dmiessler.com | grep understanding - Latest Comments in Vista’s Security Hobbled By Microsoft’s Own Insecure Past

Re: Vista’s Security Hobbled By Microsoft’s Own Insecure Past

Alan — Fri, 16 Feb 2007 10:08:43 -0000

A better solution would be to allow those programs to be installed in virtual machines (or something like a chroot jail). That would probably still prevent some apps from working unless Microsoft also provided a way to authorize these isolated processes to communicate with one another.

But Vista was late as it is, and this would have made it later. And would have brought a lot of flack for the extra complexity (and probably the user experience).

Re: Vista’s Security Hobbled By Microsoft’s Own Insecure Past

Richard King — Fri, 16 Feb 2007 09:54:09 -0000

Can't speak for Linux, but I install apps on OS X as a non-privileged user all the time. Very few OS X apps actually even have installs, typically you drag the application to where you want to install it and you're done.

Each user has their own ~/Applications folder which, by default, they can do whatever they like in. I think, by default the root Applications folder is only writable with admin privileges, but it in no way precludes you from 'installing' and running stuff in any directory you do have write permissions for.

Re: Vista’s Security Hobbled By Microsoft’s Own Insecure Past

maht — Fri, 16 Feb 2007 09:39:47 -0000

What use a sandbox and virtualized drives?
It wouldn't be that difficult to intercept system calls and avoid the situation.
Windows just sucks, whichever way you slice it.

Re: Vista’s Security Hobbled By Microsoft’s Own Insecure Past

Tim — Thu, 15 Feb 2007 22:34:07 -0000

Perhaps I'll play the devil's advocate here. Did anyone read the pingback article on Daniel's last Vista security post?

I think the author of that pingback post had a point. How often do you install a piece of software in linux without elevated privileges? What about Macs?

Granted, usually with linux you're more aware of what you're doing (it's not as simple as pressing a button), but the point still stands. Almost *any* application you install on *any* OS will need elevated privileges.

Re: Vista’s Security Hobbled By Microsoft’s Own Insecure Past

Rick — Thu, 15 Feb 2007 15:37:17 -0000

Simple solution... do not run it.
While it sounds like a pleasant fantasy, why can we simply not move away. Sure there are things that we can not, but where we can... why don't we. People do not because they are afraid to learn new things or be outside of their comfort zone, so M$ power will remain for another few years until enough of the younger generations move up and start to show the highlights and safeties of the alternatives. Then Mac's market share will have a chance to flourish.

Re: Vista’s Security Hobbled By Microsoft’s Own Insecure Past

Riley — Thu, 15 Feb 2007 15:17:47 -0000

If Vista was not today available, would anyone care? When Vista's release was delayed, did anyone care?

Vista solves no compelling user needs that can't be, indeed are being, solved by other third-party products. On the other hand, Vista creates many new user problems, including shifting control of the computer from the user to Redmond.

One way to consider the problem is to imagine that Microsoft was a Japanese or German company. If it was, do you think that business would allow it to assume such profound control over a given company's data and desktops? No, there'd be an outcry for protective legislation.

But Microsoft has enormous lobbying power and so today continues to get away with operating as an entirely self-serving monopoly that only grudgingly responds to customer needs.