What do you think of this article that claims 7 is less secure than its predecessor?
According to Genes, Microsoft sacrificed security in order to make the OS more user friendly. Some tough design decisions were made for the development of Windows 7 to make the User Account Control (UAC) more fluid and flexible. As a result the OS has more number of security holes than a Swiss cheese. "I'm not saying Windows 7 is insecure, but out of the box Vista is better," Genes told The Register.
What I don't understand is how improving the interface workflow would make a system less secure. Doesn't the Action Center, a system icon that unobtrusively notifies people of potential security holes, cover everything, at least similar to Vista? /mini-rant
The second Tuesday of each month MS supplies a long list of OS updates which are essentially security related. Performance related updates are few. I'd would think Windows 7 SP1 will be stacked high with security related patches. Be interesting what performance issues will be addressed with SP1 when it arrives. Of course Windows 7 is more secure out of the box than it's OS predessors. And no security update from that point on would be omitted. Remember Windows XP SP2? That SP2 baby carried in full force the previously missing 'XP Security Center. Man was that thing patched to death over the next seven or eight years. 8) Companies like Symantec, etc. made buku bucks over it.
I'm actually a little concerned about UAC. Windows 7, in an effort to reduce the number of UAC prompts, has marked certain Windows components as "trusted" - these components can auto-elevate their privilege level without issuing a UAC prompt. I don't fully understand the underlying mechanisms, but I do know that malware can use this to gain elevated privileges by using such DLLs in an "injection" attack (see: this page)
Microsoft has stated that UAC itself is not a defense against malware. But in the XP days I used to use a nonprivileged account for my regular work, and there was NO way to get elevated privileges without specifically asking to run something as an administrator and entering a password. I'm actually considering turning UAC off altogether in the hopes that this would be equivalent to the separation of security levels that was provided by XP.
I'm not trying to say that as a whole XP is more secure, it's just that the whole concept of auto-elevation of rights is a facility in Vista / Windows 7 that XP didn't have. This concept is a good one for idiots who regularly use administative accounts to do their work, but for security-conscious people with the wisdom to use unprivileged accounts it seems to me like it's providing a new hole for malware.
UAC? How many of you use UAC (User Account Control)? I turn it off and have never had a problem in doing so.
Tasks that trigger a UAC prompt:
Running an Application as an Administrator
Changes to system-wide settings or to files in %SystemRoot% or %ProgramFiles%
Installing and uninstalling applications
Installing device drivers
Installing ActiveX controls
Changing settings for Windows Firewall
Changing UAC settings
Configuring Windows Update
Adding or removing user accounts
Changing a user’s account type
Configuring Parental Controls
Running Task Scheduler
Restoring backed-up system files
Viewing or changing another user’s folders and files
Running Disk Defragmenter
The owner of a PC needs to be reminded they are about to perform these tasks on their machine? Turn off UAC, I did and I have never experienced a single problem in doing so. Thank god for the disable UAC option. The idea of 'trimming' Windows 7 UAC's function to where the utility is not prompting for elevated privelege when running the Disk Defragmenter is a great, uhmmmmmm idea.
vistas constant nagging (allow this?) is what made it so secure and annoying at the same time, in an attempt to make it less annoying win 7 doesnt nag, but more things can occur in the background without the users knowledge, thats all, personally i love win7, and since im using x64, its like im invincible, i dont even have an antivirus, and i just go around openig unknown .exes for fun
If you lock it down and force users to run in normal mode, then you have to provide dialogue boxes for any/all actions which may impact on security. As shown by the uncountable number of rants against Vista, the user base HATE this with an undying passion. Despite whatever security concious users/experts may opine. Whether or not it's really is better. Whether or not it is more secure. They HATE it. Why? Because XP defaulted to full privs and so the only place people had to do that was at work (in which case they more tha likely had to call IT to do it for them anyhow). For the better part of a decade, users were allowed to do whatever they wanted on their computers, and almost without question.
Security guys like it. The Users (you know - the one's who actually pay for the product) hate it, and screamed "..it's *MY* computer, that *I* paid for, with *MY* money, and how dare you ba$tardS at MotherF()%*()$&ing Micro$$$$oft interfere with *MY* computer, that *I* paid for, with *MY* money..." etc etc etc....
One of these groups has "The Money", and the other one does not.
Microsoft changed UAC so it was less obtrusive. Yes, it's less secure by default, but that's because the USERS demanded it.