Vista paved the way for secure Windows, Microsoft says
IDG News Service - Despite being widely derided (even by Microsoft executives), the Vista OS was instrumental in finally bringing to the world a secure version of Windows, at least if a presentation by a Microsoft security expert at the Usenix Security Symposium, being held this week in Washington, D.C, is any indication.
And it was the most widely hated feature of Vista -- User Access Control (UAC) -- that can take the credit.
It was all the users complaining about the annoying UAC pop-up boxes that finally spurred many application developers to rewrite their programs, explained Crispin Cowan, a Microsoft senior program manager for the Windows core security team.
These programs were rewritten so that they did not require full administrative privileges to run, which, in turn, cut down on the UAC boxes and allowed users to slowly grow more comfortable running in more limited, but safer, user modes.
"The purpose of UAC was to move applications away from using administrative privileges. Its job was to spank programs that used administrator that don't need to," Cowan said.
UAC, in effect, caused a "massive decimation of the population of ill-behaved [Windows] programs," he said. "The number of programs asking for admin rights dropped precipitously."
Cowan's talk was an extended argument on why Windows 7 is as secure as Unix variants such as Linux. And this security parity came about, in his view, in large part thanks to the fact that Windows Vista was the first desktop version of Windows to not, by default, give each user account full administrative privileges.
Windows' reputation for lousy security has been fully deserved, Cowan admitted. Even today, the most widely used version of Windows is Windows XP, which was built in 2001, and lacks most of the security provisions needed for today's environments (though Service Pack 2 added a lot of security features, he said).
Early versions of the Windows OS stressed usability over security, as well as interoperability among different programs, Cowan said. As a result, Windows allowed every user to have full control over the machine, in effect giving each user account full administrative control over a machine.
"If you are running as administrator, security is fairly hopeless," he said. Unfettered administrative rights is what allowed malware and viruses to take control of computers.
Beginning in 2002, however, Microsoft started making security an essential part of software development. As a result, the then next version of Windows, Vista, featured a total separation between what a user can do on a machine and what an administrator can do, a separation that has always been enforced on Unix distributions.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- 9 Essentials for a Complete Cloud-to-Cloud Backup Solution In 9 Essentials for a Complete Cloud-to-Cloud Backup Solution, we'll walk you through potential sources of data loss in the cloud and provide...
- Workload Change: The 70 Percent of Your Business DevOps Forgot Adding WLA early in the development process ensures that the benefits of DevOps accrue for all applications, including your batch services. This paper...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Protecting Critical SaaS Data Before It's Too Late In this webinar, you'll hear how to avoid SaaS data loss through best practices from a panel of experts. All Operating Systems White Papers | Webcasts