An assortment of new security features in Windows Vista will help many consumers become "secure enough," but businesses are unlikely to abandon their current levels of additional, backup security if they adopt the new operating system, some experts say.
Among more than a dozen security features within Vista are improvements such as the malicious software removal tool, smart card and log-on authentication changes, user access controls, USB device controls, Windows defender and Windows firewall.
But none of these, even in combination, should be seen as a panacea, security professionals say, and the need for a layered approach to security remains as critical as ever.
Stuart Okin, security partner at Accenture and former U.K. head of security at Microsoft, told Silicon.com: "As I see it, there are 15 security features in Vista and none of them are this great panacea where if you install them the world will be OK.
"Security is about layers and you need to take a layered approach to security."
While Okin's admonition is not new--or unexpected--it is worth repeating, especially to protect consumers from an overreliance on Vista's security features.
The net effect for consumers, however, will undoubtedly be improvement, Okin said. "From a consumer point of view, I think the biggest improvements are going to be around
user access controls and Internet Explorer.
"The downside is they are going to be prompted a lot more. But if people and the wider industry get a sense that this is a more secure environment, then I think that will have the biggest impact from a positive point of view."
It's those prompts that raise some questions among security experts about a perennial trade-off between security and usability. To what degree would Microsoft ever risk
making an operating system less user-friendly to make it more secure?
Peter Wood, a penetration tester--or "ethical hacker"--from First Base Technologies, suggests the Redmond, Wash., giant has made promising strides in answering this question.
"If Microsoft wants to make a more secure (operating system) then they need to weight the balance between usability and security more in favor of security," Wood said. "I believe they have done that by making more things turned on as default than turned off."
And the early impressions of Vista is that consumers will indeed be safer if they're willing to leave features disabled and work with increased prompts and pop-up warnings.
"For the end user, Vista is definitely a net benefit," said Jay Heiser, research vice president at Gartner. "Although Vista apparently exceeds expectations for robustness, which is a welcome surprise for everyone, my personal feeling is that Vista represents a much higher relative improvement for end users and small business than it does for the enterprise.
"Vista should be a much more robust environment for safe use by inexperienced, unsupported people on the Internet."
Gartner's Heiser isn't convinced that will be the case. "Many enterprises are experiencing a very acceptable level of security failure today, without Vista," he said of the fact businesses have been raised on an expectation to need to secure past Microsoft operating systems and are seeing a growing trend toward risk-based security.
Identity and access management
However, Accenture's Okin said being able to simplify those very expensive security architectures--while maintaining strong layers of protection--will appeal to many enterprises. And he adds there are a number of features in Vista that businesses likely will add to their regular inventory of security tools.
"From a business perspective, I think the one feature which will have the biggest social change will be the new architecture around log-ons and smart-card authentication," Okin said. "For the first time ever it will be really very simple for applications to call upon smart-card or biometric authentication."
Currently half of Accenture's security business is done around identity and access management--a fact that makes Okin confident his former bosses have hit something of a sweet spot with the user-identity and authentication features.
"Over the next few years, you're going to be seeing the first apps which will find it very easy to say, 'OK, you need your biometric authentication now or your smart card,' whether it's online banking or e-commerce or anything else, he said.
"Up until now it has been expensive and difficult to do, and as long as it is expensive and difficult people will find a reason why they don't want to do it."
And it's not just Vista's identity and access management features that Okin thinks will have chief technology officers thumbing their checkbooks.
The operating system includes USB-device controls that help stop data leakage via devices such as digital cameras, iPods and memory keys, and also help prevent the introduction of unlicensed applications, copyrighted media and potentially infected files.
I hate Microsoft as much as the next guy, however I have to admit that Vista will be more secure than XP. Why? After all these years, Microsoft has finally adopted some of the security features that have been part of Unix for years. For most is a more meaningful separation between user and administrator privileges. Why has Microsoft adopted these features? Because these security features work!
That said, Vista will still be plagued by security problems for years to come. Why? Rightly or wrongly, Microsoft has emphasized backwards compatibility. Microsoft will only be able to produce and OS that approaches Unix's security, if they make a clean break as Apple did in their transition between OS 9 and 10.
If Vista doesn't magically instill the end user with security knowledge and concern, then it isn't going to improve security much. No matter how slick Vista is, unless the end user of the Vista system understands their part in the security equation, then the system will remain insecure.
Despite the many security changes, most(not all) of them are cosmetic and they have pushed the burden completely on the user by nagging them to death.
The OS's out there that are reasonably secure(Linux, OSX, Unix) do so without getting in the users way. Linux does it and only bugs the user when the root password is needed.
So why did MS go the opposite direction?
Simple, they know they can't secure the bloated pig they have so now they can avoid working on real security solutions and just blame the end-users.
Reason #232432243 why no one should buy this POS, and move to an alternative. Before you whine about not running your favorite program in a non-windows environment, you should know that many programs run perfectly(especially games), and there are great alternatives to the software that is keeping you stuck to an incompetent software company.
"Before you whine about not running your favorite program in a non-windows environment, you should know that many programs run perfectly(especially games)"
Of the top twenty games that are selling for computers today, how many will run on linux? Name one. I didn't see a single title that listed linux in the system requirements.
You only used the numbers "2", "3", and "4" in your rather large number that you claim is a reason for not buying Vista.
All that aside, I'm not quite sure which platform you're referring to that will run Windows games "perfectly". Mac OS will do it, but it still lacks the hardware versatility of the Windows/*nix platforms. Most of the hardcore gamers I know - and even some of the casual ones - are hardware junkies and wouldn't switch if their mother's life depended on it.
I find it really offensive that Microsoft would use security to sell this 'upgrade'. This is a ploy to deflect attention from the fact that most of the security issues in the current platform are in fact defects in the software. Windows and Internet Explorer are fundamentally insecure products, and all the security 'features' in the world are not going to change that. Come on guys, admit it, allowing the browser to download and execute ActiveX components is a fundamentally stupid idea. Allowing Java to directly access the Win32 API is a stupid idea. Integrating the HTML API with the Operating System is a stupid idea. Allowing VBScript in Internet Explorer to access the Window Scripting Host is a stupid idea. Giving your users an endless array security 'options' to control these features is a stupid idea. You need to make security simpler, not more complex. Go back to the drawing board and develop something that supports web standards -- not just in name but in principle.
This article is about how Microsoft has to remove functionality to bolster security. Most of the current platform's defects that you outlined are precisely what Vista addresses.
When many of those features, like ActiveX, like VBScripting, like overly-integrating IE, provided additional functionality to Windows. In a controlled environment, each is useful, and the insecurities can be mitigated.
Home users, as the era of spyware demonstrated, were not given the tools (or the intelligence) to protect themselves. If there had been a firewall in Win98, the world would be a different place today.
Vista may be more secure, but we won't know that until it has been in wide use for a year or so. Microsoft uses the "most secure version of Windows" marketing every time so that means nothing.
So Vista may indeed be the most secure version of Windows ever developed - and still carry on the tradition of being the least secure operating system in wide use.
The truth you don't know is that the underlying code in Windows is designed with security on every object which makes it have the potential to be the most secure OS ever, it has security at a level where Unix and it's derivatives don't. It has a very secure and well built foundation.
The problem has always been that providing backwards compatibility with what was an OS that simply had no security at all layered onto that foundation and then trying to retrofit security into that layer has resulted in an OS that still needs work. Had MS been able to totally drop backwards compatibility there would've been a lot fewer problems.
I find it very amusing that the writer who's incapable of posting an intelligent rebuttal would stoop to calling the rest of us 'retards'. Well done, genius, touché. You're a real credit to your master.
Probably due to the appalling lack of any real features
...and the fact that there's very little otherwise with which to persuade people to actually buy a larger, more resource-intensive OS that gives so little in return (even when compared to XP).
Seriously - why would a typical Windows user want to upgrade? Let's hit the highlights:
"Aero Glass"? Pfft! Tucows and CNet's own download.com are choked full of UI-altering toys that make a typical XP desktop look prettier and OSX-like.
"Bitlocker"? Same story - lots of tools out there that can encrypt your hard drive nine ways from Sunday w/o demanding 2x the RAM and 1.5x the CPU to do it.
So what's MSFT got left to sell in there? "Security".
I think the biggest help in Vista will be the user access levels. Right now 99% of the XP machines are running as administrator. Out of the box, even when logged in as administrator, you are running as a standard user. This alone will have a huge effect on the amount of viruses and spyware that are able to get on your system.
Steve Wiseman <a class="jive-link-external" href="http://www.windows-admin-tools.com" target="_newWindow">http://www.windows-admin-tools.com</a>
Microsoft is not willing to do the housecleaning they need to do to make vista as stable as OSX. They have to admit defeat and build a rock solid OS from the ground UP.
Microsoft is not willing to do the housecleaning they need to do to make vista as stable as OSX. They have to admit defeat and build a rock solid OS from the ground UP.
Vista is pretty stable. You are probably saying secure enough as OSx.
For your information microsoft did lot house cleaning and rewrote or rearchitected lot of code for vista!!! only time will tell if the efforts paid off.
"But he admits he has yet to get his hands on Vista and is basing his criticism on the ease with which he has cracked past Microsoft code."
Ok, so despite MS making Vista betas available to literally millions this ******** couldn't find the time to actually try the software. And his opinions are quoteworthy? C'mon CNET, you can find better sources.
When the point is to criticize Microsoft, there is no such thing as a good or bad source, all opinions and/or statements are valid (at least for CNET, it seems).
Actualy he's being resonsible, basing a report of new security on a Beta product would be completely irresponsible. And besides, if he's crack every MS os so far, testing a Beta product is really an insult to his abuilities.
In terms of security, we won't know until the distribution version becomes available and can be hammered on properly. This lad is simply saying that past versions have offered little challenge and that if it's software (any software with inherent flaws), it's crackable.. it just depends on how much effort it'll take.
Now, any CIO who is upgrading to Vista because "my staff at home should not have a better experience than at work" is truly the irresponsible one. Makeing a business choice of workstation OS based on what pretty pictures your staff see at home rather than how the package functions support your business goals is completely irresponsible.
Heck, upgrading to Vista before sp1 is questionable. It'll be forced on home users through hardware packaging deals so MS doesn't need to worry there, they've already done the legwork blowing smoke up CIOs kilts to get big business through the next never ending upgrade cycle step.
I've moved on and am trying to get others to move on as well.
I have tried every version of Windows but Vista and been totally amazed on how the least best operating system company can have such a market share.
I don't need to try it one more time. Microsoft has lost me for good. I have moved on to greener pastures.
For the record this decision isn't a light one. I had a long relationship for 20years doing Windows support work in my own business. I cost me half of my yearly income.
That's ok because I feel much better now.
This is a matter of consumer rights. Don't use bad products. Also you will be doing Microsoft a favor by switching. Let's put a real scare into them instead of blindly accepting their product.
"Is Vista security a selling point?" IMHO, and for any unbiased human being (Apple/Linux fanboys out) who actually tried it and know something about the security changes in it, yes, it's even the greatest of all (selling points).
"Hoping this release will solve all your security headaches?" No, Microsoft never said that and no OS is absent of security headaches for people who use it so it would be totally ridiculous to think such thing and believe something can be perfect, I just hope (and believe) this release will solve many of my security headaches.
"Think again, say the experts." So, firstly: I need experts to tell me Vista is not perfect; secondly: the fact that someone plays cautiously and doesn't take risks with an OS means the OS is insecure, is it?
Another great prove of professionalism by CNET (very common in Microsoft-related stories, interestingly enough).
To a trailer park denizen, a double-wide is a vast improvement on a single-wide. Same with Microsoft OS security... until people realize that there's a whole other world outside the trailer park, that is ;)
Security against the user, maybe. This article actually disproves the security stuff around Windows Vista. There is even (as my friend tells me) a "user-protected processes" sandbox where processes are non-user-modifiable. (As in, you can't change the priority, or end, these processes.) If a hacker or spyware app somehow mananged to start a "user-protected" process, then it would be using a security feature against the user, therefore defeating the whole purpose of the security feature. I don't think XP can really be improved upon...
just out of curiosity what if Microsoft introduces its own version of Linux, are those people still going to nickname it "insecure OS" simply because they hate the fact it is another product made by Microsoft?
This will be hard for the lemmings to take, but...
The Internet browser Firefox 2 has a problem with its "password manager" that could allow a hacker to obtain usernames and passwords from Firefox users."
Security doesn't matter if you can't install the software
I have used Windows Vista at work, and when installing SQL Server 2005 (which is the latest version) it not only wouldn't install, but it instantly canceled the installation. And Visual Studio 2005 (also the latest version) installed, but not all features work correctly, if at all. This obviously makes Vista useless for some (and in my case, often the most important) tasks, and many of the features in Vista itself are harder to use (not just getting used to them, but they are harder to use even when you are used to them). I think that when Microsoft designed Vista, they did a horrible job. Most of Vista is just changed names for Windows components (Windows Mail instead of Outlook Express, for example) and tons of fancy and overdone (and often very annoying as well) visual features, such as icons, taskbar buttons, etc. I don't care how much better Vista's security is, even when I do have to buy a new computer I'm keeping my XP machine as well so that I can still use my software and actually enjoy my computer.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
admit that Vista will be more secure than XP. Why? After all
these years, Microsoft has finally adopted some of the security
features that have been part of Unix for years. For most is a
more meaningful separation between user and administrator
privileges. Why has Microsoft adopted these features? Because
these security features work!
That said, Vista will still be plagued by security problems for
years to come. Why? Rightly or wrongly, Microsoft has
emphasized backwards compatibility. Microsoft will only be able
to produce and OS that approaches Unix's security, if they make
a clean break as Apple did in their transition between OS 9 and
10.
The OS's out there that are reasonably secure(Linux, OSX, Unix) do so without getting in the users way. Linux does it and only bugs the user when the root password is needed.
So why did MS go the opposite direction?
Simple, they know they can't secure the bloated pig they have so now they can avoid working on real security solutions and just blame the end-users.
Reason #232432243 why no one should buy this POS, and move to an alternative. Before you whine about not running your favorite program in a non-windows environment, you should know that many programs run perfectly(especially games), and there are great alternatives to the software that is keeping you stuck to an incompetent software company.
For the same functionality vista does not nag you anymore than linux or osx does!!!.
Nagging happens when you are trying to do that you should not be doing anyway and thats nothing wrong with it!!!
Of the top twenty games that are selling for computers today, how many will run on linux? Name one. I didn't see a single title that listed linux in the system requirements.
All that aside, I'm not quite sure which platform you're referring to that will run Windows games "perfectly". Mac OS will do it, but it still lacks the hardware versatility of the Windows/*nix platforms. Most of the hardcore gamers I know - and even some of the casual ones - are hardware junkies and wouldn't switch if their mother's life depended on it.
When many of those features, like ActiveX, like VBScripting, like overly-integrating IE, provided additional functionality to Windows. In a controlled environment, each is useful, and the insecurities can be mitigated.
Home users, as the era of spyware demonstrated, were not given the tools (or the intelligence) to protect themselves. If there had been a firewall in Win98, the world would be a different place today.
been in wide use for a year or so. Microsoft uses the "most
secure version of Windows" marketing every time so that means
nothing.
So Vista may indeed be the most secure version of Windows ever
developed - and still carry on the tradition of being the least
secure operating system in wide use.
Time will tell.
If you want something secure go with anything but Windows.
The problem has always been that providing backwards compatibility with what was an OS that simply had no security at all layered onto that foundation and then trying to retrofit security into that layer has resulted in an OS that still needs work. Had MS been able to totally drop backwards compatibility there would've been a lot fewer problems.
Or you can free yourself and go to anything else.
security, why is that I wonder ?
Seriously - why would a typical Windows user want to upgrade? Let's hit the highlights:
"Aero Glass"? Pfft! Tucows and CNet's own download.com are choked full of UI-altering toys that make a typical XP desktop look prettier and OSX-like.
"Bitlocker"? Same story - lots of tools out there that can encrypt your hard drive nine ways from Sunday w/o demanding 2x the RAM and 1.5x the CPU to do it.
So what's MSFT got left to sell in there? "Security".
/P
Steve Wiseman
<a class="jive-link-external" href="http://www.windows-admin-tools.com" target="_newWindow">http://www.windows-admin-tools.com</a>
make vista as stable as OSX. They have to admit defeat and build a
rock solid OS from the ground UP.
make vista as stable as OSX. They have to admit defeat and build a
rock solid OS from the ground UP.
For your information microsoft did lot house cleaning and rewrote or rearchitected lot of code for vista!!! only time will tell if the efforts paid off.
Ok, so despite MS making Vista betas available to literally millions this ******** couldn't find the time to actually try the software. And his opinions are quoteworthy? C'mon CNET, you can find better sources.
In terms of security, we won't know until the distribution version becomes available and can be hammered on properly. This lad is simply saying that past versions have offered little challenge and that if it's software (any software with inherent flaws), it's crackable.. it just depends on how much effort it'll take.
Now, any CIO who is upgrading to Vista because "my staff at home should not have a better experience than at work" is truly the irresponsible one. Makeing a business choice of workstation OS based on what pretty pictures your staff see at home rather than how the package functions support your business goals is completely irresponsible.
Heck, upgrading to Vista before sp1 is questionable. It'll be forced on home users through hardware packaging deals so MS doesn't need to worry there, they've already done the legwork blowing smoke up CIOs kilts to get big business through the next never ending upgrade cycle step.
I don't need to try it one more time. Microsoft has lost me for good. I have moved on to greener pastures.
For the record this decision isn't a light one. I had a long relationship for 20years doing Windows support work in my own business. I cost me half of my yearly income.
That's ok because I feel much better now.
This is a matter of consumer rights. Don't use bad products. Also you will be doing Microsoft a favor by switching. Let's put a real scare into them instead of blindly accepting their product.
"Hoping this release will solve all your security headaches?" No, Microsoft never said that and no OS is absent of security headaches for people who use it so it would be totally ridiculous to think such thing and believe something can be perfect, I just hope (and believe) this release will solve many of my security headaches.
"Think again, say the experts." So, firstly: I need experts to tell me Vista is not perfect; secondly: the fact that someone plays cautiously and doesn't take risks with an OS means the OS is insecure, is it?
Another great prove of professionalism by CNET (very common in Microsoft-related stories, interestingly enough).
The Internet browser Firefox 2 has a problem with its "password manager" that could allow a hacker to obtain usernames and passwords from Firefox users."
Say it ain't so, Joe.