Vista - Vista Security

A while back we had an interesting discussion concerning the pro's and con's of Vista's security measures focused mostly on the UAC. Unfortunately that thread was pulled for unknown reasons, since we could add this article quit properly

Neowin.net - Vista's Security Rendered Completely Useless by New Exploit

One thing about the article and demonstration application I found retarded was how they where saying they bypassed DEP protection and UAC used in Internet Explorer by Active Scripting...Well if you have physical access to the machine you can do anything, Thats been an established fact for way over 20 years plus DEP used by internet explorer is disabled by default and thats all thanks to Sun Microsystem`s (Java) and Adobe`s (Flash) being non-compliant so Thank SunMicrosystems and Adobe for that entire attack vector possibility...That is not Microsoft`s fault and can be turned back on very easily, They also mention it applys to every operating system including OSX and Linux...

These techniques require a really severe system vulnerability within many core compents to be used remotely so Im not concerned about that since they are all protected and patched unlike XP... DEP can be turned on in Internet Explorer so it kinda throws that argument they used out the window...If your using UAC and Internet Explorer and ProtectedMode is On then it uses a Guest account for running code (aka Sandbox) so thats another fault with the belief its vulnerable...

Like I said before if you have Physical Machine access you can do anything regardless of the amount of security you place on the machine they are just re-engineering a century old exploit (physical machine access)

They should have there facts strait because the issues they have raised have allways been possible and apply more to OSX and Linux than Microsoft Windows, They just want to bash them around to get more publicity about physical access issues and so called "new" attack methods used by a hypervisor (aka Virtualisation)...

Here's something else you must remember, IBM did a study within the past couple of months, and they determined that the rise in attacks is due to security researchers posting their information on the net and other news sources right away.

These guys like DMEX said, just want to bash Microsoft, and try and plant the OS 6 feet in the ground. A couple of years ago, it was revealed that Linux and Linux based OS'S when compared to Windows, actually have more security holes, and those security holes to this day still haven't been fixed that I know of.

@dmex, well said, Thank You!

I get tired of these complaints about UAC and DEP.
I just spent the last hour trying to help someone that got 'infected' because
they had disabled UAC. (and this persons not a noob)

If you don't like UAC and DEP don't use it; but PLEASE stop trying to convince
others, 'common users' that visit these forums not to use it.

WE'RE TIRED OF CLEANING UP YOUR MESS!


Later Ted

Bare Foot Kid, I agree with you. Dmex, you said the truth.

I'm tired of seeing people coming here and posting garbage like on that link that the OP posted, and then as BFK, as I will call him said, seeing people come here with UAC and DEP disabled and having to clean up that mess that people have as a result of UAC and DEP being disabled.

What I would like to really say, would get me in to trouble.

As a result of my having UAC, and DEP enabled for IE7, Vista 64, and having XD Technology, which is hardware DEP enabled, along with my internet security package, I have avoided a lot of junk.

I'm no expert on computer security or Vista, but I do get sick and tired of people coming trying to convince other's not to use UAC, and then come back when they have a various or other malware problem, because somebody got stupid and disabled UAC and DEP.

Sorry i am not a ms bashingtroll, just trying to discuss things somewhat reasonably. For those concerned with security it should be imho more prudent to not to rely on security measures in a general purpose OS too heavily. Logically in such a system they are the lowest common denominator between usability and security.

What is said and properly so is that the basic design of general purpose os's is flawed as far as security risks go. I am just conscious of the observed fact in my surroundings that there is a certain tendency to just accept that current level of protection in (mostly) vista is failsafe. Like, oh well i have dep and uac so i'll go take a nap.

I am of the opinion that proper security is not solely enforced but enlightened. Proper education, instruction and a modicum of enforced control are maybe more labourintensive but in the long run less frustrating

It would be maybe better not have pavlovian reactions such as written further on it serves no real purpose and just makes the thread degrade into a waste of time.

Then PLEASE, stop wasting our time ...











Later Ted

I wasn't talking about you Petrossa....I was talking about the IBM and VMWare researchers who would rather cause FUD (Fear, Uncertainty, Doubt) about Microsoft and mainly all about Vista...when the OS security issues they have raised affect all Operating Systems (Linux, OSX, and Unix) by means of physical access and will not affect anyone


A waste of time is saying I should not have a quote "pavlovian" (fixed behavioral reaction) to discuss and write about a Vista article on a Vista discussion forum when you posted it here for others to discuss

I just mentioned my thoughts on the article because its factually incorrect and has no remote security threat plus it looks purly designed to attract publicity by only attacking Microsoft using a physical method of exploit that affects every Operating System

and i wasn't talking about you there Dmex .
More about the angry attacks in the rest.

I also believe ( when i saw IBM as source) it's using a general problem as FUD to bash MS.

But what i wanted to introduce, as in the last discussion which also got polluted, is a sane discussion about security measures. As, unfortunately, MS did choose to patch rather then rebuild Vista, i believe that one should consider other ways of security then to rely on the stopholes introduced with uac and dep.

Imho it gives a false sense of invulnerability which can (and will) leave systems with vistaclients wide open to another (i am very sure) attack bypassing those protections.
Your argument that they need physical access is (perhaps) true at the moment but one day or another the obligatory government backdoors are going to be found, or some adolescent with to much time on his hands finds a similar way in.

The whole point of my opening this thread is to have a discussion about ways to secure systems other then just adding yet another stopgap.

One must be able i hope to rationally discuss these things. I come here because i found this forum to be populated by professionals mostly, why not have a professional, courteous discussion?

While I applaud your intentions petrossa, you must also remember the adage "The road to HE|| is paved with good intentions." Posting an article like that in a forum dedicated to serving the Vista community will almost always be regarded as inciting, as much so as Everlong18's current avatar would have some Apple owners in uproars if he were to use it in an Apple dedicated forum.

Having a discussion on security is a good thing - but where do you want to start? More to the point, *what* do you want to discuss? Laying down the foundations of what you want rather than just posting an article would be of muc hmore use to the forums, and would engender much more (civil) discussion.

And, don't worry, even though I love my Vista, I am weilding a nice, sharp knife to cut out posts that get too fan-boyish.