Half Of Windows Vista Adoption Driven By Security


I think I earned my paycheck this week 🙂


http://www.informationweek.com/news/showArticle.jhtml?articleID=199701141

Comments (16)

  1. anonymous says:

    LOL, just like adopting a coal power plant for it’s reduced emission.

  2. anonymous says:

    Please put the PR aside and face the facts: Windows Vista is less secure than Windows XP and Co.

    Just giving two obvious reasons:

    – The kernel-integrated DRM allows third parties to enforce restrictions against you, subverting the integrity of your system. Unlike some spurios claims, the DRM is not just acting passively. Just use Explorer to open a folder containing a malicious WMV file, and you’re already pwn3d. Nice how stupid Shell Media Handler, Windows Media SDK, DRM Client and DRM kernel module compound a smooth privilege escalation path.

    – The localization feature allows you to spoof all kinds of filenames. Just give someone a ZIP file containing malware.exe and a desktop.ini with the content:

    [LocalizedFilenames]

    malware.exe=funny_image.jpg

    You know exactly what happens if you doubleclick it.

    Microsoft doesn’t even intend to fix this critical security hole, and one could think they should have learned their lesson about fuddling with the shell namespace.

    Not gonna mention the lousy ASLR implementation that successfully restricts from adding serious implementations like WehnTrust, Ozone HIPS and alikes…

    I do understand that Windows Vista offers many improvements wrt. security, but most of them can already be found in the more legacy-like Windows Server 2003, and the little minor improvements can’t justify such big deprovements as mentioned above. On total, it’s way less secure, and even your good work couldn’t change anything about it.

  3. anonymous, you clearly need to read up on what we did in Vista – it goes *wwwaayyy* beyond what you mention.

  4. anonymous says:

    You don’t need to lesson me, I’m fully aware of the changes specific to Vista. And some like SafeSEH are really good.

    Now do they justify an intentional privilege escalation path and a trivially spoofable shell view? I don’t think so.

  5. Matthew Murphy says:

    Vista is such a regression in performance and flexibility that security is Microsoft’s chance to say "Hey, we got SOMETHING right…"

    There usually are only one, maybe two categories of design that are "done right" in each new product.  Historically, though, it has been rare for security to be the thing that Microsoft "gets right" about a new product…  Windows Server 2003 perhaps excepted.

  6. Matt

    I’m certainly not claiming we "got it right" – we certainly made a great deal of progress 🙂

  7. Anon,

    Why is this privilege elevation? How does this "attack" give me admin rights on a Vista box?

  8. C Gomez says:

    It’s obvious who hasn’t used Vista.  After two weeks it’s hard to imagine going back.

    I don’t really find I need UAC to protect me.  However, it does act like a ZoneAlarm type tool to warn you someone was seeking out Admin permissions.  That’s not quite exactly what it does, and I wish it was more like that (instead of guessing setup.exe needs Admin privs.  But hey, if I didn’t start setup.exe that is obvious to me.)

    For an average user, I’m seeing how it is a major improvement.  Its trivial for them to run as a less privileged user for the 99.999% of the time they are merely typing in Word or checking their email.  Then, when the time comes to install a new game that needs to write to HKLM, it’s easy to get the privilege needed.

    In XP, that person would have just run 100% of the time as Admin.

    That alone is a major improvement.

    A criticism I was worried about was average users becoming accustomed to UAC prompts and reflexively clicking to allow.  But I should have known the Mac ads were lies.  After initial setup, UAC disappears from daily use.  The average users I have talked to about this say they think it will be obvious to know when some piece of malware is trying to get elevated privileges.  They didn’t start anything!

  9. anonymous says:

    When revoking licenses, the DirectX Media Foundation process as well as the kernel DRM module are acting upon behalf of the client. They happily execute commands like "delete my license, you can find it in %windir%system32*.dll" or "execute this piece of JScript code" or "revoke this certificate from Microsoft".

    I’m not sure how far this threat can be mitigated, at very least it always subverts the kernel.

  10. mattmurphy531 says:

    Sadly, getting security "right" is not to be equated with a vulnerability-free product.  That’s not a Microsoft-specific problem, or even a software-specific one.  However, Vista is undeniably a large improvement in security.  In other respects… it’s nowhere near as clear whether Vista improves upon or even maintains the status quo.

  11. ST says:

    yes i agree with you, Microsoft doesn’t even intend to fix this critical security hole, and one could think they should have learned their lesson about fuddling with the shell namespace.

    <img src="http://www.google.com/intl/en_ALL/images/logo.gif&quot; WIDTH="1" HEIGHT="1"></img>

  12. LostAussie says:

    All this is well and good but then you get what we would think would be legitimate vendors suggesting that to get their software working with Vista you need to disable UAC.

    From emails to KodakGallery about using their EasyUpload functionality on Vista you get the following response.

    ———————————————–

    To install and run the Easy Upload plugin, an administrative user will need to disable User Account Control for the computer (this blocks your computer from installing Easy Upload).

    First, you will need to log into Vista using an account with full administrative privileges. The general steps for disabling UAC are as follows:

    1. Launch the Control Panel.

    2. On Vista Business or Vista Ultimate, select the "User Accounts" applet.

    On Vista Home Basic or Vista Home Premium, select the "User Accounts and Family Safety" applet.

    3. Click on the "User Accounts" link.

    4. Click on the "Turn User Account Control On or Off" link.

    5. Deselect the "Use User Account Control (UAC) to help protect your computer" check box.

    6. At that point, the system may issue a prompt to restart the system.

    Accept the prompt.

    Upon completion of the system restart (if needed), the Easy Upload control can be installed, and should function correctly.

    ———————————————–

    A better job needs to be done to educate Vendors on how to deal with issues that UAC may raise.

  13. LostAussie, i utterly agree with you, that’s one of the reason LeBlanc and I wrote Writing Secure Code for Windows Vista. But, FWIW, we still see ‘guidance’ from vendors stating you should disable the firewall or turn off A/V software so their stuff works correctly 🙁

  14. Fleet Command says:

    I wouldn’t bother myself with "anonymous"’s outrageous statements. Windows Vista is by no means less secure than Windows XP, no matter if it still has security vulnerabilities. This is just plain outrageous.

    However, I think Windows Vista could have half other adoptions because of performance. Unfortunately, Windows Vista’s performance has regressed just as it’s security has progressed.

    Still, Microsoft developers do deserve a congratulatuion.

  15. Fleet Command says:

    And as for the company who advices you to disable UAC. I’d write them:

    ————————————————

    Greetings,

    How dare you ask me to disable UAC. I’ll never again buy any of your products.

    Regards,

    {your name here}

    ————————————————

Skip to main content