Welcome to Vista Banter. You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact contact support. |
|
Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security) |
|
LinkBack | Thread Tools | Display Modes |
|
|||
VISTA SECURITY
I know I will be "flamed" out of this Vista discussion group but I feel I
must add my comments. RC1 sets up fine with a Clean Install on a fairly modern machine using up to date ancillary software. HOWEVER: 1. How many "Joe Six Pack" Windows single machine users actually want to spend time "logging" into their personal machines ? 2. How many "average" Windows users have enough knowledge to actually "cut off" and "cut on" the security features they really need ? 3. How many "average" Windows users have enough knowledge to even know what the security setting's Terminology's mean ? 4. How many "average" Windows users, after purchasing their off the shelf machine, have the time or want to read a 2000 page Tec Manual or go to MS Tech Net just to be able to to use their new machine for its intended purpose ? 5. How many "average" Windows users know what Permissions are, UAC is, rundll does, WMI's function, what Active X controls are for, how the Registry is built, what Protocols, Ports, Tokens and Objects are, etc., etc..... just to name a few of thousands of computer related knowledge base items ? Like me, most in this discussion group have been around since Dos 1.0, build their own hardware and do some programming and experiment with different Operating Systems if not just for the fun of it. However, I would venture a guess that 95% of "average" Windows users have real computer work to accomplish daily and other outside hobbies besides IT experimentation and electronics plus really don't want to spent hours / days trying to figure out and configure there machines. On the other hand, most "average users don't won't to feel that they are are being treated as children and are being protected and saved from their own stupidy by a higher power either ! Vista seems to accomplish both goals. In my opinion, it is a "darn" shame for a company like MS to develop a common everyday product such as Vista that will take at least (8-12) hours (just a guess) to configure right out of the box which will then be useful for the "average" user in accomplishing what they purchased their computer for originally. My last comment concerns WPA, WGA and who knows what's to come. The "average" computer user knows nothing at all of what this is all about so there was no huge public out cry just as there will be none when Vista is released. Business monopolies can just about do as they please when there is no competition to speak of. And NO, Windows 98 was NOT the best version of Windows developed. Probably Windows 2000-SP4 was / is the fastest O/S, took the least time to configure with the least "fluff" and could be locked down tighter than a drum for net working. I won't even speak about Office 12 with its "comic book" interface. Regards, |
|
|||
VISTA SECURITY
Hello,
I know I will be "flamed" out of this Vista discussion group but I feel I must add my comments. Doubtful. However, since you posted to a discussion forum, I will discuss the topic with you. snip 1. How many "Joe Six Pack" Windows single machine users actually want to spend time "logging" into their personal machines ? I doubt it bothers them too much clicking their picture after the computer starts up. In fact, I bet they enjoying seeing the picture they chose. Those that don't will probably find out how to automatically log in if it bothers them that much. 2. How many "average" Windows users have enough knowledge to actually "cut off" and "cut on" the security features they really need ? They don't need to modify these settings unless they are directed by product support or someone technical because they are having a specific problem. They probably don't even know they're there. Moot point. 3. How many "average" Windows users have enough knowledge to even know what the security setting's Terminology's mean ? Why would they care? The UI they will want deal with are worded so that even a novice can understand them. If they are having a technical problem, they will need to contact product support or a technical fellow, as most average users do. 4. How many "average" Windows users, after purchasing their off the shelf machine, have the time or want to read a 2000 page Tec Manual or go to MS Tech Net just to be able to to use their new machine for its intended purpose ? They don't have to. 5. How many "average" Windows users know what Permissions are, UAC is, rundll does, WMI's function, what Active X controls are for, how the Registry is built, what Protocols, Ports, Tokens and Objects are, etc., etc..... just to name a few of thousands of computer related knowledge base items ? Why would they want to know stuff like that? They don't need to know that stuff. snip users ... don't want to spent hours / days trying to figure out and configure there machines. It comes configured out of the box for the "average user". On the other hand, most "average users don't won't to feel that they are are being treated as children and are being protected and saved from their own stupidy by a higher power either ! If you are referring to "Windows needs your permission..." and other security-related features, I don't see how you think this is treating the user like a child. Windows is asking the user what they want to do and allowing them to control whether a certain action is taken - where as before, Windows made the decision for the user. I see the average user being given more control over their computer than ever before. snip In my opinion, it is a "darn" shame for a company like MS to develop a common everyday product such as Vista that will take at least (8-12) hours (just a guess) to configure right out of the box which will then be useful for the "average" user in accomplishing what they purchased their computer for originally. Again, Vista comes pre-configured for the average user. My last comment concerns WPA, WGA and who knows what's to come. You never fleshed out this comment. What do you think is comming? All I see is Microsoft ensuring customers and OEMs are paying for their product. -- - JB Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
VISTA SECURITY
Jim,
Appreciate the reply. My post original was based on the fact that so many people have questions concerning setting up Vista secuity in the discussion group. Just read them. It appears that since the default settings for Vista security are ALL ON, many will have difficulty configuring their systems to do even simple tasks such as recieving E-mail with pictures or setting up the firewall for gaming past through, etc., etc...... Even my website gets a Vista warning with all the security cut on and my code validates perfectly except for the MS proprietary (margee tag) I use for scrolling text. Also some of the "fluff" needs to be removed, non essential Services cut off and the Registry Tweaked to speed up the O/S etc., etc...... I guess I could go on forever concerning O/S set up but time is limited. It appears you either work for MS or a big fan of their systems and business model. Nothing wrong with that at all but surely from your experience, you must have some disagreements with Vista. No software is perfect out of the box without some set up. As for me, I'm an old retired electrical engineer PE that grew up with computers and O/Ses from the 70s. I guess time has past me by as I'm still use to setting up systems from scratch to be Fast, Efficient with Just Enough Security to do the job but still allow for Maximun Machine and System Usability which pretty well dates me. (Laughing Out Loud) Concerning WPA, WGA, Etc.; I hate that type of business model BUT as long as MS is allowed to get away with such actions, then all us will have to live with it. Just being a (hobbist) and to get around WPA and WGA, it cost me $1000s to purchase (5) seat (Volume Licenses) for MS Client software not to mention Server software. A bit unfair for a hobbist in opinion. You might get the opinion that I dispise MS as most other people do, BUT that is NOT truth at all - MS knows me by my first name in many departments and programs. I just philosophically disagree with them in many cases BUT one cannot argue with their succcess !! Kindest Regards, Rick P. ====================== "Jimmy Brush" wrote: Hello, I know I will be "flamed" out of this Vista discussion group but I feel I must add my comments. Doubtful. However, since you posted to a discussion forum, I will discuss the topic with you. snip 1. How many "Joe Six Pack" Windows single machine users actually want to spend time "logging" into their personal machines ? I doubt it bothers them too much clicking their picture after the computer starts up. In fact, I bet they enjoying seeing the picture they chose. Those that don't will probably find out how to automatically log in if it bothers them that much. 2. How many "average" Windows users have enough knowledge to actually "cut off" and "cut on" the security features they really need ? They don't need to modify these settings unless they are directed by product support or someone technical because they are having a specific problem. They probably don't even know they're there. Moot point. 3. How many "average" Windows users have enough knowledge to even know what the security setting's Terminology's mean ? Why would they care? The UI they will want deal with are worded so that even a novice can understand them. If they are having a technical problem, they will need to contact product support or a technical fellow, as most average users do. 4. How many "average" Windows users, after purchasing their off the shelf machine, have the time or want to read a 2000 page Tec Manual or go to MS Tech Net just to be able to to use their new machine for its intended purpose ? They don't have to. 5. How many "average" Windows users know what Permissions are, UAC is, rundll does, WMI's function, what Active X controls are for, how the Registry is built, what Protocols, Ports, Tokens and Objects are, etc., etc..... just to name a few of thousands of computer related knowledge base items ? Why would they want to know stuff like that? They don't need to know that stuff. snip users ... don't want to spent hours / days trying to figure out and configure there machines. It comes configured out of the box for the "average user". On the other hand, most "average users don't won't to feel that they are are being treated as children and are being protected and saved from their own stupidy by a higher power either ! If you are referring to "Windows needs your permission..." and other security-related features, I don't see how you think this is treating the user like a child. Windows is asking the user what they want to do and allowing them to control whether a certain action is taken - where as before, Windows made the decision for the user. I see the average user being given more control over their computer than ever before. snip In my opinion, it is a "darn" shame for a company like MS to develop a common everyday product such as Vista that will take at least (8-12) hours (just a guess) to configure right out of the box which will then be useful for the "average" user in accomplishing what they purchased their computer for originally. Again, Vista comes pre-configured for the average user. My last comment concerns WPA, WGA and who knows what's to come. You never fleshed out this comment. What do you think is comming? All I see is Microsoft ensuring customers and OEMs are paying for their product. -- - JB Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
VISTA SECURITY
Okay, I can see your concern. Not everyone is a tech whiz kid. Granted. I think a lot of the install issues people are seeing have to do with it not being a full release version. Yes, there are still bugs in the system that need to be worked out. There is still a couple months to do that if needed. You are right. Most common users won't know what some of the terms are, some will. But it has been my experience that those who dont, usually know someone who does. I know that is little comfort in the idea. But here is the clincher. I remember when Win 95 came out, there were classes in colleges for learning the system. Though we look at it now saying either, "Why did I waste the money?" or, "What kind of an idiot needed to go to college to work Win 95." There is no easy solution to learning a new program. My father at 66 is still learning how to use his fancy new computer, he asks, "How do you learn this stuff?" To which I always reply, "Look, just go through and see what you can do, if you screw it up, we can re-load." And he now knows how to re-load his computer, I think he has done it about 8 times now. But he is learning. When this software comes out, you will have two kinds of users, the ones who got it on their new PC, who may have problems at first, and those who buy and load it on their computer, who won't have very many problems. But just like 3.11, 95, 98, and XP, people will learn it. This release will not be much different than the ones before. Every release gets better, every release gets more technical, but every release gets more user friendly as well. But with every release, there will be a learning period. There will be people who are calling the windows help desk. Best Buy, Circuit City, and probably every other small computer shop will be busy after the release, just as they were with XP and other releases before it. That is just part of the game. And honestly, as a user, I would rather the computer be set up with too tight security and have to learn how to turn some off, than to get a computer that starts with no security and learn the hard way how to turn them on. Because lets be honest, the day a virus screws up your computer is the worst day to say "Maybe I need Anti-Virus." And programs like "Defender" are only good if they are on. Some will read the tech books, some will not, some will keep it around to figure out what OAC means. Some may just feel through it, screw it up a few times ane learn how to do things right. Either way, in a year or two, everyone will be able to use the system, and most of them flawlessly. Be optomistic. We can get through this. :-) |
|
|||
VISTA SECURITY
snip
My post original was based on the fact that so many people have questions concerning setting up Vista secuity in the discussion group. Just read them. I am very familiar with the posts about security in these groups However, in your post you were arguing about problems that the "average user" will encounter, and that is why I had to disagree with most of your points. Don't misunderstand me, I don't think your issues are meritless, but I don't agree with you in the context in which you presented them . The people who post here are not average users, especially the ones that ask about security-related topics. Most of the security-related problems encountered by the members of this group are generally caused by: 1) Failure to interoperate with a dual-boot with Windows XP - this is caused by Vista enforcing the security permissions on files created from within Windows XP. Many people have never encountered NTFS security permissions before due to always running as administrator 2) Failure to use command-line tools or non-Microsoft admin tools - caused by needing to elevate the program manually 3) Inability to access "old" Windows XP folders such as Documents and Settings, because these folders have been moved or renamed and replaced with hidden junctions 4) Inability to remotely administer a vista machine without changing a registry key 5) Programs that misbehave in the new Windows Of these, only #5 (and to a much, much lesser extent #2) will apply to the "average user", but by the time Vista is publically available and beyond, this should be less and less of a problem. This always happens after a major upgrade to the operating system. It appears that since the default settings for Vista security are ALL ON, many will have difficulty configuring their systems to do even simple tasks such as recieving E-mail with pictures or setting up the firewall for gaming past through, etc., etc...... I believe MS has addressed the example issues fairly well ... I.E., blocked pictures can be enabled by clicking an information-bar type thing that bloops up, and Windows Firewall gives the user the chance to unblock an application the first time it encounters it. Also, I would like to point out here that the issues caused by these security settings are caused by application incompatability with Vista, not the security procedures themselves. Like any program designed for an operating system, the applications will need to use the services that Widows provides in order to provide their functionality. Even my website gets a Vista warning with all the security cut on and my code validates perfectly except for the MS proprietary (margee tag) I use for scrolling text. Maybe your website is doing something considered risky, like using an unsigned ActiveX control or doing something with JavaScript that isn't considered "propper" these days? Also some of the "fluff" needs to be removed, non essential Services cut off and the Registry Tweaked to speed up the O/S etc., etc...... This is very much an advanced-user thing... but really, Microsoft spends a lot of time doing this themselves and making it just right for the "average user" ... Sure, you may be able to do some additional stuff yourself, but it takes a lot of knowledge to be able to know what to do. This isn't really Microsoft's fault ... a complex operating system is complex to configure. snip It appears you either work for MS or a big fan of their systems and business model. Nothing wrong with that at all but surely from your experience, you must have some disagreements with Vista. No software is perfect out of the box without some set up. I do not work for Microsoft, but I am a big fan of Windows NT ... I really know nothing about their business model. I do have disagreements with some of the implementation details of the security in Vista, but I agree completely with the abstract model. As for being "perfect" out of the box ... I can say that, when looking at the big picture, I believe that things will be "pretty good" for "average users". However, we all know that there is no such thing as perfect, pretty good, or average user. I see Windows providing two things: A platform for software to be built upon, and the minimal software needed for the user to be able to use the system (i.e. the shell). I see the need for tweaking the platform itself minimal; most users don't need to muck around by disabling services or turning off core features of the operating system, unless it is preventing them from performing a certain task, at which point they will need assistance. I see users primarily configuring the software they use - such as windows explorer, word, etc, which has a pretty good interface for adjusting its behavior. I see this in the same way as a car - I don't need to adjust the properties that make the car work unless I am having a problem (i.e. the idle speed, fuel-mix-ratio, etc). The car is set up for the average user in mind (those going highway speeds). Those who do not fall into this "average user" category (i.e. people who like to race or want a show car) can modify how these things work (making it use more fuel, removing the limiter on speed, etc), but the average user could care less about doing this. Why should the car manufacturer make these things easy to do? However, everyone is free to customize the car as they see fit by buying new radios and changing the appearance of the car - I see this equivalent to buying new software or changing application options in Windows, things which are fairly easy to do. I think the problem here is that Microsoft is changing the way that they built their "car" and a lot of "accessories" for the car are going to be obsoleted or won't work correctly, mostly because of stupid things those "accessories" have done (i.e. software not following the spec MS has laid out for how they are supposed to access the operating system - imagine a car radio depending on the idle speed of a car being set at a certain value and messing up if it is changed!) As for me, I'm an old retired electrical engineer PE that grew up with computers and O/Ses from the 70s. I guess time has past me by as I'm still use to setting up systems from scratch to be Fast, Efficient with Just Enough Security to do the job but still allow for Maximun Machine and System Usability which pretty well dates me. (Laughing Out Loud) Ah, now I see where you are comming from. From my perspective, Microsoft's approach is to design the operating system for the majority ("average users") but allow specialization by the minority. That is why I say windows is already configured for the average user. And I really think this is the way it is because that's how the "average" people want it. They don't want to have to tell the computer what they are going to do with it by answering a bunch of questions, even if it was easy to do and understand. They just want to use the computer, and they want the computer to be able to do anything they want to do with it, with as little configuration as possible. It really would be nice if everyone could have a "custom" version of Windows stamped out just for there needs - and this is in fact possible now and will be even more so in the future, for those advanced users wishing to do this. But, I really don't think this is what average users want to do, and that is primarily why Windows doesn't make it super simple to do - why spend so much time working on something that won't be used by the majority of users? Just make it good enough for the users who will actually use it. Previously, Microsoft has done what you suggest with the security issue (putting app compatability/usability before security) - and they ended up with Windows ME. LOL. Seriously, though, I think most of the security improvements, when considered as a whole, signal a move by Microsoft to re-architect Windows by defining the interface between applications and the operating system better. Microsoft is kind of re-asserting there right to be "boss" of the operating system, where as before they kind of allowed applications to enter into their territory and act as the operating system with minimal fuss. I believe this is the root of many of the security problems in Windows, from an abstract point-of-view. To put it back into my car perspective, why should the radio be able to tell what the idle speed of the car is, let alone modify it? If the radio wants to do something, it will need to follow the interface available to it by the car design, not change the car design to suit its needs (possibly mucking things up for other accessories on the car). This is evident by the changes in device driver policies and kernel patching as well as User Account Control. Essentially, Microsoft is building a big wall between the operating system and applications, and forcing the applications to use the services Windows provides in order to do what they want, instead of allowing the application to just delve into the system and muck up everything. And if the application really needs that kind of access to the system in order to do what it needs, it can still do it, but it will have to be done "correctly" and the user will have to allow it. Before Vista, it was kind of like rival gangs (programs) battling for control of the city (the operating system) with little concern for the damage caused to the city and innocent victims (the users). (Although not nearly as bad as pre-NT systems). Right now, this shift will have major negative consequences on usability, but in the future this will allow Microsoft greater room to improve Windows without breaking as many third-party apps, which I believe will in the long-term increase usability. After thinking about it a bit, I think you and I see Windows in two different lights ... I see it as a framework for an infinite number of possible uses, more as an abstract thing, and that it is the applications that are the concrete inplementation of this framework and that they should be customized to fit the user. But I think you see Windows more as a concrete thing, as if it it were a block of clay that exists to be molded to only support the needs of the user and the applications that user specifically uses, whatevery they may be, and that unless this is done it is not really complete. Concerning WPA, WGA, Etc.; I hate that type of business model BUT as long as MS is allowed to get away with such actions, then all us will have to live with it. Just being a (hobbist) and to get around WPA and WGA, it cost me $1000s to purchase (5) seat (Volume Licenses) for MS Client software not to mention Server software. A bit unfair for a hobbist in opinion. I don't see how product activation constitutes a business model. All I see is them making sure they get paid? I don't see this as a problem. If you don't like the price, you don't get to use the software ..... that has always been the way it has been for any product. I see product activation in the same way that I see sensormatic security tags at a retail store. -- - JB Windows Vista Support Faq http://www.jimmah.com/vista/ |
|
|||
VISTA SECURITY
you can RUN secpol.msc (Local Security Policies) and neutralize any of the
security blocks, access levels, alerts, etc. that you may find uneccesary or nuisances for your environment. I agree with you though, the "average" user will be paralyzed. "R. A. Pazderski" wrote: I know I will be "flamed" out of this Vista discussion group but I feel I must add my comments. RC1 sets up fine with a Clean Install on a fairly modern machine using up to date ancillary software. HOWEVER: 1. How many "Joe Six Pack" Windows single machine users actually want to spend time "logging" into their personal machines ? 2. How many "average" Windows users have enough knowledge to actually "cut off" and "cut on" the security features they really need ? 3. How many "average" Windows users have enough knowledge to even know what the security setting's Terminology's mean ? 4. How many "average" Windows users, after purchasing their off the shelf machine, have the time or want to read a 2000 page Tec Manual or go to MS Tech Net just to be able to to use their new machine for its intended purpose ? 5. How many "average" Windows users know what Permissions are, UAC is, rundll does, WMI's function, what Active X controls are for, how the Registry is built, what Protocols, Ports, Tokens and Objects are, etc., etc..... just to name a few of thousands of computer related knowledge base items ? Like me, most in this discussion group have been around since Dos 1.0, build their own hardware and do some programming and experiment with different Operating Systems if not just for the fun of it. However, I would venture a guess that 95% of "average" Windows users have real computer work to accomplish daily and other outside hobbies besides IT experimentation and electronics plus really don't want to spent hours / days trying to figure out and configure there machines. On the other hand, most "average users don't won't to feel that they are are being treated as children and are being protected and saved from their own stupidy by a higher power either ! Vista seems to accomplish both goals. In my opinion, it is a "darn" shame for a company like MS to develop a common everyday product such as Vista that will take at least (8-12) hours (just a guess) to configure right out of the box which will then be useful for the "average" user in accomplishing what they purchased their computer for originally. My last comment concerns WPA, WGA and who knows what's to come. The "average" computer user knows nothing at all of what this is all about so there was no huge public out cry just as there will be none when Vista is released. Business monopolies can just about do as they please when there is no competition to speak of. And NO, Windows 98 was NOT the best version of Windows developed. Probably Windows 2000-SP4 was / is the fastest O/S, took the least time to configure with the least "fluff" and could be locked down tighter than a drum for net working. I won't even speak about Office 12 with its "comic book" interface. Regards, |