SBN

How Secure is Microsoft Vista?

Many companies are still taking a "wait and see" attitude on upgrading their Microsoft desktops and laptops to the Vista operating system. The most heavily touted improvements in Vista are focused around security.

We’ve all seen the Apple commercial poking fun at the constant security-related questions asked in Vista. So, what is the scoop on Vista security? Is it an improvement? Where does it still have room to improve.

This month’s ISSA Journal has the first of a multi-part overview of Windows Vista Security from Edward Ray and E. Eugene Schultz. The first installment focuses on User Account Control (UAC), Windows Defender, and Windows Firewall.

With UAC, Windows Vista provides a method of separating Standard user privileges and tasks from those requiring Administrative access. According to Ray and Schultz, while this feature is not quite as good as simply logging on as a normal user, it is an additional layer of protection previously unavailable in Windows XP or Windows Server 2003.

One drawback to the UAC feature is it requires every interaction involving installation or execution of external code to be approved whether is was initiated by the user or a potentially malicious website. This leads users to face a litany of boxes to click continue or reject. Meanwhile, all other access freezes and the screen darkens until you’ve completely gone through the series of dialogue boxes. Pretty annoying, especially if you’re the user trying to get something installed.

Windows Defender, also available for use with Windows XP or 2003, helps protect against pop-up ads, slow performance, and security threats due to spyware, adware, keyloggers and other unwanted software. Defender monitors in real time protected areas within the Windows Vista operating system that this unwanted intruder software targets, such as the Startup folder and the Autorun entries in the registry. However, in a test using a sample set of 25 spyware and malicious code samples, Defender failed to identify 84% of them. Organizations should in no way consider Windows Defender a substitute for third-party anti-spyware solutions.

Windows Firewall, the third area Ray and Schultz focused on, is configured by default in Vista to help protect user’s computers as soon as Windows Vista boots. Unlike Windows XP, the Vista firewall can restrict both inbound and outbound traffic, although outbound filtering needs to be configured manually or using Group Policy. Like Windows Defender, Windows Firewall should be seen as a complement to third-party solutions, not a replacement.

Lisa Vaas has addressed these concerns in articles of the print edition of eWeek. March 5th, in an article entitled "Vista’s security called into question", she wrote about how social engineering can derail the effectiveness of the UAC. In the March 19th edition, she addressed all of the security features mentioned in "Will Vista Swat Bugs?" She also touched on the Windows Security Center and BitLocker Drive Encryption.

As Ray and Schultz point out, Microsoft is moving in the right direction with Vista, but there are still questions. The biggest challenge is usability. Will the myriad of security prompts lead users to opt out of having to approve software downloads and other potentially dangerous events?

My hunch is they will…until Microsoft can find a way to distinguish where the request is originating from, so the process isn’t such a pain.

*** This is a Security Bloggers Network syndicated blog from IT Best Practices and Compliance Reporting Information authored by abakman. Read the original post at: https://www.bakmansblog.com/2007/04/how_secure_is_m.html