Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Wednesday, June 04, 2008

Is Vista Really More Secure?

First, I’ll admit as much as I’d like to be, I’m not a fan of Vista. I do find myself saying that Vista is more secure and that’s not a bad thing. I’ve noticed that most people associate the increase in security to User Account Control. There’s actually more to Vista security than UAC.


Everyone loves to hate User Account Control because it’s so annoying. Ars technica recently referred to WinPatrol as being UAC for Windows XP which motived me to create some new annoy-proof features. (Coming soon). I was pleased to see that even Vista evangelist Ed bott recently wrote “How Microsoft can fix UAC”. Ed pointed to comments by Sunbelts Software’s Alex Eckelberry who shares my own “cry wolf” fears with UAC. “Since over 80% of all infections are based on social engineering, the popups should focus on that weak point.”


Social engineering is when users are tricked into doing something and end up installing malware that they never wanted. I’ve mentioned many examples of social engineering but my favorite is the hacker who would leave a floppy disk with a virus/worm on it laying around at a company he wanted to infiltrate. On the label of the floppy disk, he hand wrote the words “Employee Salaries”.


Since social engineering isn’t addressed in Vista, is Vista really more secure?


Symantec recently published a number of papers on Vista security. While their work was balanced they weren’t shy pointing out some problems. For instance, most of the code that makes up Vista includes a compiler feature called GS Stack Protection which prevents a popular hack called “Buffer Overflow”. According to Symantec researcher Ollie Whitehouse~150 binaries under the C:\Windows directory that do not contain GS protected code.


According to AV-test.org, UAC stops many rootkits from being installed, and I know Microsoft takes these infiltrations seriously. One of my friends at Microsoft once told me, “They(root kits) scare the bejebers out of us”. Kernel Patch Protection prevents programs from hooking into the guts of Windows and is critical in the prevention of root kit infiltrations. Unfortunately, KPP only works with Vista x64 and breaks attempts at protection from many other security vendors. Thankfully, it’s not a problem for WinPatrol.


Microsoft also considers Windows Auto Update to be a security feature. They recommend users allow auto updates and when new security patches are available on Tuesdays, Windows users are automatically saved from possible threats by newly discovered vulnerabilities. If you’re a regular Bits from Bill reader you’ll know how I feel about auto updates. They’re just plain evil.


Vista Ultimate includes a feature called BitLocker. Essentially, this feature encrypts all data stored on your hard drive. This method has already been hacked by researchers at Princeton and sadly reminds me how much success I had with early Microsoft disk compression. I’ll pass for now.


Microsoft’s Strategy Director Jeff Jones recently published his “Windows Vista One Year Vulnerability Report” and the results show “Windows Vista has an improved security vulnerability profile over its predecessor.”

  • Windows Vista had 30% fewer Security Bulletins than Windows XP
  • Windows Vista had 20% fewer vulnerabilities than Windows XP
  • Windows Vista had 28% fewer Critical and Important vulnerabilities than Windows XP
  • 26 vulnerabilities on Windows Vista are less severe for any users running as standard user.

So, it appears for the 20% of non-Social Engineered vulnerabilities Vista has an advantage. Unfortunately, it’s still not enough for me. As long as any vulnerabilities are being found I’ll continue to be on watch using my favorite protection programs.



Labels: , , ,

Share on Facebook


4 Comments:

Blogger Gordon Bennet said...

Always enjoy your blogs, Bill. You mention you "favourite protection programs". Apart from the essential WinPatrol, are you able to say what these are?
In a previous blog you mentioned a family member using a particular anti-spyware offering, but I don't recall seeing any specific recommendations for antivirus or firewall.

7:27 PM  
Anonymous Anonymous said...

Were you meaning User "Account" Control. just turn it off in main user accounts.

7:26 AM  
Blogger Unknown said...

Thanks,
I did in fact mean "account". :)
Corrected

Shows you how much I care for it


Bill

9:19 AM  
Anonymous Anonymous said...

Sorry that a lot of people hate Vista! As far as I am concerned its the best Windows operating system yet. Yes it's true it's a memory hog, but then if we look back XP was a memory hog over Windows 95 and 98. It takes mucho deneros $$$ to make this operating system work good, as I must admit, you need at least 4 gb of ram to get the full potential of this operating system. I think those who don't like it can alway;s go to open source, and they have inproved very much in the last 5 years also. It makes me sick when I think about XP and how long it took them to make a good operating system, perfected it, then all of a sudden it's time to change again.
I truely beleive that givin time Windows Vista will far surpass XP as they really already have in graphics and everything else. Drivers are not perfected, but then again it took 5+ years for XP to perfect drivers for 3rd party venders too.
Just sharing my experience and thoughts!!

11:57 PM  

Post a Comment

<< Home