Joanna Rutkowska on Vista security
By Fjodor on Feb. 14, 2007.
Rutkowska is trying out Vista. And as always, it seems to be a different world than what MS marketing would have us believe…
Quote from her blog:
One thing that I found particularly annoying though, is that Vista automatically assumes that all setup programs (application installers) should be run with administrator privileges.
[...]
That means that if you downloaded some freeware Tetris game, you will have to run its installer as administrator, giving it not only full access to all your file system and registry, but also allowing e.g. to load kernel drivers!
Now how about that. She describes the XP option of customised privileges, enabling the user to assign only the strictly required privileges for installing software, and still disallowing e.g. loading kernel drivers. Seems neat, but, alas, a thing of the past.
Next, she finds that while Vista still does go through some work to protect itself, it seems a little more careless with actual user data. In other words, even processes running at the lowest “Integrety Level” might still read data from more privileged processes. As she puts it:
So, the statistics look better and everybody is generally happier. Including the competition, who now has access to stolen data
She goes on to describe her ability for an “IL” process to send keyboard and mouse events to a shell running as Administrator. How very reassuring.
Go Vista!
Popularity: 15% [?]
Vista and HD content? Not likely…
By Fjodor on Feb. 13, 2007.
This almost speaks for itself: A Cost Analysis of Windows Vista Content Protection. Therefore I shall restrain myself to this little nugget of totalitarian gold from MS’ specs and a comparison:
“It is recommended that a graphics manufacturer go beyond the strict letter of the specification and provide additional content-protection features, because this demonstrates their strong intent to protect premium content”
…which seems unscrupulously close to Sir Ian Kershaw’s concept of “working towards the Führer”, as explained by this http://goodreports.net book report on his “Hitler: Nemesis 1936-1945″:
“‘Working towards the Fuhrer.’ What this refers to is the way in which radical actions were often instigated from below, not as the result of express directives, but because they were felt to be in line with Hitler’s broadly defined aims.”
Now, I am not saying that the software business is comparable to the holocaust. Not by a long shot. However, it would seem that MS is trying, in the first, to reap the benefits of a mechanism, that was an instrumental factor in the radicalisation of the second.
Popularity: 12% [?]
Category: Microsoft
No Comments
Vista and security practices
By Fjodor on Feb. 13, 2007.
Extremetech has tested 25 games on Vista, and though I am not a gamer, I thought I’d take look. It does have some interesting tidbits, considering normal security practices.
In the section about Battlefield 2, it is noted, that to connect to servers employing Punkbuster protection, you need to run the game with Administrator privileges, seeing this as being somewhat of a non-issue (“That little fix allowed me to jump on any server with Punkbuster enabled…”).
This procedure is referred to a number of times, either as not needed or as a normal procedure (“This is starting to look like a pretty common cure-all for Vista games compatibility issues.”, “…and only a handful needed just a minor tweak or two, like running the game as Administrator”). Now, how is that for security, running large, networked, closed-source, cracker-luring programs with full privileges on the system?
Another little thing, concerning Lord of the Rings: Battle for Middle Earth II, Rise of Legends, is seen as a feature. I am oblivious to the actual procedure of adding anything to the Windows Firewall, but even assuming a dialog window, many users would undoubtedly be compelled to just click on “Yes” and be done with it: “As it does with Windows XP, the game can add itself to the Windows Firewall exception list to make sure online play isn’t blocked.”. Now that just makes me feel warm and fuzzy all over…
Popularity: 9% [?]
Category: Microsoft
No Comments
And you thought they limited you with Vista?
By Fjodor on Feb. 13, 2007.
Modular operating systems are a good idea. Not a new idea, though. But wouldn’t it be wonderful, if you could distribute just the bare minimals (as in ability to boot and upgrade, nothing more), and have the user pay for every little extension like running more than a very few apps, connecting devices, browsing the web?
Now, it could almost be argued, that what was harder to code should cost more, but in the case of number of apps, it would actually be harder to limit the number than the opposite. Likewise, network must be present to download extensions, so it would be harder to code restrictions there too. And USB? Obviously, the user must at first startup be able to have keyboard and mouse. Including that functionality, but restricting all else is also harder.
So what’s the point? Why, testing the limits of user abuse comes to mind, but then again that limit seems nonexistant, since people actually want to use Vista.
Your money, that’s what.
Cue This patent application and Groklaw’s
take on it.
Popularity: 8% [?]
Category: Microsoft
No Comments
Best US business reputation?
By Fjodor on Feb. 13, 2007.
Wall Street Journal reports (here) that Microsoft tops US business reputations. Apart from being completely nonsensical for MS to top such a list, it seems they owe the position to the charitable donations of The Bill and Melinda Gates Foundation. Now I can almost see a where people might get the idea that this is fair, however when mr. Gates is at the helm, it would seem inevitable that inferior ethics plays a part:
Fighting diseases in developing countries?
Dark cloud over good works of Gates Foundation
Fighting homelessness in the US?
Money clashes with mission
Popularity: 9% [?]
Category: Microsoft
1 Comment