Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] [Rival] Windows Vista and 2008 Less Secure (More Zombie Prone) Than Predecessor?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____/ The Hornet on Monday 08 September 2008 18:19 : \____

> AZ Nomad wrote:
>> On Mon, 08 Sep 2008 09:48:11 +0000, Roy Schestowitz
>> <newsgroups@xxxxxxxxxxxxxxx> wrote:
>> 
>>> Microsoft announces another critical Tuesday times four
>> 
>>> ,----[ Quote ]
>>> | The Windows Media Player update is rated critical for WMP 11 on Windows
>>> | XP, Vista and Server 2008 (including the x64 versions). It is not
>>> | applicable to Windows 2000, Server 2003 or Server 2008 for Itanium-based
>>> | systems.
>>> `----
>> 
>> You mean there are idiots running such an enormous internet application as
>> root?
>> 
>> Of course, I'm being sarcastic.  That's how nearly every windows desktop
>> user by defaults runs everything.
> 
> No they don't stupid. That is not the case on Server 2008 and Vista that
>   users run with full Administrator right privileges or root.
> 
> <http://technet.microsoft.com/en-us/library/cc772207.aspx>
>
<http://news.softpedia.com/news/Admin-Approval-Mode-in-Windows-Vista-45312.shtml>
> <http://technet.microsoft.com/en-us/library/cc709691.aspx>
> http://technet.microsoft.com/en-us/magazine/cc138019.aspx

Microsoft: Turn off Vista's UAC to fix problems

,----[ Quote ]
| I've been fairly critical of the new User Access Control (UAC) in
| Windows Vista, as I feel it is too secure to be usable, which will
| probably result in many users and corporations turning off and
| losing out on what could have been Vista?s best feature.
|
| [...]
|
| He recommends turning UAC back on after fixing the problem, but
| when users need to do this more than a couple of times to get a
| usable system, they will just leave it turned off.
`----

http://beta.amanzi.co.nz/2006/11/13/microsoft-turn-off-vistas-uac-to-fix-problems/


'Vista's Account Protection: One Click and It's Gone'

,----[ Quote ]
| One of Vista's big security features is 'User Account Protection'
| (or 'User Account Control') which pops up and asks for user
| authentication before software can make any administrative changes to
| the system. But the TweakVista utility can turn off UAP in one click...
`----

http://securitydot.net/news/exploits/vulnerabilities/articles/2661/news.html


The Truth About User Privileges

,----[ Quote ]
| Has the time finally come for the least-privilege user -- you know,
| setting your Windows client machines to run without system
| administrator rights?
|
| [...]
|
| Today, some Windows applications just won't run properly on a
| desktop without administrative rights. "It's a dirty little
| secret people sweep under the rug because they're not able to
| do much about the problem. A lot of applications and pieces
| of environments won't work if users aren't given admin rights,"
| says Steve Kleynhans, vice president for Gartner's client
| platforms group. "If you can get applications to function
| with lower rights, in a lot of cases it hampers the user
| experience."
`----

http://www.darkreading.com/document.asp?doc_id=110225&WT.svl=news1_1


Microsoft: Users confused by Vista UAC prompts

,----[ Quote ]
| He said that the language used in prompts is also confusing.
`----

http://news.zdnet.co.uk/software/0,1000000121,39422949,00.htm


Microsoft Exec: UAC Designed To 'Annoy Users'

,----[ Quote ]
| "The reason we put UAC into the platform was to annoy users. I'm serious,"
| said Cross.
`----

http://www.crn.com/software/207100934?cid=CRNFeed


Windows Forces you to use UAC to Add a Printer

,----[ Quote ]
| Another bug that got past the extensive RTM testing process? Nope.
| It's a bug that came into existence during the finalization process.
| This bug wasn't there in RC2, but it's most definitely there now. All
| we can say is, hopefully this gets patched before SP6.
`----

http://neosmart.net/blog/archives/326


Security design: Why UAC will not work

,----[ Quote ]
| Pinning all your end-point security hopes on UAC assumes that criminals are
| not as smart as they really are
`----

http://www.infoworld.com/article/08/01/11/02OPsecadvise-user-account-control_1.html


Learning to Live with UAC

,----[ Quote ]
| Like most veteran Windows users, I balked when I first encountered the User
| Account Control (UAC) mechanism in the latter BETAs of Vista. The constant
| interruption of nearly every system or maintenance related task was
| unbearable. Finally, after one particularly frustrating bout of "move the
| file/yes I really want to move the file/please let me move the file/sorry, do
| dice buddy," I did what many early Vista users did: I turned UAC off.    
|
| Hint: For those of you who haven't figured it out yet, the option to disable
| UAC is buried under the User Accounts sub-section of the Control Panel.
|
| Ah, the bliss of no UAC! I could now do whatever I wanted, whenever I wanted!
| It was just like Windows XP, but with a cooler UI!
`----

http://weblog.infoworld.com/enterprisedesktop/archives/2007/07/learning_to_liv.html


Researcher Reveals 2-Step Vista UAC Hack

,----[ Quote ]
| A Web application developer has uncovered a two-step process
| (PDF) for exploiting Windows Vista's User Account Control,
| essentially by having a Trojan piggyback on what could be al
| egitimate download.
`----

http://www.eweek.com/article2/0,1895,2131595,00.asp


Vista User Account Control and the Linux Superuser

,----[ Quote ]
| So, when I was researching the way to determine the shadow storage
| size on Windows Vista for my February 23rd entry, I wasn't too surprised
| when I got an error message about needing to elevate my privilege after
| I tried to run vssadmin from a standard command shell. What a Linux
| system would have done right there would be to ask me for the
| administrator password.
`----

http://weblog.infoworld.com/stratdev/archives/2007/03/vista_user_acco.html


Vista's UAC needs an overhaul. Ideas?

,----[ Quote ]
| It seems like everyone, other than possibly Microsoft's Vista team
| itself, seems to believe that the User Account Control (UAC) in
| Vista already needs an overhaul.
`----

http://blogs.zdnet.com/microsoft/?p=277


Windows Vista: Secure Or Just Frustrating?

,----[ Quote ]
| The problem with Vista’s security implementation is that lots of warning
| dialog boxes don't provide security. Users get frustrated and eventually stop
| reading them altogether. They think of them as annoyances, an extra click
| required to get a feature to work. Is Windows Vista really more secure than
| the operating systems that preceded it, or simply more frustrating? Since
| Microsoft left us with no choice but to buy a PC with Vista pre-installed,
| we’re inevitably stuck with it. Let the frustration begin.      
`----

http://www.theitarticles.com/windows-vista-secure-or-just-frustrating/264/


,----[Quote ]
| "Oh, excuse me, is this supposed be a joke? We all remember all those
| Microsoft's statements about how serious Microsoft is about security in
| Vista and how all those new cool security features like UAC or Protected
| Mode IE will improve the world's security. And now we hear what?
`----

http://theinvisiblethings.blogspot.com/2007/02/vista-security-model-big-joke.html


Vista's Faux Security

,----[ Quote ]
| At the end of the new Apple ad, the security guard finally asks the
| hapless PC: "You are coming to a sad realization. Cancel or allow?"
|
| Unfortunately, after conditioning the world to click "allow," all
| Microsoft will have accomplished is to pass the buck to the hapless
| PC user, trying to make the user responsible for anything bad that
| happens because they ultimately chose to allow it.
|
| While that may allow Microsoft?s security engineers to sleep at night,
| the rest of us won't rest as easy until Vista's holes are plugged
| with something more substantial than a dialog box.
`----

http://www.esecurityplanet.com/article.php/11162_3660976_2


Windows Vista Tip: Run as administrator

,----[ Quote ]
| This will make every admin operation prompt you for credentials
| while it is great if you do a lot of remote operations it can
| become tedious if you are performing a lot of local admin operations.
`----

http://windowsconnected.com/blogs/joshs_blog/archive/2006/12/01/windows-vista-tip-run-as-administrator.aspx
http://tinyurl.com/y64c6r



- -- 
"There's a lot of Linux out there -- much more than Microsoft generally signals
publicly -- and their customers are using it..." --Paul DeGroot, a Directions
On Microsoft analyst.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkjFb9QACgkQU4xAY3RXLo7pvACfd28+rEH8CQacBEkYjuRfq2tK
pPsAoI9E4P7pNYTBps8HmzOg6aPxR8Nf
=pjkn
-----END PGP SIGNATURE-----

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index