January 30, 2007 4:00 AM PST
Experts: Don't buy Vista for the security
Last modified: January 30, 2007 9:25 AM PST
- Related Stories
-
Is Vista security a selling point?
November 20, 2006 -
Microsoft's free anti-spyware hits market
October 24, 2006 -
Microsoft gets good reception at Black Hat
August 3, 2006 -
Vista plays hide-and-seek with hackers
June 1, 2006 -
Tool helps programs befriend Vista
May 24, 2006 -
Spyware-killing Vista could take out rivals
March 17, 2006 -
Allchin: Buy Vista for the security
January 27, 2006 -
After delays, Windows security update ready to go
August 6, 2004
Windows Vista is a leap forward in terms of security, but few people who know the operating system say the advances are enough to justify an upgrade.
Microsoft officially launched Vista for consumers Tuesday. The software giant promotes the new operating system as the most secure version of Windows yet. It's a drum Microsoft has been beating for some time.
"Safety and security is the overriding feature that most people will want to have Windows Vista for," Jim Allchin, Microsoft's outgoing Windows chief, told CNET News.com a year ago. "Even if they are not into home entertainment or in any of the specialty areas, they are just going to feel safer and more secure by using it."
Now that Vista is finally here, pundits praise the security work Microsoft has done. However, most say that is no reason to dump a functioning PC running Windows XP with Service Pack 2 and shell out $200 to upgrade to Vista.
"As long as XP users keep their updates current, there's generally no compelling reason to buy into the hype and purchase Vista right away," said David Milman, chief executive of Rescuecom, a computer repair and support company. "We suggest people wait until buying a new machine to get Vista, for economic and practical reasons."
As in the past, Microsoft faces itself as its toughest competitor. SP2 for Windows XP, which was released in August 2004, marked a significant and much-needed boost in PC security. Since then, Microsoft has released Internet Explorer 7 and the Windows Defender antispyware tool for XP. As a result, the older Windows version is simply good enough for many users.
"Upgrading to Vista is pretty expensive, not only the new software but often new hardware as well," said Gartner analyst John Pescatore. "If you put IE 7 on a Windows XP SP2 PC, along with the usual third-party firewall, antiviral and antispyware tools, you can have a perfectly secure PC if you keep up with the patches."
News.com Poll
Vista is the first client version of Windows built with security in mind, according to Microsoft. That means it should have fewer coding errors that might be exploited in attacks. Vista also includes several techniques and features designed to make it harder to attack computers running Vista and easier to thwart attacks if they do happen.
"Vista is light-years ahead of XP from a built-in security perspective," said Pete Lindstrom, a Burton Group analyst. "But the market will decide whether it is important. Note that there haven't really been significant problems with the operating system lately, and our memories are short."
If most consumers think like Brian Lambert, a student at Southern Illinois University, it doesn't bode well for Microsoft. "The added security alone is not worth the money when comparing Vista with Windows XP SP2," said Lambert, a member of CNET News.com's Vista Views panel.
But Chris Swenson, an NPD Group analyst, thinks that many consumers will prefer Vista's built-in security features over adding defenses to their XP machine.
"A lot of customers will prefer to either buy a new machine with Vista or upgrade a recently acquired XP machine with Vista in order to get at this added layer of protection," Swenson said.
If you are in the market for a new Windows PC because your old computer is outdated or otherwise failing on you, Vista is your best bet, all experts agree. That's even if you're considering buying a Mac, said David Litchfield, a noted security bug hunter.
"If you're looking to buy a new computer, the security features built into Vista tip the balance in its favor over other options such as Mac OS X," Litchfield said. "We've moved beyond the days of lots of bugs and worms. Recent history shows that Microsoft can get it right, as they did with XP SP2. With Vista, they will again demonstrate that."
Litchfield and other security researchers are impressed with the work Microsoft has done on Vista, in particular because the operating system has gone through the company's Security Development Lifecycle, a process designed to prevent flaws and vet code before it ships. Also, Microsoft challenged hackers to break Vista before its release.
Key Vista security features
User Account Control: Runs a Vista PC with fewer user privileges, which dictate how software can interact with the PC. UAC asks for permission to lift security barriers whenever software requires it.
Protected Mode for IE 7: Prevents silent installation of malicious software by Web sites by stopping the Web browser from writing data anywhere except in a temporary folder without first seeking permission. IE 7 is also available for Windows XP, but the protected mode is not.
Address Space Layout Randomization: Loads key system files in different memory locations each time the PC starts, making it harder for malicious code to run.
Windows Defender: Detects and removes spyware. Also available for Windows XP.
Windows Firewall: Blocks attacks from the Net and includes limited outbound protection. Also in XP, but improved in Vista.
BitLocker: Encryption for hard drives. Only in Vista Enterprise and Vista Ultimate.
"To be clear, XP SP2 was a massive leap for Windows security. But XP SP2 was not the systemic, top-to-bottom, scrub-everything experience that Vista is," said Dan Kaminsky, an independent security researcher. "XP SP2 secured the surface. Vista security goes much deeper. It's a far bigger leap."
Kaminsky was among about two dozen hackers asked by Microsoft to try to hack Vista. The exercise took about eight months, and Microsoft paid attention to the feedback, he said. "They did what we asked," Kaminsky said. "The security community spent years bashing Microsoft, and (Microsoft) deserved to get bashed. But they listened."
Robert McLaws, a blogger who writes about Microsoft, is particularly gung-ho about Vista. He recommends that everyone buy a copy as soon as possible. "Security is the No. 1 feature in Vista, and everyone with a computer in the house should go out and buy it," he said.
All the praise aside, Vista isn't flawless. In fact, Microsoft has issued security patches for the operating system even before its final release.
"To think there won't be vulnerabilities and there won't be exploits is inappropriate," said Michael Cherry, an analyst with Directions on Microsoft. "At best, we should see the number of them decline and the time in between them increase."
No software is without flaws, and Microsoft will be the last to deny that.
"While we greatly improved the security of Windows Vista and we believe it is the best system available, I have always been clear that the system is neither fool-proof nor unbreakable; no software I have seen from anyone is," Allchin wrote on a Microsoft corporate blog last week.
Some critics, however, say Microsoft has reserved too many of the security features for the high-end editions of Vista. The operating system comes in five different versions (with a sixth, "Starter" edition designed for developing countries), but only Windows Vista Ultimate--the most expensive one--includes the maximum level of protection.
Even more, Vista comes to market in an era in which criminals are taking to the Net and looking for profits by breaking into the PCs of unsuspecting Web surfers. Vista is their next target.
"I don't want people to expect that their computer is never going to be compromised because of Vista; that's simply not the case," McLaws said. "The nature of maliciousness on the Internet is changing rapidly. It used to be that nerdy kids were trying to outdo other nerdy kids. Now it is criminals."
See more CNET content tagged:
Microsoft Windows Vista,
Service Pack 2,
Microsoft Windows XP,
Microsoft Windows XP Service Pack 2,
Microsoft Internet Explorer 7
Just Google the phrase:
the-most-secure-version-of-Windows -Vista
cnet are a joke and so are the "experts" they quote.
vista will be and is as secure as any other operating system.
the reason its insecure is because hackers want to hack it, not because the code of the operating system is less than any other operating system.
if you look at someones home then look at a government building, which is going to be more vulnerable? the home? or the government building?
the govermnet building of course, because its more likely to be attacked than your home, and not because one building has more or less security in place, its merely the fact that its a higher target, making it more vulnerable, not because of the technical aspects of the security.
way-----buy it and see!
on Macs and those who use the latest boxes from Apple are the
ones buying Vista, as they use either Apples' own Boot Camp,
Parallel Desktop for the Mac, VMWare's Fusion or CodeWeaver's
CrossOver.
The best box for running Vista is the Mac.
Oh, and with CrossOver, I understand that Windows apps can
run without any of Microsoft's OSes.
So, how much are those AV/Firewall Suites? $50? $100? $200?
How many issues do you have with these third party apps?
I know we here, have sunk lots of time in reviewing AV/Spyware products.
We have had some (Zone Alarm) that breaks IM, blue screens left right and center (KL1) not found.
Anti spyware apps that make some systems unbootable.
I have seen people say it needs huge amouts of horsepower.
Yet I sit here writing this on a Dell 150 with its intergrated Intel video, and 1gb of ram. And it runs fine.
Sadley as most people know, every single time Microsoft has come out with a new OS, people say why change. We saw this with DOS to Windows 3.11, why change it will break games.. DOS games are the best. Why change from 3.11 to 95 who can trust Plug and Play to get the drivers right and miaximize system potential. Then 95 to 98, then 98 to XP.
I have seen the arguements with Linux, vs 3..1 vs 95 vs 98 vs xp, vs Vista. And I use Linux also myself, on one system and Vista on another. Mainly for some tools that I need that I can make better use out of Linux for.
My only main issue with Linux has always been home user, and what is somethings that are simple, be it replacement of a failed video card, or sound card. XP, Vista, open the case put in the video card and away you go. Normaly built in drivers are good enough to start, or if no driver default VGA so you can at least get to the internet to get the right drivers. I know many linux gurus will argue that its easy, do this go to that forum get this or that do this recompile that run this do that. Not easy, for the normal basic home user, not so easy. Although some argue, well I installed it for my 70 year old grandmother and she is fine. Again that is true, did she install it? Although I have spent also many weekends working on a friends computer, after they installed a cool app, and now have a version of a mediaplex spyware that just wont go away. Or the person who got an email, advertising this great AV program that they then installed.
Only to find they now have 700 + virus's and the app wants them to pay $39.99 to clean there previously clean machine.
Vista is a change, and most people struggle with change, they obtain a comfort level, and they like that comfort level.
I know we here, are rolling out Vista to over 900 desktops and most of those as I said are dell 150's or 270's. And, we have yet to run into any major hurtles.
If you take Windows 98 and Vista out of the box intodays world which is the more secure? Vista.
If in 1998/99 you took windows 95 or windows 98 out of the box which was more secure? Windows 98
The comparison goes on. So yes today in comparison to its previous versions, which one out of the box is more secure? Vista. Its really not hype its simple reality.
And yes Vista of the home user, its security features are helpful, it prompts you when things are being installed, it prompts you when security levels need to change to accomplish a task. It add's that one extra.. hmm do I need or want to do this.
Microsoft should realize that their product should conform to a user's system, not the other way around. Do all the bells & whistles in Vista really justify hardware upgrades or the purchase of a new computer?
If you want eye candy, save your money, buy WindowsBlinds or something similar and stick with what works.
MS is home to the individual that predicted spam would be eradicated by 2006. Therefore I should believe everything Microsoft says about Vista, right?
- for the security
- for the performance
- for the features
- for the user interface
- for the anti-customer DRM restrictions
- for the anti-customer licensing practices
- for the anti-customer WGA spyware
Even Bill Gates can't come up with a good reason to buy Vista.
joke. They do not appear to have a clue about
what they write. The anti-Microsoft bias is
all too obvious.
I belong to the majority that is making Microsoft
successful in the enterprise. In spite of CNET
the actual adoption of Microsoft technology is
very high both in the enterprise and the user
community.
Vista will succeed in spite of CNET!
http://www.eweek.com/article2/0,1895,2088384,00.asp
quote
------------------------------------------------
Among early adopters of Microsoft's freshly minted Windows Vista operating system, the strongest reactions so far seem not to revolve around the system's fancy new looks or its handy search facilities, but rather around Vista's knack for asking permission to carry out operations that require administrative privileges.
-------------------------------------------------
Vista gets a type of security SOMEWHAT similar to what MAC and Linux users have appreciated for years (decades even), making Vista a bit more stable than its predecessors. Unfortunately early adopters are getting annoyed with it.
ARTICLE DATE: 01.30.07
By Lance Ulanoff
Microsoft Windows Vista is gonna be with us for a long time. It's a fine operating system, so that's good news. Still, riding shotgun with all of Vista's charms are its many little annoyances. Here are nine that stick in my craw.
1. Who Am I and Who Are You
Windows Vista tries hard to protect us from ourselves. One unintended consequence is that it will sometimes block actions that we purposefully generated?and not even recognize that we selected the option. For example, I decided to try editing a Web page with Microsoft Word (Office 2007) and got a screen that said: "A website wants to open Web content using this program on your computer." Then Vista showed the Office 2007 component and explained that the program will open outside Internet Explorer's Protect Mode. All this would be fine if I weren't the person trying to edit the page.
2. Nested Ability to Change Date and Time
In Windows XP, I can change the date and time by clicking on the time in the System Tray and making changes in the pop-up dialog box. In Vista, I get this really cool clock gadget on my desktop, but clicking its settings icon only brings up a window that lets me change the clock style and set my time zone. That's okay, but when I double-click on the digital clock readout in Vista's System Tray, well, I can't double-click. A single click brings up a calendar and another view of my graphic wall clock gadget. A link in this window offers to let me "Change Date and Time Settings." Unfortunately, clicking on that takes me to yet another window where, you guessed it, I still have to click one more link before I can change the time. And here's the real killer: When I select that option, the User Account Control springs into action, telling me "Windows needs your permission to continue." I select "Continue" and finally, I can set the time and date.
3. Floating Features
I think Microsoft did some great work with the Windows Vista interface (and Microsoft Office's). Aero is truly inspired, but I really don't like how some features float in space. The top of any maximized Internet Explorer, Microsoft Office, Notepad, and, essentially, any other Vista-compliant app is a borderless black bar that contains the typical Close/Minimize/Restore buttons as well as any app-specific elements. The problem is that my eyes tend to cut off anything in that black bar. This leaves me struggling to access common/basic features. This isn't a big deal, but it's certainly annoying.
4. Little Has Changed Deep Down
This is good and bad. You can always drill down in Vista's settings to find familiar controls, but I have to wonder why confusing divisions among the settings for the Windows Desktop ("Color and Appearance," "Desktop Backgrounds," and "Themes") remain. I wish Microsoft had dropped Themes. Opening any of the options in "Personalize appearance and sounds" opens windows that should be familiar to any Win XP user. So clicking on Display Settings brings up the old-fashioned Monitor control window. This being the window where I control my resolution and color depth, I wish Microsoft had added Available Video RAM and a Recommended Settings button.
5. All Programs Confusion
I'm glad Microsoft simplified the nested, fly-out program folders in the Vista Program directory, which is accessible via the Vista icon menu (I still miss "Start"). Clicking on "All Programs" brings up a list of applications and then app folders. Each of the two lists is in alphabetical order, and the folder list does actually include nested folders. Office 2007, for example, has apps under the main folder and then a subfolder for Microsoft Office Tools. This last folder is filled with apps whose names scroll past the Program list window. There's no way to scroll to the right in this window. What happens if the folders go to a fourth level??next: 6 - 9 >
6. Lack of Serial Support
I have a couple of Wacom digitizing tablets. One, a USB-based Intuos, I usually keep at home, and another, an oldie-but-goodie serial-port?based Digitizer II, I usually use in the office. I've used the Digitizer II with every Windows OS since Windows 95. Now, though the tablet is in perfect working order, Wacom isn't supplying Vista drivers. And Vista doesn't notice that the tablet's there. Are there other serial-based peripherals being put out to pasture by Vista and third-party peripheral manufacturers? Tell me about them in the forums.
7. Driver Prep
This operating system has been under development for half a decade, yet some companies still aren't ready for its release. ATI, for instance, has been providing pretty up-to-date and stable graphics drivers for all of its cards, including the Radeon X700 I have in my HP desktop. Unfortunately, it's left out one very important piece: open GL support. No, it's not something everyone would notice, but Second Life fanatics could be in for a rude awakening if ATI doesn't get its act together. I assume a Catalyst update will be ready right around launch, but still, what the heck took them so long? Again, let's start collecting a list in the forums of components and peripherals without adequate Vista driver support.
8. Questions with No Answers
Vista's Problem Report and Solutions is a great one-stop shopping center for reporting problems, keeping track of bugs, and resolving issues. Unfortunately, it doesn't appear to have any real answers. Of the three problems I reported?an issue with AutoPlay Media Studio 4.0 runtime, an outdated driver, and one program-incompatibility problem?none have been adequately solved. The box notes that they've all been reported, but no solutions have arrived. This smartly designed interface only makes Microsoft's inability to solve these issues more glaring than it was in Windows XP.
9. Game Switch
Vista's collection of built-in games still leaves something to be desired (I'd say the Purple Palace Cooking Puzzle game is an acquired taste). Still, I'm glad Microsoft kept old faithfuls such as Solitaire?and, wonder of wonders, it finally added chess. That game works as expected, but there is one small annoyance here: No matter which appearance settings I choose, the black pieces still blend into the black squares and pieces behind them, so I can hardly make out which pieces are sitting on which squares. In one instance, for example, I couldn't see a black bishop in front of a black king. So instead of putting the computer opponent's king in check, my queen was taken by a hidden bishop. (Perhaps this will matter only to former Chess Club members.)
- XP Server 2003 + Mac OSX 10.1 2001 GUI
-
by Llib Setag
January 30, 2007 7:30 PM PST
- = AstlaVista OS 2007...
-
Reply to this comment
View
reply
-
-
See all 86 Comments >>5 years + 6 Billion $ + Billions in "Vista Frenzy" promotions for
that?
$99 - $299 Vista OS
Mac OSX = $129 ( runs Linux/ Unix/ Windows & Mac OSX on
ONE COMPUTER) Yeah and Macintels are so expensive (not).
Yeah it was worth the long delays & the overpriced recycled OS
to get Vista OS 2007...(not)