2

During his presentation, Tan voiced concern that frequent UAC consent dialog boxes will blend together to create a "click here to get work done" attitude. "Frequent UAC consent dialog boxes—will this force users to turn off the function?" he said. "Users will eventually get annoyed with it if it impacts their normal day-to-day activity." However, Rutkowska said she was bewildered at the frequent arguments that the boxes are annoying. "Ive been using Vista two months now," she said, and within a few days of installation, shes rarely presented with a UAC dialog box. "I think UAC, from a technical point of view, is a very good thing," she said. "For normal users, this is [a good security mechanism]." One thing Rutkowska said she doesnt like, however, is Microsofts attitude. After the UAC criticisms started making the rounds, Microsoft began to stress that UAC is not a hard security boundary, like a firewall—rather, its more of a guidance tool. Unfortunately, that attitude means that Microsoft wont consider potential avenues of attack to be bugs, Rutkowska pointed out. "[Illicitly] elevating from low- to high-level [user privileges] wont be considered a security bug," she said—when in fact such escalation is a good indication that a machine has been compromised. Another feature that protects the system in Vista is Windows Defender, included previously as a separate Windows download. Defender detects and removes any unwanted application, actively monitoring protected areas. The feature is integrated with group policy and thus works with Active Directory. Another system-protecting feature is Vistas new Windows Firewall, which expands on the firewall included in Windows XP SP2 but improves on it by offering two-way protection. The earlier version didnt offer outbound infection—an omission that meant an infected machine wouldnt be stopped from spreading a virus outside of the network. The final system protection feature added to Vista is Windows Security Center, which checks and displays the status of the Firewall, automatic updates, malware protection (Windows Defender) and other security settings, including third-party security software such as anti-virus programs. Tan also criticized Vistas recognition of installation programs, which checks compatibility databases, heuristics and a programs embedded manifest—which declares to an operating system what it is. The potential dangers of Vistas handling of installers, Tan said, is that all installers run with administrative privileges, have full access to the file system and registry, and have the ability to load kernel drivers. "As soon as you click OK, that application has complete administrative capabilities, including downloading and installing rootkits," he said. Tan also criticized Internet Explorer 7 for its lack of Protected Mode in the versions that dont run on Vista. Protected Mode makes the browser run in a sandbox—i.e., it has limited read access to system components and cant download Trojans or spyware from malicious sites. eWEEK Labs Jim Rapoza called Protected Mode "by far the best value-add of IE 7+." Click here to read the review. That accounts for new system protection in Vista. As for data protection, the new operating system comes with BitLocker Drive Encryption—a feature that encrypts the entire Windows volume, protecting against data being stolen when a laptop is stolen or lost. Tans only criticism of that feature was that its available in only the Enterprise and Ultimate versions of Vista and is lacking in the Business version. Other data protection features in Vista include EFS (Encrypting File System), used to encrypt files and folders; Rights Management Services, used to encrypt files persistently so they cant be e-mailed outside of the organization without proper server permissions; and Device Control, which enables better management of plug-and-play devices such as USB drives. Tan also touched on PatchGuard, which locks down the kernel completely but also locks out some third-party applications, including anti-virus programs. Besides the ire that this drew from security software vendors, PatchGuard was actually cracked soon after Vistas introduction. Other flawed security solutions in Vista include Windows Defenders lackluster performance, blocking a mere 47 percent of spyware in quick-scan mode in anti-virus testing. OneCare also fell "well short" in Virus Bulletins VB100 test and flunk AV-Comparatives test altogether. "So Microsoft definitely still has some work to do in those areas," Tan said. Besides all that, a critical remote code execution bug in Vistas vector markup language was released on Jan. 9; in testing of Vistas strength against legacy exploits, Vista was found to have exploits that would survive exploits in every category except rootkits; key enhancements to Vista security are only available on 64-bit platforms; and you need new hardware platforms to fully support Vista, Tan said. Cumulatively, it sounds bad, Tan said, but hackers and Tan agreed: significant strides have been made in securing Vista. "Its a security evolution, not a revolution," Tan said. "Vista is not a security solution—it is a more a secure version of Windows." Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.