Tulsa-Smith:- emotional...

Entertaining controversies...

Wednesday, January 31, 2007

IF YOU REALLY WANT TO BUY NOW....

What others are saying about Windows Vista, just before you pay out the $200 to $400!


[ Security Watch : Don't get burned by viruses and hackers
That $200 Windows XP service pack called Vista


By Robert Vamosi
Senior editor, CNET Reviews
January 29, 2007


More than five years after the release of Windows XP, Windows Vista has arrived. The party line out of Redmond is that "Windows Vista is Microsoft's most secure platform to date," and you won't find anyone at Microsoft saying otherwise. But saying it's Microsoft's most secure operating system isn't saying that Windows Vista is the most secure operating system on the market today. No one can say that, I suspect, but Microsoft is really sensitive about security, saying that security is one of the main pillars that support a user's decision to upgrade to Windows Vista. Unfortunately for most home users, the actual security features in Windows Vista Home Basic and Home Premium will amount to little more than a pillar of salt. That's not to say home users won't get enhanced security with Windows Vista; they will. It's just that most of the security enhancements touted in Windows Vista don't appear in the Home Premium and Basic editions, and what's there, what's not already available within windows XP, could have fit into a free Windows XP service pack instead of requiring a $200 upgrade.

The spin
I have several marketing documents from Microsoft, but I'll refer to one entitled "Windows Vista Quick Reference Guide." These are talking points for software reviewers regarding security, mobility, networking, deployment, and application compatibility. Under security, the document states that Windows Vista's development followed the Microsoft's Security Development Lifecycle. Programmers were required to take security training, strict coding standards were enforced, and throughout the cycle, rigorous testing and review of the operating system code was done. That's the marketing spin.

The reality is a little different. At least one major antivirus vendor, Kaspersky, has said there will be vulnerabilities reported soon within Windows Vista. "We're not asking whether vulnerabilities will be found, but when," said Alexander Gostev, principal antivirus researcher for Kaspersky. Indeed, there's already been one Vista-related vulnerability reported, one that affected earlier versions of Windows, as well. You'd think Microsoft's Security Development Lifecycle would have caught that.

A shell game
The marketing document goes on to list a dozen bulleted security enhancements within Windows Vista, such as Enhanced Authentication Model, User Account Control (UAC), BitLocker Drive Encryption, Encrypting File System (EFS), Protected Mode for IE 7, Windows Defender, Windows Firewall, Enhanced Firewall Management, Group Policy for Device Lockdown, Address Space Layout Randomization (ASLR), Kernel Patch Protection, and Network Access Protection. That's 12 enhancements that sound really thorough, if you get them.

However, because there are six different editions of Windows Vista, with varying features in each, only the people who purchase the $400 Ultimate edition or have access to the Enterprise edition (for volume-license customers only) will see all 12 features; for $200, home users will see fewer than half. I spoke with Pete McKiernan, a senior product manager for Windows at Microsoft, who said that BitLocker hard drive encryption wasn't included in the Home editions because Microsoft feared home users would lock themselves out of their systems. He agreed that another feature, Device Lockdown, required a group policy, and therefore wouldn't be in the Home edition, nor would Network Access Protection, Enhanced Authentication Model, or Encrypting File System (EFS). That's 5 out of 12 security enhancements that you won't find in the Home editions of Windows Vista.

Pete did say that all 64-bit editions of Windows Vista include Kernel Patch Protection, but I told him that most home users are running the 32-bit editions. It remains to be seen whether the 64-bit PatchGuard, also known as Kernel Patch Protection, works as advertised. At last summer's Black Hat Briefings in Las Vegas, researcher Joanna Rutkowska hacked Windows Vista's PatchGuard before a live audience that included several Microsoft employees who had also presented at the conference. If we include PatchGuard, that makes half of the security enhancements in Windows Vista that won't be on your home system.

What you get
So what do you get with Home Premium and Home Basic? You get Address Space Layout Randomization (ASLR), which protects against return-to-libc attacks, where an attacker uses exploit code to call a system function. ASLR randomizes the function entry points for common system calls, so on a typical 32-bit Windows Vista machine, an attacker stands a 1-in-256 chance of getting the address right, which should slow down an attacker. And home users will get not one but two firewall consoles within Windows Vista (why Microsoft couldn't reconcile them, I don't know), but you still won't get full outbound protection within the Microsoft Firewall without some serious configuration. The new Windows Firewall with Advanced Security on Local Computer console provides different profiles for Domain Policy (corporate networks), Private Profile (home networks), and Public Profile (Wi-Fi hot spots), but the language offered is all legalese at best: "Inbound connections that do not match a rule are not blocked" (the double negative is Microsoft's, not mine) and "Outbound connections that do not match a rule are allowed." Basically, all inbound data from the Internet is allowed (as it should be) except where a rule exists; outbound data from your computer is also allowed (as it should not be) "except where excepted"--one of my all-time favorite Microsoft-issued statements. The difference here is that unless you create specific rules to block outbound data--say, from spyware or rogue apps--you won't have true two-way firewall protection with the Microsoft Firewall. The reality is that most people will never tweak these settings and therefore won't be as well protected as they would be with the free edition of ZoneAlarm, a true two-way firewall.

User Account Control (UAC)
Perhaps the most visible security change within Windows Vista is User Account Control (UAC), a dialog box that appears whenever system settings might be changed. I agree with McKiernan that UAC is a step forward in security, but I disagree with its final implementation. If you are a standard user, using a second account on someone else's computer, you will need at administrator's password in order to perform certain system functions. An annoyance, but that's real security.

If you are the only one using your Home edition of Windows Vista, logically, you should be running the administrator account. But as a solo account user (administrator) within Windows Vista, you are actually running as a standard user until UAC flags you, only then do you escalate to administrator privileges. Unfortunately, Microsoft made it so that administrators need only hit Enter to access escalated privileges, no password required. McKiernan says Microsoft did that because it assumes administrators know how to respond to UAC messages, but I pointed out that other operating systems require even solo account users to enter a password before making system changes. And how long will it be until some malware prompts a UAC message, knowing the Windows Vista account user will just bat it away with a click of the Enter key?

The IE 7 features
Perhaps the biggest improvement over Windows XP is that Windows Vista places Internet Explorer 7 ActiveX processes into a sandbox. The sandbox allows the ActiveX component to run while you are using IE 7 and terminates it when you close IE. But you get even better security if you don't use Internet Explorer and use Firefox 2 or Opera 9 instead. Microsoft could have provided this sandboxing feature for free within Internet Explorer 7 for Windows XP, but the company withheld it, wanting to give Windows Vista users some value for their $200.

And I've seen it spun that Windows Vista includes built-in antiphishing protection. But Internet Explorer 7 for Windows XP--and for that matter Firefox 2--also blocks phishing sites. Unfortunately, neither browser performs as well as the stand-alone antiphishing toolbar from Netcraft or the antiphishing technologies from Symantec and McAfee. And Windows Vista ships with Windows Defender, but Windows XP SP2 already has Windows Defender, and I don't use it. In testing done last spring by CNET Download.com, Windows Defender missed some of the test spyware, finishing well behind other antispyware programs on the market today.

Nothing to see here, move along
Other security enhancements I see on my Windows Vista Home Premium machine are truly minor. One blocks double extensions in e-mail attachments, a common trick used by criminal hackers. But a Sophos study found that this e-mail security exists only if you use the new Windows Mail e-mail client--think Outlook Express with a prettier name. Most people won't use Windows Mail; they'll use their Web-based client before adopting Windows Mail.

Out of the 12 security enhancements within Windows Vista, only ASLR is notable; my decision on the value of UAC is mixed; and even within Windows XP SP2, I don't use IE 7, Windows Defender, or the Windows Firewall, so these are unnecessary. Given that Windows XP SP2 was a beast of a service pack to install, I wouldn't have minded a Windows XP service pack offering just ASLR. But Microsoft wants me to pay $200 for security features I don't use or need just to get the one that I truly need. I'm going to wait until Windows Vista Service Pack 1, code-named Fiji, is released, sometime before the end of the year. Maybe then the security enhancements within the Home editions of Windows Vista SP1 will be worth the $200.
Are the security enhancements within Windows Vista Home Basic enough for you to pay $200 to upgrade today? Talk back to me. ]


SOURCE: http://reviews.cnet.com/4520-3513_7-6689143-1.html?tag=nl.e415

Posted by Okonkwo O. Awa at 8:57:00 PM

Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

RECRELAX

ReCreLax ReCreLax

Greenville, Rhode Island bakery owned by the Cavanagh family, which uses the plant to produce church communion bread from just water and bread. That business is known to produce about 850 million sacramental wafers annually and to supply 80% of the Holy Communion bread used in American, Australian, Canadian, and British churches. The only middlemen in the supply chain are nuns living in convents! Now they want to expand to West Africa with their Christian sacramental ware for Pentecostal, Catholic, 'New Wave', and Orthodox church offerings. I make reference to the so-called New Wave churches - my term for those churches that broke away from the orthodoxy of the Protestant fold, just as the latter roke off from the Catholic church by virtue of the exploits of Martin Luther centuries ago. Many new-wave and other church goers in the generally undeveloped West African subregion of Africa pay more to religious organizations in monthly tithes and offerings than they do to their government in personal income and value added taxes. Now, that last fact is quite interesting because it is an admission that a bakery in Rhode Island has seen a huge market in the center of Black Africa for small white perfectly laminated and non-crumbly holy wheat bread, reportedly costing "less than a penny" apiece, for the use of both the bible-reading and the bible-believing religious organizations. However, the picture from the Cavanagh's factory floor speaks volumes, in my own opinion, about the need for the company to watch its business ethics and to treat all customers equally irrespective of location, creed, or other discriminatory demographic information or criteria. So, I just hope and pray that the wafers falling off the conveyor belt and by the way side are not destined for West Africa and that the actual wafers delivered will be wheat bread and water, and not just glutamate-free bread and 'pure' water, if you get my point, even if so requested by some shady, greedy, and unethical businessmen over in West Africa. Posted by Okonkwo O. Awa on Sunday, December 28, 2008.

In the summer of 2007, Pope Benedict XVI (BXVI) encouraged The Church to reach out to young people using new technologies, as he himself learned to send out cellphone text messages to the faithful. So in obedience, a tech savvy evangelizing Catholic priest got some help from a Web designer in order to write all the daily books of prayers into a low-cost computer software application downloadable onto the iPhone. Rev. Paolo Padrini's iTunes prayer book was officially approved by The Vatican's Pontifical Council for Social Communications in December 2008. Of course, all proceeds from the electronic prayer book venture will go to charity. Speaking of charitable behavior, The Holy See has seen it fit after 400 years to honor Galileo Galilei in 2009 as the "patron" of the non-mutual exclusivity of the faith versus reason dichotomy. That is very appropriate in this age of new technology, even though The Church still smarts from its error of judgment in calling the famous astronomer a heretic after he publicly embarrassed The Church by reporting that his scientific observations in Astronomy with his unique telescope had led him inexorably to believe that the Earth actually revolved around the sun, in direct opposition to the teaching of The Church at the time that Planet Earth was the center of the universe. In seeking to paint the Church in a new light of worldly knowledge by distancing itself from a past of imbibing pure dogma, The Vatican may have ventured to cross the final frontier and boundary between Science and Christianity by acknowledging recently that there could be life on planets other than the Earth! Posted by O. O. Awa on Wednesday, December 24, 2008.
Hi... Welcome To My Blog!

Posts (Atom)

RSS FEED

Jukebox:

Powered By Blogger

Blog Archive

See the most popular and top rated files on Fileratings
Powered By Blogger