Wednesday, February 21, 2007

The Register on Vista Security

The Register has a good blow-by-blow article on Vista Security ( As you would hope for it covers the good, the bad and the ugly. This is true despite an inflammatory remark, especial if taken out of context as it is here:
In a nutshell, Windows is single-handedly responsible for turning the internet into the toxic shithole of malware that it is today.
I explains IE7s sandbox techniques and then shows,what I will term bugs, where it violates the sandboxed environment.

There is of course the touted User Account Control (UAC) which is a good concept... gone bad.

The quote below gives a good description:
And there's the catch: "Windows needs your permission to install this cleverly-disguised Trojan nifty program. Click Yes to get rooted continue."
I have more details in a previous post near the end "The ultimate Vista malware is... Setup.exe" (

Then there is "Data hygiene:"

Finally, it's fixed.
Oh wait; it's not fixed. In fact, things just got a lot worse.

The worst part of this is that by offering the option to disable the list of recent files, MS has given users a false sense of privacy and security. The reality is that privacy and data hygiene are even more difficult than before. What a blunder.
The summary of the summary

So, what have we got here... We have got... a slightly more secure version than XP SP2... good features... good ideas... implemented badly.

No comments: