DISQUS

DISQUS Hello! dmiessler.com | grep understanding is using DISQUS, a powerful comment system, to manage its comments. Learn more.

Community Page

dmiessler.com | grep understanding

dmiessler.com/about/
Jump to original thread »
Author

Vista’s Security Hobbled By Microsoft’s Own Insecure Past

Started by Daniel Miessler · 7 months ago

Yesterday I wrote about Joanna Rutkowska’s work that highlighted a serious security flaw in Windows Vista. Her finding was that in Vista, many applications require that they be installed with administrator privileges, and that during the install process users are given two options: ... Continue reading »

6 comments

  • Riley

    2 years ago

    If Vista was not today available, would anyone care? When Vista's release was delayed, did anyone care?

    Vista solves no compelling user needs that can't be, indeed are being, solved by other third-party products. On the other hand, Vista creates many new user problems, including shifting control of the computer from the user to Redmond.

    One way to consider the problem is to imagine that Microsoft was a Japanese or German company. If it was, do you think that business would allow it to assume such profound control over a given company's data and desktops? No, there'd be an outcry for protective legislation.

    But Microsoft has enormous lobbying power and so today continues to get away with operating as an entirely self-serving monopoly that only grudgingly responds to customer needs.
    reply
  • Rick

    2 years ago

    Simple solution... do not run it.
    While it sounds like a pleasant fantasy, why can we simply not move away. Sure there are things that we can not, but where we can... why don't we. People do not because they are afraid to learn new things or be outside of their comfort zone, so M$ power will remain for another few years until enough of the younger generations move up and start to show the highlights and safeties of the alternatives. Then Mac's market share will have a chance to flourish.
    reply
  • Tim

    2 years ago

    Perhaps I'll play the devil's advocate here. Did anyone read the pingback article on Daniel's last Vista security post?

    I think the author of that pingback post had a point. How often do you install a piece of software in linux without elevated privileges? What about Macs?

    Granted, usually with linux you're more aware of what you're doing (it's not as simple as pressing a button), but the point still stands. Almost *any* application you install on *any* OS will need elevated privileges.
    reply
  • maht

    2 years ago

    What use a sandbox and virtualized drives?
    It wouldn't be that difficult to intercept system calls and avoid the situation.
    Windows just sucks, whichever way you slice it.
    reply
  • Richard King

    2 years ago

    Can't speak for Linux, but I install apps on OS X as a non-privileged user all the time. Very few OS X apps actually even have installs, typically you drag the application to where you want to install it and you're done.

    Each user has their own ~/Applications folder which, by default, they can do whatever they like in. I think, by default the root Applications folder is only writable with admin privileges, but it in no way precludes you from 'installing' and running stuff in any directory you do have write permissions for.
    reply
  • Alan

    2 years ago

    A better solution would be to allow those programs to be installed in virtual machines (or something like a chroot jail). That would probably still prevent some apps from working unless Microsoft also provided a way to authorize these isolated processes to communicate with one another.

    But Vista was late as it is, and this would have made it later. And would have brought a lot of flack for the extra complexity (and probably the user experience).
    reply

Add New Comment

Returning? Login