Microsoft: Vista Security No Magic Bullet After All

Thu Apr 26, 2007 12:37PM EDT

See Comments (7)

Much has been made of Microsoft's claims that Windows Vista is substantially better than prior generations of Windows at securing the PC and the data residing on it. But for the most part, those claims have not really been challenged, and Microsoft has skated by on the promise that security is better with Vista without really showing why. Well, says one executive, the reality may not quite live up to the promise.

The upshot is that Vista's security hopes are pinned on the "standard user environment" (which requires an elevated security setting to install software) and User Account Control (UAC), which any Vista user knows is that maddening pop-up that attacks you with an Are you sure you want to do this!?!? message every time you push a button on your keyboard or move the mouse. But seriously, the idea is that doing anything of substance on your computer (allowing access to that standard user environment) should require extra approval, and UAC ought to catch malware when it trys to do the same thing underhandedly.

The problem, it turns out, is that UAC can, in all likelihood, be bypassed by malware creators. From the linked story, Microsoft's Mark Russinovich notes, "[UAC is] a best effort to raise the bar and stop malware from making changes to the operating system but it's not a security boundary."

In other words, we're safe for now... until the hackers figure out a way to bypass it. Which is, frankly, inevitable. 

UAC has other problems, too. At its simplest, hackers could simply trick you into clicking "allow" when malware strikes. And then there's the more obvious fact that nearly every Vista user turns UAC off within a day of installing the OS because it's such a nuisance. (If you're still using UAC, please chime in here.)

The days of Vista malware (try searching the web for "vista hacked") are only a matter of time... best prepare for it now. 

LINK: Russinovich: Malware will thrive, even with Vista's UAC

Comments on Microsoft: Vista Security No Magic Bullet After All

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 1 Posted by super_dave_1984 on Thu Apr 26, 2007 4:34PM EDT Report Abuse

    Well DUH! Vista is just a new look on the old Windows. It's not more secure, just different. And when the cracks do start to show, it will be the same song and dance as with earlier Windows versions. SP1, SP2, patches galore.

  • 2 Posted by klacour on Fri Apr 27, 2007 10:57AM EDT Report Abuse

    UAC is nothing more than Microsoft's attempt to pass off responsiblity of security onto the consumer. Rather than really fix the security leaks in Windows, Microsoft instead paid lip service to tightening up the mass/mess of code behind Windows, and instead came up with the quick fix of UAC. "What, you're PC is infected with malware?" Q) Did you turn off UAC? A)Yes - IT'S YOUR FAULT! Q) Did you ignore UAC? A) Maybe/Yes - IT'S YOUR FAULT! And now we have the third possibility that Microsoft did not "fix" the security leaks at all (which we knew all along), and that hackers will/are/have hacked UAC, and even if we did not turn off UAC, and we did not ignore UAC, IT IS STILL YOUR FAULT! For the sake of full disclosure, I do not run OSX or any Apple variant, but I do own an iPod. I run 5 PCs at home, each with a slightly different flavor of Windows. My PCs (2 laptops and 1 desktop) have NEVER been inflected with a virus, spyware, or malware. NEVER. My two children each have a PC, and both have been so badly infected that I had to reinstall the operating system to rid the PC of nasties. All 5 PCs run Norton's, Spy Sweeper and Zone Alarm. I do not need UAC my my three PCs, and I know, even if I had Vista with UAC on my kid's PCs, they would still download payloads of junk. How come I do not get hit with bad stuff? I do not click thru links e-mails to me. I do not click any links within a web site I do not trust. I do not ignore any wraning message offered up by my spyware, anti-virus or firewall applications. How come my kid's, and 99% of OC users get slammed? Because they are not trained, or choose to ignorethe steps I take, above. Is OSX better than Windows? Maybe - but I also believe that OSX and Linux suffers less is because they have a more savvy user base, and a smaller user base. All software is hackable. Better software is not the answer to the malware problems we have - better educated PCs users are.

  • 3 Posted by shadowman_26 on Sun Apr 29, 2007 8:53AM EDT Report Abuse

    Norton? LOL!!!! There's your problem. Norton is bloated. It slows down your system. You want a good qaulity Virus Scanner? Go get your hands on Kaspersky.

  • 4 Posted by brighamg5 on Mon Apr 30, 2007 6:08PM EDT Report Abuse

    AMEN to klacour's comment. I've heard so much negative talk about Vista that it makes me sick when the real problem is the people that use the software. I'd bet most people that complain and/or have problems with ANY OS are either big time gamers or are the download anything type of people who are so gullible that they forward dumb email messages onto 10 friends and then sit by their mailboxes waiting for a check from Microsoft (oh and believe me, I'm a lawyer - ha ha!). Go ahead, switch to OSX and join the 5,000 users who don't experience the same problems but have to run 10 extra programs in order for a certain program to translate a different Microsoft program in order for OSX to understand it. I guess fortunately for you type, the line is slowly beginning to blur now that Apple uses Intel chips and can run Microsoft programs. In the end, the moral of the story is definitely education. Don't click on ANYTHING you don't trust and I would HIGHLY recommend Norton Internet Security. I've been using it for years and have had no problems...EVER!

  • 5 Posted by y_ld_at_heart on Thu May 17, 2007 6:48PM EDT Report Abuse

    Get a Mac. Always had trouble WITHOUT the internet with the OS on my PC. So I became an educated computer user. I got a Mac. Still have the ailing PC I bought 3 years ago. It goes bonkers, so I have to reload the OS. The computer I had before that was another lousy PC that I had till it died. Not my Mac.

More Posts: First Prev 1 2 Next Last

Post a Comment

Sign In to Post a Comment

 

Sign In to see your profile information, saved products and more...

Register Sign In

My Favorite Gadgets

 



Quick Compare See All Favorite Gadgets
 

Recent Activity

 

Recently Viewed

on | off on | off
 

Recent Searches

on | off on | off
 
 
 

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.