Vista Security - A little info on it

Status
Not open for further replies.

riser

Illustrious
Vista Group Policy (GPO) and Security

I found this link out there to help people understand the security benefits of Vista over XP.

A lot of people think Vista and XP are the same.. but the major change has been in Security. Vista has almost 3,000 group policies that can be configured to secure your system. I'm not aware of what XP has at this point though.

Notice in the link, the security is available really only on the Business class OS, not on the Home version.

Vista is geared to securing Business/Corporate PCs.. that's the major benefit we currently are seeing with Vista over previous Windows versions.

Read up on it and if you're in a company, you'll see the benefits and the direction that Microsoft is heading to. Note, this mainly requires some form of centrally controled management, ie Active Directory.
 

Oatmealsoup

Distinguished
Mar 11, 2007
29
0
18,540

Vista is geared to securing Business/Corporate PCs.. that's the major benefit we currently are seeing with Vista over previous Windows versions.


There currently aren't any security benefits to Vista clients when compared to patch current XP clients. If anything, the opposite is the case.

If I was trying to sell a Vista upgrade to an enterprise based on increased security potential, I'm sure I could. If I was consulting and being compensated on actual functional security there's no way I'd advise migrating to Vista now. None.
 

riser

Illustrious

Vista is geared to securing Business/Corporate PCs.. that's the major benefit we currently are seeing with Vista over previous Windows versions.


There currently aren't any security benefits to Vista clients when compared to patch current XP clients. If anything, the opposite is the case.

If I was trying to sell a Vista upgrade to an enterprise based on increased security potential, I'm sure I could. If I was consulting and being compensated on actual functional security there's no way I'd advise migrating to Vista now. None.

No, there are. As an administrator of Vista you have more control to lock down Vista than you can over XP. I have more control to limit what a user can and can not do, what a virus can and can not do based on security.

I can control all these little aspects of Vista that XP started to show full features over.

So yes, there is a big security improvement with Vista over a patched version of XP for Administrators.

I have access to 3,000 things I can set on Vista alone via Active Directory in corporate.

XP doesn't offer that much, nor does it offer the ability to grant selected administrator access like in Vista. So again, Vista has more security and when locked down properly by an Administrator via AD, it is more secure.
 

Oatmealsoup

Distinguished
Mar 11, 2007
29
0
18,540

No, there are. As an administrator of Vista you have more control to lock down Vista than you can over XP. I have more control to limit what a user can and can not do, what a virus can and can not do based on security.


That's simply untrue. What you have are, essentially, more cosmetic options. You absolutely don't have more control over attack vectors.


I can control all these little aspects of Vista that XP started to show full features over.


Again, this is simply false. You can control the cosmetics, but I can still attack administrator level processes in literally dozens of ways regardless of what cosmetic setup options you choose.


So yes, there is a big security improvement with Vista over a patched version of XP for Administrators.


There simply isn't. I'm not sure what you do, but I can't imagine it's enterprise security consulting. If you really want to get into a mundane nuts and bolts discussion of why Vista isn't any more secure, we certainly can, but it'd be interesting to see you back up your opinion of an example of something that actually increases security at all.

Having more options doesn't make a system more secure. A tissue paper wall that you can set to be between 1 inch and 1 foot thick and chose among 19 million colors of tissue paper isn't better protection against a hammer than a 2 foot thick brick wall that can only be red.


I have access to 3,000 things I can set on Vista alone via Active Directory in corporate.


Again, this doesn't relate to security. It relates to cosmetics. If the topic were regarding Vista clients being easier to administer or something, this would be worth citing, but it wasn't. It was about security. As I said previously, from a marketing standpoint I could absolutely sell Vista as more secure, and to someone who hadn't spent a great deal of time dissecting the actual functional utility of Vista security it'd likely be an easy sale. The reality, at present, though is that it simply isn't any more secure than XP. Given certain structural changes in Group Policy Serving, specifically, it is in many ways much less secure.


XP doesn't offer that much, nor does it offer the ability to grant selected administrator access like in Vista. So again, Vista has more security and when locked down properly by an Administrator via AD, it is more secure.


I hate to just keep saying "No, that's wrong," but, no, that's wrong. If you'd like to cite specific cases where you see Vista being more secure, I'd be happy to discuss those in more detail. Currently, with all due respect to your opinion, all you've argued is "I have more options as an admin, therefore it must be more secure" which I think we'd both agree is a little silly.
 

pkellmey

Distinguished
Sep 8, 2006
486
0
18,960
There are both corporate test and government test white papers (I'm thinking of DISA specifically) on the increased security on the new kernel, especially that it is specifically not an XP+ kernel build. If your argument is that it can still be attacked, sure. It is generally more secure, but certainly still has open vulnerabilities (like most MS products). The ability to use native OS tools to better analyze performance monitoring, security logs and reports, and to have finer detail control of such things as firewall configuration does make it a more secure OS (again, using only native OS tools). It may not be water-tight security, but I know from fed government testing that it is, in fact, considered more secure than XP in the security industry. The only valid argument is what "more secure" really means when your OS is a target of a determined intruder - but that is a whole other argument entirely.
 

Oatmealsoup

Distinguished
Mar 11, 2007
29
0
18,540

There are both corporate test and government test white papers (I'm thinking of DISA specifically) on the increased security on the new kernel, especially that it is specifically not an XP+ kernel build. If your argument is that it can still be attacked, sure. It is generally more secure, but certainly still has open vulnerabilities (like most MS products). The ability to use native OS tools to better analyze performance monitoring, security logs and reports, and to have finer detail control of such things as firewall configuration does make it a more secure OS (again, using only native OS tools). It may not be water-tight security, but I know from fed government testing that it is, in fact, considered more secure than XP in the security industry.


The kernel is 'more secure' because of patchguard removing the ability to use API hooks into kernel processes. It also makes the OS in general much less secure in real world usage.

I suspect you knew that already though.

Unfortunately, what patchguard actually does is make successful attacks on the vista kernel just much much harder to detect in real time.
 

riser

Illustrious
While you speak of security from an outside coming in, you also need to realize that security from the inside or other problems.

Installing screen savers, installing other little cosmetic programs. There is far more things to lock down to cause less problems.

Aside from that, more security and control over users changing the settings on their computer to cause problems.

Flat out, without argument, Vista gives you more control than XP. Vista has a stronger security setup. Blackhat even approved of the Vista Security over XP.

I will take their expert opinion over yours any day.
 

joke

Distinguished
May 15, 2005
249
0
18,760
If you really want to get into a mundane nuts and bolts discussion of why Vista isn't any more secure, we certainly can
OK, I will ask. I'm in no way an enterprise security consultant but will keenly listen to your claim. Specifically I'd like to hear about 'much less secure'...

Given certain structural changes in Group Policy Serving, specifically, it is in many ways much less secure.
thanks.
 

Oatmealsoup

Distinguished
Mar 11, 2007
29
0
18,540

Flat out, without argument, Vista gives you more control than XP


Out of the box? Yes. In real world use with third party security applications locking XP down? No, and it's not close at all.



Flat out, without argument, Vista gives you more control than XP. Vista has a stronger security setup. Blackhat even approved of the Vista Security over XP.


Really? You must have attended a different conference than I did.
 

riser

Illustrious
No sh*t Sherlock, if you start using 3rd party applications you'll gain control. We're not talking about that. We're talking XP vs Vista. Give companies time to create 3rd party apps and it will change.

That's the stupidest thing I've heard all week. No joke something that has additional applications created for it is going to have an upperhand for the time being. We're comparing apples to apples here. You're reaching for anything.

Blackhat was given Vista to run through the tests. It was a huge promo by Microsoft. After some time, Blackhat came out and endorsed it as the most secure out of box Windows OS to date. (Which means its more secure than XP out of the box)

Again, instead of saying "no" why don't you provide something to back your claims up? Provide me a legitimate link or something that shows that XP is more secure than Vista.. without using 3rd party apps.

We're talking the OS here, now other applications that create faults.
 

groggyfroggy

Distinguished
Apr 11, 2007
5
0
18,510
No sh*t Sherlock, if you start using 3rd party applications you'll gain control. We're not talking about that. We're talking XP vs Vista. Give companies time to create 3rd party apps and it will change.

That's the stupidest thing I've heard all week. No joke something that has additional applications created for it is going to have an upperhand for the time being. We're comparing apples to apples here. You're reaching for anything.

Blackhat was given Vista to run through the tests. It was a huge promo by Microsoft. After some time, Blackhat came out and endorsed it as the most secure out of box Windows OS to date. (Which means its more secure than XP out of the box)

Again, instead of saying "no" why don't you provide something to back your claims up? Provide me a legitimate link or something that shows that XP is more secure than Vista.. without using 3rd party apps.

We're talking the OS here, now other applications that create faults.

Okey dokey...from March 19th: "Microsoft partner: Vista less secure than XP"

oh...and here's some more fodder for you, since you're such a smarty pants. My favorite quote from that article is: "I would claim it's not even as secure as another operating system from Microsoft; namely the operating system inside the Xbox 360." Hilarious!

Lastly, here's some info on Vista's new security "features" actually just spyware in disguise. "Updates" are now mandatory and will disable anything on your machine MICROSOFT doesn't like??? You can THAT security? Hogwash.

You post has to be the stupidest thing I've read all week.
 
From your first article, which you probably didn't bother to read past the Kapersky part:

Security company Kaspersky claimed that Vista's User Account Control (UAC), the system of user privileges that can be used to restrict users' administrative rights, will be so annoying that users will disable it.

Natalya Kaspersky, the company's chief executive, said that without UAC, Vista will be less secure than Windows XP SP2.

Now, to me, that says Vista is in fact more secure out of the box than XP SP2; but if users disable UAC, then THAT will make it less secure. Such a glaring discrepency made me decide that your other links probably aren't even worth looking at.

But, just for sh!ts and giggles, I did anyway...

From your second link:

It may be more secure than other versions of Windows, they said, but there are older operating systems that are still safer.

Others said that its security rested on how people use the new system rather than on any individual technology.

There is also evidence that malicious hackers are refining attacks to cope with the changes Vista makes.

Do I even need to point this out? If you were hoping these articles would make your case, you're sadly mistaken.

As for the third link... it sounds a lot like another article that was posted a few billion times then proven to be not quite as credible as the author wanted us to believe.

"Updates" are now mandatory and will disable anything on your machine MICROSOFT doesn't like???

I still have yet to see one valid case of this occuring. Until I see the proof, this is yet more FUD that people just love spreading when it comes to MS.
 

Oatmealsoup

Distinguished
Mar 11, 2007
29
0
18,540

That's the stupidest thing I've heard all week.


Give reading your own posts a shot.

Anyway, I'm done with this topic. I don't argue religion when I can avoid it, and your unshakable faith that Vista's more secure than XP offers no reward for me changing it. My clients won't be deploying Vista until it offers comparable real world security as compared to their current XP networks.

I couldn't care less what other companies do.

Good luck.
 

riser

Illustrious
Try reading the link I posted before you jump in spouting your opinions.

I never said to deploy it. I just said its more secure out of the box. You argue without knowing what you're trying to argue about.
 
Status
Not open for further replies.