Vista Paved The Way For Secure Windows, Microsoft Says

[Infiltrator]

IDG News Service - Despite being widely derided (even by Microsoft executives), the Vista OS was instrumental in finally bringing to the world a secure version of Windows, at least if a presentation by a Microsoft security expert at the Usenix Security Symposium, being held this week in Washington, D.C, is any indication.

And it was the most widely hated feature of Vista -- User Access Control (UAC) -- that can take the credit.

It was all the users complaining about the annoying UAC pop-up boxes that finally spurred many application developers to rewrite their programs, explained Crispin Cowan, a Microsoft senior program manager for the Windows core security team.

These programs were rewritten so that they did not require full administrative privileges to run, which, in turn, cut down on the UAC boxes and allowed users to slowly grow more comfortable running in more limited, but safer, user modes.

"The purpose of UAC was to move applications away from using administrative privileges. Its job was to spank programs that used administrator that don't need to," Cowan said.

UAC, in effect, caused a "massive decimation of the population of ill-behaved [Windows] programs," he said. "The number of programs asking for admin rights dropped precipitously."

Cowan's talk was an extended argument on why Windows 7 is as secure as Unix variants such as Linux. And this security parity came about, in his view, in large part thanks to the fact that Windows Vista was the first desktop version of Windows to not, by default, give each user account full administrative privileges.

Windows' reputation for lousy security has been fully deserved, Cowan admitted. Even today, the most widely used version of Windows is Windows XP, which was built in 2001, and lacks most of the security provisions needed for today's environments (though Service Pack 2 added a lot of security features, he said).

Early versions of the Windows OS stressed usability over security, as well as interoperability among different programs, Cowan said. As a result, Windows allowed every user to have full control over the machine, in effect giving each user account full administrative control over a machine.

"If you are running as administrator, security is fairly hopeless," he said. Unfettered administrative rights is what allowed malware and viruses to take control of computers.

Beginning in 2002, however, Microsoft started making security an essential part of software development. As a result, the then next version of Windows, Vista, featured a total separation between what a user can do on a machine and what an administrator can do, a separation that has always been enforced on Unix distributions.

This separation, enforced by UAC, limits the damage that a user can do to a machine.

UAC could be seen as the Windows equivalent to the Unix sudo command, Cowan explained. Sudo allows a user to execute privilege tasks only after supplying an administrator, or root, password. Some Linux distributions, such as Ubuntu, do away, at least out of the box, with root accounts altogether, relying entirely on sudo.

Many users chafed at using UAC, however. Every time a program would require full administrative rights to run, a UAC box would pop up on the screen, asking the user for permission.

The annoyance of UAC actually proved to be beneficial over the long run, Cowan explained, because it reduced the number of applications that required administrative rights.

In many cases, programs did not need administrative permissions at all. Many Windows programs were designed to write their configuration data to the system registry, when it could as just as easily be stored in user folders.

Over time, application developers got the message from all the user complaints. Using anonymous telemetry data, Microsoft estimated that the number of Windows applications that required user access dropped from approximately 900,000 to 180,000.

While Vista got the bad reputation for user-hostility, Windows 7 made UAC more user friendly without relaxing the strict divide between user and administrator. This OS offered auto-elevation, in which a limited number of Microsoft pre-approved programs could get administrative access without the annoying user prompts. It offers a sliding UAC scale, so users can pick the level of restriction for their applications. Windows 7 also established virtual accounts so individual applications could get their own user accounts, Cowan said.

After the talk, one audience member said he agreed that UAC probably did encourage application vendors to rewrite their programs, but wondered if that was really Microsoft's goal in the first place, given the amount of user dissatisfaction it caused. Cowan himself admitted, when discussing browser security, that "Prompts are not purely evil. Prompts in which the answer is almost always 'yes' are evil."

UAC was one of a number of features that, Cowan said, brought Windows to security parity with Unix. The other features include a built-in firewall and the signing of 64-bit kernel drivers. In some cases, he argued, Windows now has security features that aren't even found in most Unix distributions, such as network access protection, memory address randomization, and data execution prevention.

"Unix had a very large security lead. Since then, Microsoft has closed the gap on every front and in some cases exceeded Unix security," Cowan said.

Source:http://www.computerworld.com/s/article/9180614/Vista_paved_the_way_for_secure_Windows_Microsoft_says?taxonomyId=122&pageNumber=2

Edited October 5, 2010 by Infiltrator

[Infiltrator]

I was quite suprised when I read this comment made from Microsoft Senior Program Manager:

Cowan's talk was an extended argument on why Windows 7 is as secure as Unix variants such as Linux. And this security parity came about, in his view, in large part thanks to the fact that Windows Vista was the first desktop version of Windows to not, by default, give each user account full administrative privileges.

[digip]

The OS in use is only as secure as the user using it at any given point in time. With that said, XP can be as secure as Unix if you know what you are doing. I'm Not saying it isn't vulnerable to malware or its fair share of network attacks and 0-days, it definitely had its shortcomings over the years, but holes people go after in windows are because its the most widely used consumer, and business OS there is and if you want to access something of value, you need to attack the system the valuables are on.

I don't care how secure something is touted to be, with the right user (or wrong, depending on how you look at it) at the keyboard, any system can be compromised by them using it. Most of the time its human intervention that enabled a system to be attacked in some manner. Whether its a misconfiguration, turning services or features off, or just bad surfing habits, people who use windows at home or the casual web surfer usually don't know much about securing their machines nor even care to think about it. They just want it to work.

Unix users, by nature, are generally more aware of things because of the environment of the OS itself and how the user is forced to interact with it. I think most home users who use windows wouldn't even know where to begin with unix, and its that drastic contrast that you have to consider with respect to security. People want to point and click and not have to think about how shit works, or what happens when I do a,b and c. They just want results and to be entertained by what they see on the screen. Unix forces you to dig in your heels and think about how shit works, and if anything, you'll spend most of your time reading or searching google for answers on how to do something in unix because it is its own thing. Compared to the world of windows point and click, I'd say it could be just as "insecure" as windows. Its all relative to who is using it, and how its being used.

0-days do happen, and they hit all OS's across the board, but if you look at the history of unix and the number of bug fixes put out for it, they would equal if not out number windows just because of how long its been around and in use. If windows was around that long, it would probably be even more secure, but only as secure as the person sitting at the keyboard, and how aware or involved they are with security in what and how they manage their machines.