Partager via


Windows Vista less secure than Windows 2000??

I read this article from Angus today with much amusement. Apparently Vista is more insecure than Windows 2000. I found this really very funny. Why?

The number of virus infections found by a virus vendor does not necessarily equal poor security. In many cases (though not all) it equals poor user behaviour. Why?

If I, despite all prompting and consent behaviour, choose to go to a (probably dodgy) website, accept the ActiveX control prompts to download (probably dodgy) code and I actually choose to execute that code then I'm hosed. I'm now at the mercy of whatever code I've chosen to run - and in many cases its running under your local shell integrity level. The anti-virus vendor is now the last line of defense and you need them to help get the malicious code off the PC.

So is this purely the operating system's fault? I contend not. No in some cases its the user and their lack of knowledge and their implicit "it-wont-happen-to-me" complacency. Hence my comments to Angus that we do need to do more to educate users about security and UAC. Take for example a previous post on Protecting Your Business from your users. Sometimes we just have to spend more time in actually helping them to understand the risks....there's only so far that technology can go in protecting users....

This brings us to the point of UAC and why its there. Its there to add another layer and to enforce least privilege. In the majority of cases in Windows 2000 and XP people ran their applications while logged on with local administrator privileges. This was something we wanted to stop and UAC does that. Assuming that I don't have local admin privilege I cant even consent to install the potential malware - but my apps run and I can do basic things now like connect to a wireless LAN, connect to a VPN and change my timezone....all things that previously you needed local admin privilege to do. In some cases, yes, some apps have issues running like this. The CoPilot Live software that came with my TyTN II phone is one of these...

And its not like the application developer community didn't know about writing for least privilege. We made it pretty clear over a number of years not to write to protected parts of the OS. Our logo certification reflects this!! UAC is designed to enforce least privilege and for the most part applications do work nicely and behave properly running under UAC without any prompting whatsoever. So far today I've run Office, run Camtasia, even Command and Conquer Generals....all without a single prompt.

Despite the claims - Vista's actual vulnerabilities are significantly less than Windows 2000...period. And we still stand by that claim. We also stand behind UAC and its intent - and what I showed Angus was that we have made great strides in reducing the excessive amount of UAC prompting for a single action. Ill be doing a webcast shortly showing you this fact with Windows Vista and Windows Vista SP1 running side-by-side. More to come on that!

Comments

  • Anonymous
    January 01, 2003
    Greg...and that advice hasnt changed. Its always best practise to have two accounts. One for your admin and then another for your day to day. UAC  can actually provide the runas to call that credential if you want it to like you have been doing.

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    Windows Vista is, apparently, less secure than Windows 2000. An analysis of threat data collected over a six month period by security software developer PC Tools suggests that despite a bottom-up code rewrite and the uber-annoying User Account Control

  • Anonymous
    January 01, 2003
    PingBack from http://windows.wawblog.info/?p=27809

  • Anonymous
    January 01, 2003
    Like most people I have an opinion. I hold pretty strong opinions about certain topics, one of which

  • Anonymous
    January 01, 2003
    Today I posted a short and sharp screencast just showing the differences in Vista RTM to Vista SP1 in

  • Anonymous
    January 01, 2003
    Good point George, no I dont think user behaviour is necessarily changing...but it needs to. Anecdotely, users seem to be becoming more aware of security in certain scenarios such as internet banking though not necessarily in everyday usage. So this points to something you have alluded to though not directly stated - if thats the case then why do more Vista users seem to get infected than Windows 2000 ones? Without having found the test matrix or resultant data for this study, think about this one for a moment. How many consumers are still using Windows 2000? The majority will be using Windows XP (which explains the "poorer than Vista" result there), a growing number will be using Vista and a vastly diminishing number of Windows 2000 users. Hence when you track trends from people doing AV scans via a website:

  1. These are likely to be consumers and not corporates (that are likely to have their own in house mechanisms for AV scan and protection. Consumers are less likely to still be using Windows 2000 as they migrate to new hardware incrementally.
  2. Thus the installed base of each platform will have an effect on the numbers produced. I wonder if the same data is showing Windows 3.11 and DOS 6.22 to be "more secure" by the fact that there are no online scans found for it? :) Not all study results show the complete story... Of course at present Im speculating here - I havent seen the study. I havent seen the test methodology and Ive yet to find it. If you do please let me know as Id love to see it.
  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    May 13, 2008
    "there's only so far that technology can go in protecting users...." Correct. And of course finally it's always the user who is at fault. They chose and paid for the operating system, after all. And why at all do they use computers, if they are not trained enough? (Or is this not what you said? ;-)  ) Why does an ActiveX control have full access to my computer's resources? There is a difference between local content and data display, background communications, or a fancy user interface for a web application - and between modify access to program files. If all you offer is a hammer "Allow application to do everything?") people have no choice but to use it for everything. And if it's used for a lot of little, nagging stuff, people will start to ignore it. Anyway, it's "full access or nothing", not e.g. "This application wants read access for Video files. OK?" If UAC is only used to play the blame game - "But you confirmed it!" - it's not ever going to get the recognition it deserves. The security model used for BitFrost looks appealing - by default an application does not have any rights. The programmer can apply for certain rights and encode the request in the app, but even then certain combinations of rights and resource accesses are only allowed by the user or for manufacturer-signed code. And MS is actually going towards that direction (e.g. with Manifests). So much for my 2 cents. Thanks for making Windows more secure.

  • Anonymous
    May 13, 2008
    The old advice for IT admins was to have separate privileged accounts for any actions that required privileges. I used to have various shortcuts that used the runas command to launch AD users and computers, etc. I haven't found any elegant way to do the same thing under Vista. The closest I have is to change my machine's  Local security policy to prompt for credentials whenever I right-click and choose to "run as administrator". Has Microsoft's best practice advice changed?  Should I now give my day-to-day account privileges and just click on OK when UAC prompts or should I get the OS to prompt for full credentials every time as I have done?

  • Anonymous
    May 16, 2008
    The comment has been removed

  • Anonymous
    May 17, 2008
    The comment has been removed

  • Anonymous
    May 17, 2008
    > why do more Vista users seem to get infected than Windows 2000 ones Michael, this was almost my point, except I was referring to the relative number of infections, more precisely to the number unique threats per 1000 computers as was reported in the original article (http://www.pctools.com/news/view/id/206/): Unique Threats per 1000 machines Windows 2000 586 Windows 2003 478 Windows XP 1, 021 Windows Vista 639 If the samples were chosen to be representative of a population then the numbers would not depened on the install bases of either Windows 2000 or Windows Vista, provided both install bases are comparable.  And during the six-month study, according to the statistics gatherd by w3schools (http://w3schools.com/browsers/browsers_os.asp),  the install bases of both OSs were comparable.  I understand that the statistics could be biased, but this is the best I have.  I only wish that the top ranked sites (http://www.quantcast.com/top-sites-1) published similar information on regular basis. You could also say that since Windows 2000 is an old OS the targeted attacts are less frequent.  I would agree with this, and even more so if I saw supporting data.  Nevertheless, the numbers shown in the study are indeed alarming, especially considering all the work that had been done around UAC.

  • Anonymous
    May 19, 2008
    The comment has been removed

  • Anonymous
    May 21, 2008
    The comment has been removed