Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Report: Security Drives Vista Adoption



 By: Lisa Vaas
2007-05-23
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
News Analysis: Is the motivation sound, given issues such as the .ANI problem and Microsoft's admission that UAC, its star security feature, is vulnerable to social engineering?

In a recent report on enterprise security, the top reason survey respondents gave for adopting Windows Vista was that the new operating system is perceived as being more secure.

The "Fourth Annual Enterprise Security Survey" was commissioned by secure-file-transfer software maker VanDyke Software and conducted by independent research firm Amplitude Research.

According to the report, 52.3 percent of security-motivated Vista adopters are specifically interested in the improved firewall and anti-spyware functions in Microsofts latest operating system.

And in spite of the bad rap Microsofts UAC (User Account Control) has gotten from security researchers, another 14.28 percent of Vista adopters cite limited user accounts as their biggest reason for migrating.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub.

Resource Library:
UAC is based on the concept of LUP (least user privilege), which limits PC users account privileges during normal use. User rights are elevated only when necessary to perform certain administrative tasks. These limitations are intended to reduce Vistas vulnerability to attacks that make use of higher user privileges.

Microsoft touted UAC as a significant security improvement that signified that the company had gotten serious about securing Windows. Researchers such as Joanna Rutkowska and Symantec Research Scientist Ollie Whitehouse found that users can be tricked into allowing inappropriate rights escalation, however.

After Rutkowskas blog post on the subject, followed by a paper from Whitehouse titled "An Example of Why UAC Prompts in Vista Cant Always Be Trusted," Microsoft confirmed that UAC is vulnerable to social engineering attacks, as it is not itself a hardened security boundary like a firewall, but is more of a security "function."

Oliver Friedrichs, a director at Symantec Security Response, in Cupertino, Calif., said the perception of UAC as a security boundary persists. "That perception has become fairly well-ingrained, even given the fact that Microsoft has come out and said UAC isnt a security boundary," he said in an interview with eWEEK.

If Vista users continue to use the operating system as early adopters are doing, there will be no additional exposure to system compromise, Friedrichs said. Overconfidence in Vistas security technology may put users at risk, however, he said.

Overall, Vista is indeed a more secure operating system, Friedrichs said. He pointed to core technologies that are responsible for this security boost, including ASLR (address space layout randomization)—a technology designed to make it harder for an attacker to figure out addresses of critical functions and hence harder to get exploits running correctly; safe structure exception handlers; and a new heap manager that is more secure from a dynamic memory allocation perspective, with its newly hardened resistance to certain types of heap usage attacks.

Vistas attack exposure remains, for the most part, in third-party applications, Web applications and other areas where attackers are largely focusing their efforts at this time, Friedrichs said.

But despite these improvements, Vista is not devoid of flaws. The .ANI vulnerability, which Microsoft patched early in April, occurred in the way Windows, including Vista, handled cursor, animated cursor and icon formats. That particular vulnerability was so critical that it caused one of only three instances wherein Microsoft has patched outside of its Patch Tuesday cycle.

Of the 217 Vista users surveyed for the report, the other reasons they gave for adopting the operating system were improved usability, given by 22.11 percent, and "other," given by 11.05 percent of respondents.

Other relevant Vista-related findings from the report were that out of 300 individuals surveyed, 6.66 percent have finished testing Vista, 44 percent are currently testing, 18.33 percent are waiting for Service Pack 1 before testing and 31 percent arent testing.

When asked if their organizations planned to deploy Vista, 19 percent of those 300 said their organizations planned to deploy after testing the official release. Twenty percent said their organizations would deploy Vista after SP1 is released, 19 percent said Vista would be deployed but only on new PCs with Vista preinstalled, and 42 percent said their organizations didnt plan to deploy Vista at this time.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Report: Security Drives Vista Adoption
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Lisa Vaas
 


x}kS㸶j&sн!nB$잺U)Vm;@f7޵$IaiK^KKKKy$ W7-gL:9)ٝ O,zIj|ݻPBezAUM JԶO7RM3ة /4w7vGlJ{'AT{j xL5uΚI]ٚc7h2)X -$(kOմHmZ/P8$p$ZB;$?*B4mG$oQT}:XQ=2tНS[BT +X^DP~FDM:-4~rwN5yЀk`Vx>?$C5nCUVekFVlui! 1!oߎz$fRvnWo\ 25A2Z@[ ,HmfCc`pmׇɩT* Tkq3#}jݷt{#ԷF:SSC3MuN_CԿ(ҀK8S#/y y=:tV ̿{kCݸ1̷L[>GlRۄؼz00!}%D"ˡ,ftg 2n eþ=r@)Q_9P+{1ك;֨n>һP*)Aw>*GA nkp[N^׵vSi\w{ݳ>~j]\r m o$&W jDTV+Rh& Rc@G${/@BRM7JqߨPAIS# Ԏ40" J1zĢqu?M-~k~:CF,sAV5 衂ĠtWe`9;yi_voz{MN['gw:Rڟ+̊k*}k p6O|iuH0`kh`cRV>H ?vOZd[W/' MDO_0N`mYn]H!T|Y|ԛE34 i[2)ߦIw[ )aWtB=88m&T7ohH2 4 .Ϭzp-Alo K>(:H)5?&9gMil&XJp?є=m̗W/b`(AK/g ڊ5t*軬(if1;A0<^f&/_\@ 1 p 3d{".ӰirvZnV͉*YX]uUjZlY?龂KwqnUOV|ǫ$ # EHYf7-vI0긦U++e_;ڇU95zQnʼnl :2X bXP7HaQgtA`::)ҧ>RӚMCqRO#Gs>2胎6mb8-ƹ" ,70}HOqI$7X(}ZsOg6/|Ta֔^I$>6Z\?`c VCB뎂9{׿ergmMA(oEnPX^0G`^@48`88ʼ E]uCb賀B=`Mtև &SsfPB룔YXp$880U]2 akThjMMafyb|Fȸ:qmXbO@sUzqg0익ׅ])/_(g׭uу=&9Je!6#{e!{Wˈ(-JY)jycl ؑq,YX6Tȵm>1}Ⱥ3'Q(JЧIrf! g֐I81'\* ؕGQ,~۬ank 5!70MC LK=:޻ئ4Q{ /)J%E` L] T<ty[= F:6. 1H#60/`k :@/ /aPHUX tбթ6=,JINdzԘ>Q7Ϗ9(gh9d*'HZ+j*Zj{}|8=ehLQ8pG#}y _PM85Yo>+zCW>snA.}O>zN ',h'^ː]-'LiG 2R.1P^Cs2uKNj |jGVQ=/YQfa "gS+0fjנj@v[}l)'-qRCY= w7䚢#݀ޭn/F+ F6@\=!<vo(0f4g{J[ `{I-~*~ZjLR'@ u0cqey@0pሙ@F]S؇Qgm/ R=TʞO"X9KCbRD i^{p )J;pLjg %Jkfx+sJbOW2ETEdkC鳰S,!o$ sqS)+J LH+' 3YˡYF 3_6^y" ς2rSOiD:i2TZVR< +8r=-i7xџ2YD+++0,7"h -r[ ezrP͖ K%4e%3E/-9@X<y}bQ{LQ讻h^Ah1secfaI3N9`{iO$#J7eVVځ*jV$,< 7C{d,LGI<^:&.rOfss]`_A|7#S͆Re_AkrR8~G;a>&ұLƈkSH+G }O.lU*JtP(]PX9H(P Yz>Gɷwnj‰SXx|{ kPHe$ $"zдr#)=2fV*UXŵ?hxqNLv>B(5A A D@"D;n?% ?S-l8F:w~ݕDw;ݴO燤}e_:kv st'_u{~{yHDмG~ޏ ﵲRi5 }Ej_uHGV-_w?^JN}Mqr`SR=H3 J@cG$;Ĥ9}v|{{<=m_;lѳY?`y Bz+~p:K%E;"˖u߽o=rDp'Bj^_$'d0 srj^G'6bL`fX&IEy#SV5C2 x0MH`y,5' ^t}Xq q6a4'l/Q֭ Bb-.3Bt|PZ# (ʑ=`=`VɈv9>c/;$VBL0B_XH!)$ze*K<;mt( 6F_E'K+ uRⷒoWȘK7tAx[(ktNz< \1[iN:m"݋=Br^'18/=h1ޏH/pǻ"TS(L,ӤNL)fTDіxi'y0:F{8ꀒ~*0oBٸEO ,lmSs S32%Icϔ Um$Mj3fkC@$Ÿ_:JIv(+Hl(dAzWjSӚmf /.iwo6DrFM`l)LZQ!A|J| >i^D@)Rp[8#}@J^KKHeW:BZ 0><9Gs`*伨;GNՃĶS g>#m(3rcvd\:Gw*b,_=hrrӅ[ `{v$smCٱDݘ~h='Fst97X136qwvb#(;A\[5("Ξ ezclҿǥ̷Nu!i\vyo]9arJs dނ>3QᛷG 6n2'|2KO$hבּ~QOƭtGov;vkm,da}?H+FisP/!OK4vdLc!I )VԺUw7`ʜ9%'+wr62Ӣ(oV (f~\:pOҤ%sc}d}ݸw[f1rfwioJP}|] {~W*]ۣPIݣw뻻~=Ҳ(r]&ZD Npw5U{II%)x}<.r`RTzH^8ڈڽ]cg[D:*tcxO||nF??C4ȥN<曂; `!3( а5m {8g 0G )4T8hl?|nwcLRx666y) h4RwV`7lf8W ֍N 6V8e_7zkVy} rx|Svz7_7c\PF<)UKp1)%`PBH|pNM{fr+ 7EAn˸!E%ÖdN._靈p65xfVԌSLsYWKZS LtԳ/tkԱW, ]m+sQq$Y,Ж\1!eRno8tj9;"Cps˸i^\(5pU~'9)9&N0W E֮n)o}aS'҉SݗOmRM`'1YhD 3JОZCnڝ m<‹V88<꧙Pg x~8'y)V<(SA)Z2SlJf G;)E|LDxdћ4@ɂ 9pϕE=`yFhZȁc紷DكҷI""$sqDIb՟]]eS60|K}wkB{exHs: S^>vc"P>㰩=zg[qP?ZgYUTD_p%ի|Ǎ'5_M6n/Av5<R8RMqSRig81gIR ]X4`SqL2D|t 7 jy.U+{*vK4)97@29.ƳYڭE/SNMɵR*2V`KtJǀd 3 T8&- uI:C{WAp 8VQ*)%I򫼸ͧ:tʐGfp0tAǺ1OC)Ctq0\%xD4I](cSvm|Y𐮩M'& ϘLKцT*+g- qn%.sGp㍎WAy//OEi=A K/zQyOpD^8_F\jT*0Eq;Μ+9vӾ74V?p~^-˒K'ԛ {47OtT>&-Q;Me`,L#=$xCKX\k@K*&`e+6t+SCOa7$ !|{goCh1gJ ˝R3 usUS ĠH"1("@L,hx[̋KR/t}\0|@joڎ S[ǍjsqH!)#!$BSxKR͋?es%P&ԅ?)MzÚ/>ǧ |cr\Y/ƋZZ.[ߜߜߜߜܹXkv.6pGjY`춝=8-]Q׳).c{|Alˤ$vc)ۙD8$\lv ^Я{c7w3FʅuG3\J_҉Sjb˧'45 = B!d|#ʸ".]G̴ܯLۢ nlŸT #J J}5lwNa|傩'ظ+0c݉l۵RDU9G|Ġ M<|͢yX4'V^[ƳA|mϨles ku ֗b$ [uE}͆5#{G^y>:c54?ey 6xE 2!H!Kl!'*6{N0tyAm Aȼ=KԬE5:&UJE:` #cqXghCXz+u$%=݇^&]ݽ],)\ܹF? _ )/K{~i IvXseߒ`2VXӶ뿓$}jv`'r5X,hMÙ@t}ų Q٪q7!T7i˽4n;*=g]=[G?=eO)?Ro\k_A'-g ìhgϡ6 ?; [?I%4W'2{Q3@amIYxfStgf f4} Su&W[y/ꏩD#? KD)`G%ߊB~뇺}ݛ} J8+O|dQ0Bx8j g{{[=$ɐ]]"=gv;"h?(F]{F9-04 驪~ۘeP-r%8 YWSvqCv?Jrza#ʵmq|_rDY7Cq.B>P e9L #4>(CZP"Z’M}Is9ڊbMm@`עh~NLZC@ O^a)qc) +pWx̓L,p;PFPxIYLS^z1jsq̙Tl/ZNtUDkcΩѥZU9PWs.KBG(zdI2// c|RO&ƪTe:-0S5_S\UBICwXHq5GUj6j=!`5<Zn&+k]қ≡ĚU֝UؓRc3-*);,Ouz-G"8F34l3˨aZ$~TRUsSyT"̦uR?GZI)JȋP^Cs2uؕ՚Tھ fOPf=v?ȵƃl:Xb9XieZ{cq;\KJf-ݷ`  kPу%K~ܷ0_|->(BAdo)ck@G'Ǫ%chkٱdB$e_/0̊|eUx[hhwQfg1q8sr;c{±@DHϣb6b~m>9rlg" zB y`KaG )U( 5 .U@8AnIݲY*coI c,rt7%eRS[ٓ;?8@`m̼DGRSx &㗲d.4qq5: roEVIv# ,@E슍B9C|𺕈B0\ǍMپ Eo]*4>wg(-$=׵svG?CQ>at~'LuE) 2ų'n-=Sm_?fC.7,M}C< l  \ZP4e~?͇˞r0Qݾ!?1! g@L-aiAX#hBGH[1~cMZsxXҚm!ah\bdpbZŘ!&"c3SӦ{ĆRǠ{qm_16Faŷ^(l8*wxcF>b|>ǘ+=%G D:Ũb)]ΰ"@ g o#!z)u7SIu~f6欞pxTg- .E.[qw'+W!5= 1 YG7`C[UEY|obp ?vg`!usx\fJԎ<@<P 4'<(g7,Xzob @p),f,ԪRD&uMu]j9u^]gsnV?7-.4%WPRh  V #vFCdQf:\ݹ1C39^&9nHq}ow/q{}&RGݪ;'ݫgu||iKyl25^ Q9lvZNQʩ`Sg̥,%Ew" yzz|l%6v#g58ٙ/_,fyPMEQ`1D*GM& OK8S^u'Vn"))'MfNyʻ9H姀VN /?=}Nۅy{}yhC9CL2^S?/9;x1Ut`w~'>ී৓3g'>;@D'(S~9wS{3?9s w3]7]?͑/W@W9q_ sC?=/g=/g}~Z_c}}Oy0O9(+ɡh&K:ICP.Ny甗 z)W@^_~+%YNȳ9+F7^+sTh3g_/+I}u=M+ťfW*7yKxM}%kk[Z1iu ba/ KPe^ٛLZCGP/<*Y}Mchto$.rd&}:=WWvl+x._[nNJ>s\ ȜHǣqiPB9Чb>[xcE{_,mBfH6T<'u~m'<@7 ,5v;3ŨЫِ@E΂3,7q) ?`-kD2Ydpc l$9tgi[Lr,!iށx@Mz4z<8JN)g,#[LP`t{_=F:z*4$pgB-ҋKl!ވPeD˺U쬂a j?=[n%cL$Qw%7/ɉF-yCw`bȜCOQxap&t9AwI{׿年Ss81&-c mx5 xnǍW51KRp01MHx#>}r)1)' ƠֽT#iZc7Xn΄`ðH/7#6"4Σ̯9۞3w53m[>- n*Dc[820tճNWmbMvʮnG\ETœj@@zƶeN _>D~jX3&?gIId ¯Lty'0OqCg{x&&l }_|a9vAyC/>7LxEÄIAb;`HIأ ^Bd/]T# 챧04X%uj]vu$$}9= zLgVߜRs7QH墲;}M w,H'VT#cE 궯MEm_kτxsp vSچqf[Wuv5=ׇ"cT =`?GbС_456qtѷkdm+iM &Ax&.W5b8gC“J'rJzc{[/I)H(\dz\g;*v 7&R,`+ܶ$ gWbz`#Yұ jkA/?iwI3۱x쥽%}Yq v.}X#U:.~9MT~3)V\wц|7(6؋BOK`{ ,AQ6Lv>Nc? `vwf9c˖XaYѶ9ud2-1kc'p'!MXVulם@ d9a7Ctɹ_U`7'#~*3VœA>p8C3 ܐ}olI C_x r8I W960[ +"  JmӴ>u¹"UXJَR , ~:3_N[ƝOQh| W91-"ux ] D pymx:" cVJRX}P?(:OOgsZ 8_Hʶ› *9}X^c 0,*09G5-E6,lp/>cwϏp`2ozN6pA}+\ȏ,,L[Z']ZD!hXrE"O q~ mfK#fY1[Rj8gn~ӧ4pRaL (b[иaHbV\3|7ZО3q7C' Sga+cPMYjcL1G<,@} փ LW{څGQE6;|,ݐbVQ|5Ȯ'R:rsh;h۟3T*Da$!R3 KEj z.t3\04yqBQəȩ8v}_\%hw2b5Š b3<'\B;W?bMd|ZkhYY/5;χ<|;Xyt(y']f*FRqOR|j?(>^t3u㖗7O>~<6Ҝ%!tO[Y B*Ew<=m_OWzv`ol3 g>p7*Ѡ,j z' l5mEgl(3W'~ѥ;7 D^R꧰a9TUd%r R⊫+4>S!aa؄;66BJ:6L]_X PQ~)