlights:
"Aero Glass"? Pfft! Tucows and CNet's own download.com are choked full of UI-altering toys that make a typical XP desktop look prettier and OSX-like.
"Bitlocker"? Same story - lots of tools out there that can encrypt your hard drive nine ways from Sunday w/o demanding 2x the RAM and 1.5x the CPU to do it.
So what's MSFT got left to sell in there? "Security".
/P
Steve Wiseman
<a class="jive-link-external" href="http://www.windows-admin-tools.com" target="_newWindow">http://www.windows-admin-tools.com</a>
make vista as stable as OSX. They have to admit defeat and build a
rock solid OS from the ground UP.
make vista as stable as OSX. They have to admit defeat and build a
rock solid OS from the ground UP.
For your information microsoft did lot house cleaning and rewrote or rearchitected lot of code for vista!!! only time will tell if the efforts paid off.
Ok, so despite MS making Vista betas available to literally millions this ******** couldn't find the time to actually try the software. And his opinions are quoteworthy? C'mon CNET, you can find better sources.
In terms of security, we won't know until the distribution version becomes available and can be hammered on properly. This lad is simply saying that past versions have offered little challenge and that if it's software (any software with inherent flaws), it's crackable.. it just depends on how much effort it'll take.
Now, any CIO who is upgrading to Vista because "my staff at home should not have a better experience than at work" is truly the irresponsible one. Makeing a business choice of workstation OS based on what pretty pictures your staff see at home rather than how the package functions support your business goals is completely irresponsible.
Heck, upgrading to Vista before sp1 is questionable. It'll be forced on home users through hardware packaging deals so MS doesn't need to worry there, they've already done the legwork blowing smoke up CIOs kilts to get big business through the next never ending upgrade cycle step.
I don't need to try it one more time. Microsoft has lost me for good. I have moved on to greener pastures.
For the record this decision isn't a light one. I had a long relationship for 20years doing Windows support work in my own business. I cost me half of my yearly income.
That's ok because I feel much better now.
This is a matter of consumer rights. Don't use bad products. Also you will be doing Microsoft a favor by switching. Let's put a real scare into them instead of blindly accepting their product.
"Hoping this release will solve all your security headaches?" No, Microsoft never said that and no OS is absent of security headaches for people who use it so it would be totally ridiculous to think such thing and believe something can be perfect, I just hope (and believe) this release will solve many of my security headaches.
"Think again, say the experts." So, firstly: I need experts to tell me Vista is not perfect; secondly: the fact that someone plays cautiously and doesn't take risks with an OS means the OS is insecure, is it?
Another great prove of professionalism by CNET (very common in Microsoft-related stories, interestingly enough).
The Internet browser Firefox 2 has a problem with its "password manager" that could allow a hacker to obtain usernames and passwords from Firefox users."
Say it ain't so, Joe.