Info for Vista users. - DFWstangs Forums
 
LinkBack Thread Tools Display Modes
post #1 of 6 (permalink) Old 06-07-2008, 12:19 PM Thread Starter
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Exclamation Info for Vista users.

http://billpstudios.blogspot.com/200...re-secure.html

Wednesday, June 04, 2008
Is Vista Really More Secure?

First, I’ll admit as much as I’d like to be, I’m not a fan of Vista. I do find myself saying that Vista is more secure and that’s not a bad thing. I’ve noticed that most people associate the increase in security to User Account Control. There’s actually more to Vista security than UAC.



Everyone loves to hate User Account Control because it’s so annoying. Ars technica recently referred to WinPatrol as being UAC for Windows XP which motived me to create some new annoy-proof features. (Coming soon). I was pleased to see that even Vista evangelist Ed bott recently wrote “How Microsoft can fix UAC”. Ed pointed to comments by Sunbelts Software’s Alex Eckelberry who shares my own “cry wolf” fears with UAC. “Since over 80% of all infections are based on social engineering, the popups should focus on that weak point.”



Social engineering is when users are tricked into doing something and end up installing malware that they never wanted. I’ve mentioned many examples of social engineering but my favorite is the hacker who would leave a floppy disk with a virus/worm on it laying around at a company he wanted to infiltrate. On the label of the floppy disk, he hand wrote the words “Employee Salaries”.



Since social engineering isn’t addressed in Vista, is Vista really more secure?



Symantec recently published a number of papers on Vista security. While their work was balanced they weren’t shy pointing out some problems. For instance, most of the code that makes up Vista includes a compiler feature called GS Stack Protection which prevents a popular hack called “Buffer Overflow”. According to Symantec researcher Ollie Whitehouse “~150 binaries under the C:\Windows directory that do not contain GS protected code.”



According to AV-test.org, UAC stops many rootkits from being installed, and I know Microsoft takes these infiltrations seriously. One of my friends at Microsoft once told me, “They(root kits) scare the bejebers out of us”. Kernel Patch Protection prevents programs from hooking into the guts of Windows and is critical in the prevention of root kit infiltrations. Unfortunately, KPP only works with Vista x64 and breaks attempts at protection from many other security vendors. Thankfully, it’s not a problem for WinPatrol.



Microsoft also considers Windows Auto Update to be a security feature. They recommend users allow auto updates and when new security patches are available on Tuesdays, Windows users are automatically saved from possible threats by newly discovered vulnerabilities. If you’re a regular Bits from Bill reader you’ll know how I feel about auto updates. They’re just plain evil.



Vista Ultimate includes a feature called BitLocker. Essentially, this feature encrypts all data stored on your hard drive. This method has already been hacked by researchers at Princeton and sadly reminds me how much success I had with early Microsoft disk compression. I’ll pass for now.



Microsoft’s Strategy Director Jeff Jones recently published his “Windows Vista One Year Vulnerability Report” and the results show “Windows Vista has an improved security vulnerability profile over its predecessor.”

Windows Vista had 30% fewer Security Bulletins than Windows XP

Windows Vista had 20% fewer vulnerabilities than Windows XP

Windows Vista had 28% fewer Critical and Important vulnerabilities than Windows XP

26 vulnerabilities on Windows Vista are less severe for any users running as standard user.


So, it appears for the 20% of non-Social Engineered vulnerabilities Vista has an advantage. Unfortunately, it’s still not enough for me. As long as any vulnerabilities are being found I’ll continue to be on watch using my favorite protection programs.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
Sponsored Links
Advertisement
 
post #2 of 6 (permalink) Old 06-07-2008, 12:55 PM
Lifer
 
ozzeran's Avatar
 
Join Date: Jun 2001
Location: Arlington, Tx
Posts: 6,165
Ok? Yes Vista is more secure, but it's a freaking memory hog

I've been reading some Vista stuff lately and it's pretty interesting the steps they are taking to prevent malware etc...

As for social engineered Vulnerabilities, LMAO, those are n00bs that fall for that shit

ozzeran is offline  
post #3 of 6 (permalink) Old 06-07-2008, 02:25 PM Thread Starter
Rockin' da fumanchu
 
Join Date: Nov 2005
Location: On the straight and narrow,stumbling at best, only by Gods grace.
Posts: 7,224
Quote:
Originally Posted by ozzeran
Ok? Yes Vista is more secure, but it's a freaking memory hog

I've been reading some Vista stuff lately and it's pretty interesting the steps they are taking to prevent malware etc...

As for social engineered Vulnerabilities, LMAO, those are n00bs that fall for that shit
If I understand correctly, the memory usage is due to Microsuck trying to mimic Apple via prefetch. It loads apps. into memory for quicker execution.





Listen to my buddy, Jeff Bolton, from 6-9 AM Mon-Fri.

Obamanomics = Trickle Up Poverty

Think you need to format/reinstall your OS(XP), read this first.
Tx Redneck is offline  
 
post #4 of 6 (permalink) Old 06-07-2008, 09:25 PM
Lifer
 
ozzeran's Avatar
 
Join Date: Jun 2001
Location: Arlington, Tx
Posts: 6,165
Quote:
Originally Posted by Tx Redneck
If I understand correctly, the memory usage is due to Microsuck trying to mimic Apple via prefetch. It loads apps. into memory for quicker execution.
yeah I was just reading how that worked earlier, lol guess it's a good theory, but not sure if it's executed perfectly yet.

ozzeran is offline  
post #5 of 6 (permalink) Old 06-08-2008, 04:14 AM
¯\(º_o)/¯
 
AbecX's Avatar
 
Join Date: Nov 2001
Location: Las Colinas
Posts: 25,373
Because like 10 people run vista there is less vulnerabilities.

AbecX is offline  
post #6 of 6 (permalink) Old 06-08-2008, 11:14 AM
duh...duh....duh
 
ceyko's Avatar
 
Join Date: Aug 2004
Location: ES BEER
Posts: 9,543
Social Engineering is probably a security person's greatest threat. Why? Cause 99% of the people out there are suckers for it. Hell, I'm not a social engineer - and I use it to gain access to places I have to work from people who should not give me access.

However, I'm not 100% sure I agree with it being the OS's job to stop social engineering as they refer to it. Installing bad apps...etc Seems more like a company policy thing with users being restricted and have to deal with it.

9 times our of 10, it is companies not having the balls to enforce their own rules that makes the vulnerable to social engineering things.

My '03 Sold.
ceyko is offline  
Sponsored Links
Advertisement
 
Reply

Bookmarks

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DFWstangs Forums forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes
Linear Mode Linear Mode



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome