Microsoft: Vista Most Secure OS Ever

[Zeus_Hunt]

Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry. But a bold statement can only go so far, and much of this week's conference has been spent reinforcing that point.

From the network perimeter to deep inside the Windows client, the significance of security has permeated into every facet of technology. Norman Mailer said that 20th century man's default status was anxiety. We have barely dipped our toes into the 21st, and our default status has already been elevated to outright fear.

Consumers are being plagued with spam, phishing attacks and spyware, while the corporate world fends off data and identity theft. Microsoft believes its new wave of software will be the panacea for such problems, thanks to the Security Development Lifecycle (SDL) and technologies such as BitLocker and smart cards.

Windows Vista is the first operating system from Microsoft to be built from the ground up using the SDL development model. Every bit of code is scrutinized for Common Criteria Certification and security compliance checkpoints must be met along the way.

Services are now run with reduced privileges that contain profiles specifying allowed file system, registry and network activities. Further below the surface, the Vista kernel makes it harder for rootkits to elude detection, while better protecting against unauthorized patches.

Spyware and malware threats, meanwhile, are contained by the operating system's built-in scanning engine that is based upon Windows Defender. In addition, the Vista firewall extends the functionality added in Windows XP Service Pack 2 to provide full directional filtering and application blocking.

Potentially malicious applications are also restricted with Vista's new User Account Control feature, which has spurred a great deal of complaints from beta testers. UAC forces programs to run in a specific Integrity Layer, with a default of medium, and request elevated privileges from the user when performing system commands or writing to sensitive directories.

Internet Explorer 7 in Vista runs in a low Integrity Level known as "Protected Mode" in order to prevent malicious Web sites from compromising an entire system. Features such as a phishing filter and security status bar add further safety checks for users.

UAC additionally enables file and registry virtualization for programs needing administrator access. This capability will ensure backwards compatibility without sacrificing the security of Windows Vista. For example, a program trying to write files to the root of the hard drive will actually be writing to a special folder called the virtual store.

On the hardware level, Microsoft has implemented BitLocker full disk encryption. Using a TPM chip located on the motherboard or USB stick, BitLocker literally encrypts data while it is being written to the disk. If a laptop were stolen, the hard drive would be inaccessible without a recovery key.

Microsoft says the 256-bit AES encryption technology only causes a single-digit slowdown when communicating with the disk, and the majority of users would never notice it was running.

Vista will also support smart cards with its user-based file and folder encryption technology known as EFS. Moreover, integrated rights management (RMS) enables organizations to enforce access policies for individual documents, which would prevent them from falling into the wrong hands.

But Microsoft acknowledges that nothing is infallible when it comes to computer security. In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team. This group has only one duty: to break the security in Windows Vista and help the company develop fixes for the vulnerabilities.

Microsoft is also looking outside to shore up its defenses. The Redmond company at TechEd 2006 announced the formation of the Microsoft Security Response Alliance. MSRA builds upon five other alliances currently helping to organize security efforts, and will offer a portal for collaboration along with a communication framework for sharing security response information.

All of these security changes won't be easy on application compatibility, but Microsoft says it is doing its best to mitigate any problems by the time Windows Vista ships early next year. The company is working closely with developers to add custom "shims" that will ensure their programs are compatible with User Account Control.

Still, Microsoft admits that antivirus software, games and some applications will continue to have problems. Work to streamline the experience for consumers will not stop with the final release, however, as Microsoft already has compatibility improvements planned through Windows Vista Service Pack 1.

I was really tempted to put this in Jesters Booth.. :frusty:

May be the most secure OS among other OSs from M$

One an find a lot of posts on this Topic at Softpedia

Here are some of my fav comments

It's plain and it's simple....people use windows because it's a better product over all. Better is not necessarily, mind you------ better in 90% of cases = easier to use. It's the same reason that the ipod dominates the market. It's not BETTER than most other mp3 players, it's easier. People buy their ipod, get the newest itunes and buy songs/videos etc. They don't know, or maybe even care that there are other online stores out there renting songs for a set price a month, or even that these stores insure your music so if you lose it you can D/L it again. No. They care that they can buy a few songs and listen to it where and when they want to in a trendy little music player.

I use both windows and linux but I use windows way more, simply because I cant bother with dealing with command lines for things anymore. I'm at home and it's 2006, the command line sh&t needs to be over with already, and unfortunely linux just isn't done with it. Yeah there are many things you can do without command lines, but equally there are many things you can't do without em'. Adding lines to config files, etc. etc. etc. No....I want to be able to double click an exe file to have my program set up, and then I want to be able to run the program when I want to. I want to be able to pop a hardware card in and have it work sooner than later.

And Linux isn't safer, thats as much of a fallacy as the OSX not having viruses deal. See, hackers put alot of work into exploits, viruses, rootkits etc. Why the hell would you waste time on products that take up what, like 5 to 10 percent of the entire worldwide market? Second reason is that a high percentage of Linux users know what they're doing, which means that most exploits for a linux machine now will be debunked rather quickly.....so of 5% of the market you'll get a decimal number net' of people who may get something and have it running for a long time on their machine. With Windows it's easier - so many people who know little to nothing about computers are running windows that it just makes a 'prime' target. Again, this doesn't mean linux is safer. If you don't know what you're doing, you'll get viruses, malware, rootkits JUST the same. I consider myself someone who knows what he's doing, but I'm not willing to sacrifice ease of use for the so-called 'security' of being in a technological minority. My windows is as safe as a computer saavy linux users'.

Now see, When MS goes out and says thatone of their products is the most secure, or is unhackable (Xbox 360), some people take it as a personal challenge to exploit the hell out of that product. Think back, before the 360 was released Heres a snippet.

"One of the reasons we went with custom hardware design for all our silicon is that it allows us to build security at the silicon level," he said. "There are going to be levels of security in this box that the hacker community has never seen before," but he admitted that "I'm sure sooner or later someone will work out how to circumvent security. But the way we have done the design doesn't mean that it will work on somebody else's machine." from:http://arstechnica.com/news.ars/post/20050910-5296.html

Now, you look around, there is a modchip for the 360 about to be released, PLUS firmware modifications that let you play backup copies."But the way we have done the design doesn't mean that it will work on somebody else's machine." umm, ya, it does

Now, the same is gonna happen for vista, they are gonna tout it as unhackable, unexploitable, then 2 weeks after final release, 12 big security updates to fix holes and try to save their own asses. And ofcourse, i will end up getting it, and i will end up using those updates, because I like games, and dont have enough money to get a mac.

Regardless of who targets what, the fact (and reality) remains that the malware, et al., problem it is an inherent Windows software problem. Period.

And by the way, every report that has bothered to analyze and compare the level of OS security built into Windows and Mac OS X has reached the same conclusion, over and over again. Mac OS X is, by design, infinitely more secure by default - out of the box - than any Windows OS to date. That doesn't mean that OS X is invulnerable, it means that the bar is significantly raised for malware authors - potential or otherwise - to do any damage on the level that malware authors enjoy today on Windows with relative ease.

The problem with MS is that they left the security barn door wide open for far too many years. Instead of rolling up their sleeves and doing what they said they were going to do when Longhorn was announced (a complete rewrite of the OS from the ground up) they pursued a "patch as patch can" approach in the interim with a predictable lack of permanent meaningful results. Now that Vista (fka Longhorn) is about to arrive, it appears to be hardly the "complete rewrite" as advertised. The system registry, ActiveX controls, long the malware authors tools of the trade for infecting Windows PCs are coming along for the ride in Vista. No doubt MS has taken steps (finally) to offer greater protection of these long compromised Windows OS "features," but I'm afraid the malware authors of today will find the Vista of tomorrow all too familiar when the rubber meets the road.

If any OS is designed to be more secure than competing OS systems out of the box, that fact doesn't change whether one person uses it, a hundred folks use it, or tens of thousands use it. The challenge of software design and security imposes a greater mandate than simply waiting to see if mass acceptance garners the attention of malware authors. By that time, it's already too late.

And do you have any idea how many millions of active users 3.6%(of MAC users) translates into? And still not a thing malware-wise on the platform? The proportion of active Mac users and the virtual malware no-show just doesn't add up, considering the Mac's present installed base. The argument that Mac's are not targeted at all due to it's market share just doesn't wash. Even if it were just a million active users, that's a considerable malware propagation target.

[eBait]

Hahaha. I am using it (beta2), and I have used Linux before (Ubuntu)... and i can say that Linux is far superior to Windows at this time. Now if only more would use it....

[masterripper]

I dont care how "secure" Vista is, the problem with Vista is that it sucks, i have tried every single beta release to date and can easily say that all it is is a "pretty" windows os bloated with "pretty" junk that just makes it look better(for e.g Windows Flip mode), it is also SLOW and requires such a high end pc you would need to be a rich ass spoiled kid that has rich ass parents in order to run Vista ok. it aint faster than xp(everyone knows that), it aint "better" than XP, and honestly it dont seem any more secure than XP is, only thing i see that is more secure about vista is that it comes with Windows defender, ohh wow thats awesome, NOT, windows defender sucks, spyware doctor or spysweeper is much better, so overall im sure that me along with a bunch of other ppl are just going to stick with Windows XP after Vista comes out, sure i will probaly end up "trying" vista after it officially comes out and i will do the same thing i always end up doing, switch back to XP because it is much better, has much better support, is faster and personally i think i like Windows XP's interface better than Vista, basically "if it aint broken, dont fix it", Long Live Windows XP! :frusty:

[boulder omen]

ROFL

jester booth!

[Zeus_Hunt]

ROFL

jester booth!

I only Hope not... ;)

It may take atleast 2-5 years for the next MS OS to come out..