One again I was scanning the news when this article caught my eye. It discusses the complexity of trying to make a more secure OS for Vista while also trying to enable application compatibility. I once discovered that we had over 10,000 "fixes" in previous OSs to cover for bad applications to ensure they ran, rather than breaking them by putting in place more robust APIs.
Microsoft around the time of Windows XP SP2 started to change this, we now favour security over compatibility. Having said that, we have put in place a HUGE amount of technology to make applications run, but rather than breaking security we put in new ways to allow them to work without opening up a security hole. In my opinion, one of the biggest holes in Windows today is the number of users who run as administrator and then ignore any warnings we put up. If we had a dialog box that said "By clicking OK you agree for us to scramble all the files on your hard disk" I wonder how many people would click OK if it let them view the website, or download the "You must watch this" file.
To combat this we have obviously done loads of stuff, which I have blogged on before, however there are some blogs worth looking at. From an application compatibility point of view I would start here. The testing of security is obviously a key process and the organisations involved are discussed on the Windows Vista Security Blog. Obviously one of the most commented and seen sections is the User Access Controls that limit the damage an administrator can do and also gives priviledge when required. To understand more you migth want to read this.
I am still planning on doing lots of write-ups, just need the time.
ttfn
David
Posted
Sat, Jul 29 2006 9:58 AM
by
David Overton