In the new issue of the free (IN)SECURE Magazine read an article on Vista’s security features, an interview with Ed Gibson (the Chief Security Advisor for Microsoft UK), a look at the new format and new protection/security policy in Office 2007, and an interview with Joanna Rutkowska, the security researcher in the news lately for discussing the ‘very severe hole’ in the design of UAC.
And again everyone is surprised by this? WHY? Every new release of a Microsoft Operating System is released as “teh most secure evah!” and then we get slapped across the face with some old bug from 1987* or so…
–bornagainpenguin
*slight exaggeration I know, but how often do we hear about a flaw and then discover its more or less the same unpatched flaw from several years ago? That has persisted in multiple versions of Windows? WMF flaw anyone?
Server 2003 wouldn’t fit that exaggerated blanket statement.
Yeah, but that’s what? One OS out of how many Microsoft releases? Haven’t you ever heard the phrase “the exception which proves the rule” before?
–bornagainpenguin
Except other than Vista it’s the most recent. Vista is yet to be properly judged despite all the pro-Linux “reviews”.
No, I’ve never heard of that phrase.
UAC is a consent model. It’s no different than doing “su command” on ‘nix.
“UAC is a consent model. It’s no different than doing “su command” on ‘nix.”
That’s right, but it won’t stop “Vista” users from clicking “Yes to everything” and so having all operations done as “root”, which we all know can be very dangerous in UNIX and Linux.
Maybe security barriers should be more complicated, but this would lead users to complain “It’s to complicated!” and staying with “Windows XP” or something older.