Windows Vista Security Review
Microsoft’s currently advertising Windows Vista as being “The Most Secure Windows Ever!” Well, it had better be, because becoming less secure with each passing version sure isn’t a pretty sight to see. But they’re right, it is more secure than Windows XP, and even more secure than Windows Server 2003, which really is something. Believe it or not, it’s actually on-par with Linux and Mac OS X as far as defensive mechanisms go, with little to no BS involved this time around.
General Malware/Vulnerability Security
Windows Vista has a new TCP/IP stack built from the ground up with security in mind. As priorly discussed, it’s not purely new code; a lot of old code from Windows XP has been recycled, but that doesn’t necessarily make it just as insecure. A vulnerability can come into being due to poorly coded TCP/IP networking stacks, or it come as a result of poorly designed networking stacks.
Vista uses old code at the low level. So that bit is theoretically poorly coded, and hence the vulnerabilities that Symantec reported exist. These are vulnerabilities in the Windows Core from older versions of Windows that were patched in subsequent hotfixes, but weren’t applied to the base code, therefore they weren’t present in Windows Vista. These kinds of bugs are one-time fixes. They probably still exist in Windows Vista, but they’re easy fixes, and most of them have probably pinned down in recent builds (the Symantec report is ancient).
The second type of vulnerability has largely been eliminated (as far as our security team has been able to discern with our limited testing on Vista thus far). Windows Vista’s new networking stack has been redesigned from scratch, and the new networking stack seems to be resistant to the traditional attacks. Besides the fact that it was designed with security in mind, it is also genuinely more secure. With lighter code and less bloat, there’s no need to spread your security team too thin. And even more importantly, it has a properly designed designated route-of-traffic, which dictates where and when traffic packets go through. Windows finally has an organized networking stack that seems to properly deal with incoming network bits, and can properly classify incoming & outgoing communications the way they should be. It’s a good sign.
The new Windows Firewall bears no semblance to its original namesake, the Windows XP Firewall. To be totally frank, it’s most similar to the firewall that ships with ISA Server 2006 – one of the very best enterprise-grade firewalls out there! For Windows XP and Windows Server 2003 NeoSmart Technologies’ firewall choice has long been the Symantec-razed Sygate Personal Firewall Pro, which far surpassed the Windows XP Firewall and all other 3rd party firewalls.
However, the new Windows Firewall sits right in MMC 3.0, and taps right into the power it provides. It’s easy to make new rules, and they’re even more powerful than the traffic signatures that Sygate allows users to create. Plus, it’s on by default, ships with it activated, and the only satisfactory way to turn it off is to install an alternate firewall or disable the firewall service. It’s brilliant, and it’s just as powerful as the new Linux firewalls and as protecting as SELinux – but with an excellent graphic interface to match.
But to a lot of people what matters is how it works with the firewall off! In a word, it works great. Between UAC/LUA (see below) and the enhanced Internet Explorer security rules and the redesigned TCP/IP Windows core, it’s quite a secure deal.
Internet Explorer Security
Windows Internet Explorer 7+ (as it is now called) is a far cry from the pitiful excuse for a web browser that was IE6. We already reviewed Internet Explorer 7 Beta 3 and RC1 before, but here’s a de-brief on the security status of Internet Explorer at RC1.
- Phishing protection that actually works
Back when the MSN Toolbar for IE6 with phishing protection came out, every other site was marked as suspicious, unless of course, it really was, then it was marked as OK. But with IE7, it properly detects certain types of phishing sites and offers heightened security when browsing dangerous parts of the web.
- Invalid certificate warnings
If a page claims to be secured but for some reason its certificate doesn’t match, IE will no longer politely inform you of it in the taskbar. Instead, it takes the prerogative and refuses to open the page until you are doubly-sure of the URI you entered and where you want to go.
- Script Blocking
- Internet Explorer is no longer integrated with Windows Explorer
- International Domain Support w/ Anti-Domain Name Spoofing
- ActiveX Controls must be clicked to activate
- Status bar can no longer be modified
- New 256-bit cipher strength for encrypted transactions
- New “Protected Mode”
The browser runs in a sandbox with even lower rights than a limited user account. As such, it can write to only the Temporary Internet Files folder and cannot install start-up programs or change any configuration of the operating system without communicating through a broker process.
- Improved pop-up blocking
The most important of these is Internet Explorer’s “Protected Mode,” which is the epitome of online security. Your web browser runs in a virtual environment with practically no rights. To access data on your PC (not temporary internet files but real, hard data) it must “tunnel in” through a specifically established protocol where the user is prompted every step of the way. At first it’s annoying, but when you realize that 99% of all vulnerabilities find their way to the PC via the web browser, you’ll come to appreciate it. Just for example, the WMF vulnerability of December 2005? With Protected Mode it would have never been an issue. It’s not a fix for a particular bug, it’s a protective measure that just works.
User Account Protection
Several builds ago, UAC was the most irritating concept to ship with windows Vista to date. Three builds later, UAC has actually been perfected. User Account Protection properly safeguards limited users and administrators alike from the power they wield. It may not be much, but the power any locally logged on PC user is a hundred-fold more than what a hacker needs to bring a PC down to its knees, and UAC magically steps in to make sure you know what it is you’re doing.
But for many, it’s just as important for the operating system to “not get in the way” as it is for it to protect the user. Four builds ago, it took 7 steps to delete a simple, innocent, meaningless icon from the desktop while logged in as an administrator! But never fear, it’s been fixed since. Now, UAC doesn’t bother you at all unless you open a system properties dialog or try to delete a system file. And when it does, it’s really nice about it, it only asks once and then it lets you do what you like.
Compare this to Windows XP or, god forbid, Windows 98/ME (not that we’re going to!). In Windows XP, an administrator could do anything he or she wanted, and quite a few things they didn’t want. For instance, if an administrator wanted to delete a couple of system files, there would be nothing to stop them – no problem. But if a program that snuck into the system under the administrator account tried to delete those files, it would also be allowed without batting an eye. On Vista, it’s easier. If you really want to delete that file, you can. But if something tries to delete it without your permission, Vista will make sure you know about it, and ensure nothing goes wrong without your knowledge.
It’s even better than Linux. I never thought I’d live to the day when I can honestly say “Windows security for user accounts is much better than that of Linux.” Scary? Unbelievable? It’s true. Linux has two types of accounts: Normal, and Super-User. That’s like having “Restricted User” and “Administrator” on Windows, with nothing in between. On Windows, there are a hundred different in-between accounts, and users can actually log on as Administrator for day-to-day activities. Even more so, on Linux when you request higher privileges
You can then proceed and do whatever you like. On Windows, it’s a per-task deal. Both are secure, but, believe it or not, Windows is more secure – from that aspect anyway.