David Overton's Blog and Discussion Site
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small.  
Microsoft is damned if it does and damned if it doesn't sort out security in windows Vista

One again I was scanning the news when this article caught my eye.  It discusses the complexity of trying to make a more secure OS for Vista while also trying to enable application compatibility.  I once discovered that we had over 10,000 "fixes" in previous OSs to cover for bad applications to ensure they ran, rather than breaking them by putting in place more robust APIs.

Microsoft around the time of Windows XP SP2 started to change this, we now favour security over compatibility.  Having said that, we have put in place a HUGE amount of technology to make applications run, but rather than breaking security we put in new ways to allow them to work without opening up a security hole.  In my opinion, one of the biggest holes in Windows today is the number of users who run as administrator and then ignore any warnings we put up.  If we had a dialog box that said "By clicking OK you agree for us to scramble all the files on your hard disk" I wonder how many people would click OK if it let them view the website, or download the "You must watch this" file.

To combat this we have obviously done loads of stuff, which I have blogged on before, however there are some blogs worth looking at.  From an application compatibility point of view I would start here. The testing of security is obviously a key process and the organisations involved are discussed on the Windows Vista Security Blog.  Obviously one of the most commented and seen sections is the User Access Controls that limit the damage an administrator can do and also gives priviledge when required.  To understand more you migth want to read this.

I am still planning on doing lots of write-ups, just need the time.

ttfn

 

David


Posted Sat, Jul 29 2006 9:58 AM by David Overton

Comments

TrackBack wrote http://blogs.msdn.com/windowsvistasecurity/archive/2006/07/28/681833.aspx
on Wed, Aug 9 2006 8:39 PM
TrackBack wrote http://blogs.technet.com/all_things_appcompat/archive/2006/04/26/426511.aspx
on Wed, Aug 9 2006 8:39 PM
ICE-Computer wrote re: Microsoft is damned if it does and damned if it doesn't sort out security in windows Vista
on Tue, Jul 24 2007 5:07 PM

Having just obtained Windows Vista in the last month, I am not overly impressed.

However, I do think the security has greatly improved.  The UAC, possibly one of the biggest improvements is also the most annoying.  Quite simply, I do not understand their failure to implement on the UAC a feature similar in nature to the firewall that would allow a user to say 'Remember this action.' for particular types of actions.

Add a Comment

(optional)  
(optional)
(required)  
Remember Me?

(c)David Overton 2006-18