Vista Security: Worth Paying For
Outgoing Microsoft executive Jim Allchin has been stumping hard for Windows Vista, as the much-anticipated client operating system enters its stretch run. By the time you read this, the nearly feature-complete beta 2 of Vista should be in testers' hands. But while Vista offers a host of improvements over Windows XP -- including the touted Aero Glass GUI -- the most compelling reason to step up to Vista could be security, Allchin argues.
He has a point. Windows XP SP2 patched a lot of holes in the Windows foundation, but it clearly did not finish the job. Internet Explorer remains a busy route for malware infection, and Windows' user privileges structure ignores that most basic tenet of security -- thou shalt not run as root.
One look at the list of security-centric improvements in Vista, however, shows that Microsoft is working to plug the remaining holes. Among the changes:
- Windows Service Hardening: Prevents compromised Windows services,
which run silently in the background, from making changes to key file system
or Registry settings.
- Internet Explorer Protected Mode: IE7 will run on Windows XP, but
under Vista it gains the benefit of "protected mode" operation,
which denies the browser the right to change user settings or data.
- Hardware Level Data Protection: The new BitLocker secure startup
feature provides full volume encryption, locking up Windows system files and
the hibernation file. Hardware hooks for the Trusted Platform Module (TPM)
1.2 chip should ease management.
- Bi-directional Firewall: The Windows Firewall will finally assess
and filter both inbound and outbound application traffic. The client firewall
can be managed via Group Policy.
- Network Access Protection: Once Windows Server "Longhorn"
gets deployed, client-side agent software will enable servers to assess the
security state of client systems and prohibit entry to those that fail.
- Perhaps most important is User Account Control (UAC): It allows users
with restricted system rights to enter a password and gain administrative
privileges for a specific task, such as installing a device driver (see Figure
1). Today, such a task requires logging out of the limited rights account
and logging back in as an administrator. No surprise, many users simply log
on as administrators all the time and leave their PCs wide open to manipulation
by uninvited malware. UAC finally applies a model that has been employed in
the Linux world for years.
It's an impressive list, but Gartner Inc. Vice President and Distinguished Analyst Neil MacDonald contends that it remains incomplete. While consumers and small businesses should be well-served, the new security tweaks fall short for most enterprises. MacDonald singles out service hardening, which prevents malware from hijacking background processes.
"Microsoft is late putting it into the operating system and they are only doing it for Windows services. It's another one that's a great step in the right direction, but if I want full functionality, I am going to look at a third-party product," MacDonald says, citing Symantec's Critical System Protection as an example.
He also voices concerns about gaps in features such as BitLocker full volume
encryption, which can house keys on USB dongles. "The drawback is, if I
stick those keys on the USB dongle, and I leave the dongle in the laptop … then
I've just blown my protection," says MacDonald, who wonders why the encryption
won't extend to devices like USB hard drives. "There are bits and pieces
Microsoft is tackling here."
|Figure 1. Making a change
that requires admin privileges? You’ll be challenged to provide a
password each time.
Windows Vista could create new security concerns, as well. The powerful desktop
search feature is a vast improvement over the clumsy facility in Windows XP.
One possible enhancement is the ability to search on metadata keywords input
by users. But MacDonald thinks the feature may compound a long-standing problem
with Microsoft Office and other files.
"The issue is the inadvertent disclosure of metadata," MacDonald says. "Now you can take a file and add even more metadata to it, and you have layers of metadata as it were."
Microsoft has released client-side tools for Office that let users strip metadata such as author names, company data, and hidden revision marks from documents, but no such tool has been announced for metadata applied to files within Windows Vista. And the lack of a managed solution -- such as a metadata scrubber at the gateway -- means IT managers could face another hard-to-manage conduit for information leakage.
"It's a problem now and Vista's
features only make it worse," says Philip Boutros, chief technology officer of
Bitform Technology, a firm that specializes in scrubbing metadata from documents. "There are client side products, but they create no defense in depth and there is no global management. There is no commercial server side solution that I know about."
Windows Vista brings important
and effective improvements to
Windows security. The question is, are those enhancements really compelling enough to prompt a switch?
"It'll raise the bar. But again, I don't think people will race out and buy Vista," says MacDonald. "We got a lot of the goodness in XP SP2, in terms of security."
Michael Desmond is an editor and writer for 1105 Media's Enterprise Computing Group.