Vista: Very Interesting Security Times Ahead

Stan Beer
Thursday, 11 May 2006 17:25

Opinion and Analysis

Who would have thought just a few months ago that Microsoft would start to bite the hands it feeds. The security industry is running around in circles trying to head off the speculation that Microsoft might finally start to eat into the substantial profits they make out of plugging security holes once it releases its new operating system Vista.

The thing about Vista that may be worrying some security companies is that it is supposed to have a more Unix-like approach to security in that it implements a permissions system for processes that could potentially damage systems.

Of course, the security industry itself is predictably saying that it ain't necessarily so. But when McAfee executives start talking about the growing market for Mac OSX security, Symantec starts talking about how they're the security experts not Microsoft and the whole security industry starts talking about usability issues with Vista security, you just get the feeling that something is up.

However, marketing director of McAfee, Alan Bell, is not having a bar of it. Bell is skeptical that Vista will deliver the level of security that will obviate the need for third party security products such as firewalls. He says, "At the moment Vista is not out so what we are looking at is what they're saying will be in the product. Vista is an improvement over Windows XP but just as the arrival of Windows XP didn't mean that people would not need firewalls, the overall expectation is that Vista will not provide you with the complete security you need today and will need even more so tomorrow."

Services director of McAfee Asia Pacific, Michael Sentonas, says that the built-in firewall that ships with Vista just does not measure up to the third party offerings. He says, "Our firewall functionality is based on application based firewalling as well as packet based firewalling. We look to understand what applications are doing on the operating system. We look to see what traffic is coming to the machine and what traffic is leaving. After doing this for so many years, we've been able to make sure that the end user experience is very easy."

According to Alan Bell, the McAfee firewall used by consumers has a vast database of applications that need to connect to the internet. He says, "If an application wants to connect to the internet the firewall is able to verify that the application is unchanged. In that way, a user is not constantly being constantly asked if it's OK for this application to connect to the internet. If you keep asking users that question after a while, they're just always going to say yes. So the only time a user gets asked that question is if it's an application for whatever reason is not in the McAfee database. In addition, the database itself contains information about malicious programs, so that if a malicious program tries to connect it is able to identify it and take appropriate action. My understanding of the Vista firewall is that it knows about the Microsoft applications but how many users are using more than Microsoft applications."

But isn't this all just a furfy? Doesn't the permission based system that Microsoft has included with its new operating system make it difficult for malware to do any serious damage to your system?

Bell's answer to this was that even an ordinary user has permission to delete all your data. Ah but files can be backed up. Well then, said Bell, most Mac users tend to log on as administrators so malware coming down the line could gain administrator access. We were not sure about that one. Then Bell said that there were ways for malware to elevate its privileges so that it can run in administrator mode. However, he needn't have bothered because, from our understanding, Microsoft is still a long way from getting its security act together with Windows Vista. 

Here's what Windows expert Paul Thurrott  has to say on his winsupersite about Microsoft's attempt to put Unix like security features in Vista:

Modern operating systems like Linux and Mac OS X operate under a security model where even administrative users don't get full access to certain features unless they provide an in-place logon before performing any task that might harm the system. This type of security model protects users from themselves, and it is something that Microsoft should have added to Windows years and years ago.

Here's the good news. In Windows Vista, Microsoft is indeed moving to this kind of security model. The feature is called User Account Protection (UAP) and, as you might expect, it prevents even administrative users from performing potentially dangerous tasks without first providing security credentials, thus ensuring that the user understands what they're doing before making a critical mistake. It sounds like a good system. But this is Microsoft, we're talking about here. They completely botched UAP.

The bad news, then, is that UAP is a sad, sad joke. It's the most annoying feature that Microsoft has ever added to any software product, and yes, that includes that ridiculous Clippy character from older Office versions. The problem with UAP is that it throws up an unbelievable number of warning dialogs for even the simplest of tasks. That these dialogs pop up repeatedly for the same action would be comical if it weren't so amazingly frustrating. It would be hilarious if it weren't going to affect hundreds of millions of people in a few short months. It is, in fact, almost criminal in its insidiousness.

Let's look a typical example. One of the first things I do whenever I install a new Windows version is download and install Mozilla Firefox. If we forget, for a moment, the number of warning dialogs we get during the download and install process (including a brazen security warning from Windows Firewall for which Microsoft should be chastised), let's just examine one crucial, often overlooked issue. Once Firefox is installed, there are two icons on my Desktop I'd like to remove: The Setup application itself and a shortcut to Firefox. So I select both icons and drag them to the Recycle Bin. Simple, right?

Wrong. Here's what you have to go through to actually delete those files in Windows Vista. First, you get a File Access Denied dialog (Figure) explaining that you don't, in fact, have permission to delete a ... shortcut?? To an application you just installed??? Seriously?

Thurrott goes on to explain that for more complicated operations users can find themselves mired in an endless stack of warning dialogue boxes that they have to click to give permission for operations to proceed.

From the sound of things, Microsoft is on the right track for addressing its security issues. Hopefully, by the time Vista is released ordinary users will be allowed to delete shortcuts from their desktops and Microsoft will have solved the problem of what permissions ordinary users should be given automatically. If so, then for security vendors may find that Vista is an acronym for Virtually Impossible Sale To Accomplish.