New to Vista? Wondering what's so special about Vista?

Discussion in 'Installation & Compatibility' started by Jason, Jun 8, 2007.

  1. Jason

    Jason

    Joined:
    Sep 26, 2005
    Messages:
    2,081
    Likes Received:
    0
    Location:
    Chicago,IL
    <H2>A new approach to Windows security
    </H2>

    Over the years, much has been made of Windows' security or (perceived) lack thereof. Though Microsoft's record has certainly improved in recent years, many industry observers feel that the company could do more. So Vista does more, both to address old-fashioned security issues like buffer overflows and more recent "innovations." Especially significant is the modern phenomenon of spyware, and some of the much less modern phenomena such as rootkits that go along with it. Vista's most obvious, noticeable measures are aimed at just this kind of problem.

    A user may install a program that appears innocuous enough—maybe a peer-to-peer filesharing program, or a cute purple animated character, or an audio CD—and then find that the browser has had its homepage changed,all actions on the Internet are recorded and distributed to third parties, and hidden software has been installed that preventsripping CDs.

    The big problem here is that many users, especially home users, have user accounts with Administrator privileges. To a certain extent, this is hard to avoid; they really are the administrators of the systems, so such privileges are not inappropriate. Though one could run as a non-Administrator in Windows XP, changing to an Administrator only when absolutely necessary, it's arguably not very convenient to do so. Programs might unexpectedly or unreasonably demand Administrator privileges due to poor coding. Many kinds of software demand Administrator privileges to install—many games, for example, require Administrator privileges so that they can install supposed "anti-piracy" drivers, meaning that the user has to change identity (logging in as someone else, using RunAs, etc.) quite often. <H3>User Account Control</H3>

    To address this issue,Vista has a feature called User Account Control (UAC). With UAC operational (which it is by default), anyone logged in as an Administrator has a kind of "dual login." The operating system maintains two sets of access rights and privileges—one set for a standard user, who has no special abilities, and one for the administrative user, with all the power that entails. By default, Vista uses only the first, unprivileged set of rights.

    In this way, the user, even though logged on as an Administrator, isn't actually more powerful than a regular user. When the user does something that actually needs Administrator privileges, the screen goes dark, and a dialog box appears to say that a program requires permission to perform some action. Users can then cancel the operation or allow it to proceed. If they choose to proceed, then they will temporarily use the set of administrative access rights for the duration of that operation. <DIV class=CenteredImage>[​IMG]</DIV><DIV class=CenteredImage></DIV><DIV class=CenteredImage>In this way, the user is generally protected against breaking the system (whether it be through deleting necessary files, reconfiguring important hardware, or installing something nasty) but has easy access to Administrator powers when needed.</DIV><DIV class=CenteredImage></DIV><DIV class=CenteredImage>Just how effective this is at safeguarding users remains to be seen. If users deliberately choose to download the installer to a program and run it, it seems likely that they'll be happy to elevate their privileges when prompted to do so. In this sort of situation, the UAC prompt asks them only to confirm what they've already chosen to do, and to install the program they have no choice but to accept the prompt. The entire motive behind UAC is to prevent the execution of un wanted process's.</DIV><DIV class=CenteredImage><H3>Internet Explorer protected mode</H3>

    Internet Explorer is, of course, a particularly vulnerable application. This is not to say it's badly written (it might be, it might not be,
     
    Jason, Jun 8, 2007
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.