• CONTEST ALERT - Experience the power of DDR5 memory with Kingston Click for details

Vista is still the most secure OS to date.

Status
Not open for further replies.

vaithy

In the zone
gx_saurav said:
Add to it, Vista is the most secure consumer desktop OS.

Yes!! among the Windows editions this is a secure OS so far, nothing major flows found, even the earlier flows has been rectified.. ( I am working on a New PC with vista preinstalled in my office)

But, it doesn't meant that it surpass the typical security elements built in Linux and BSD variants (including MAC)

with regards,
Vaithy
 

praka123

left this forum longback
^ that's what from the beginning i said,UNIXen are inherently more secure.I think now the answer is clear.
 

rocket357

Security freak
praka123 said:
^ that's what from the beginning i said,UNIXen are inherently more secure.I think now the answer is clear.
Compared to Windows 2003 (Edit - XP MCE also...pre-Vista Windows!) and before, this statement holds. Pre-Vista Windows machines made hardly an attempt to separate administrative (Ring 0) process spaces from one another, meaning a virus/worm/rootkit/etc... could modify process space of another administrative process as long as it could just get "a foot in the door" by exploiting a different administrative process (or in the case of a rootkit (typically the payload of an initial exploit), be put in place by an administrator process exploit). (or at least gain administrative priv. based on priv. escalation and the like)...(you get what I mean). This is a majority of the reason why pre-Vista viruses are so prevalent.

Couple that with Intel's 32 bit "shortcut" (there are three basic attributes that memory can have: read, write, execute. Intel took a shortcut (to be executable, it must be readable), so they shortened it to read/execute, and write. Unfortunately for data portions of memory, this means that for that section of memory to be read/write, it MUST also be executable...this is bad, and I *believe* intel rectified the situation with the P4 64 (and later) processors, but I can't say definitively). (Edit - it's my understanding that creating a situation in which memory is writable/executable is bad in ALL contexts, though it's done in many situations currently)

Ok, so XP on 32 bit suffers two MAJOR problems. XP on 64 bit suffers one major problem. Vista on 32 bit (does such a thing exist?) would suffer one major problem. Vista on 64 bit (which is most of the market, if I'm not mistaken) suffers from neither of the previous severe security issues that previous Windows versions suffer from. This doesn't mean it's bullet proof, but it puts it in a different class from WinXP/Win2k3.

Sorry to play the devil's advocate here, but the truth must stand on it's own.

Edit (last one haha) - Linux/BSD on x86 DO suffer the intel shortcoming (write/execute). It's my understanding, though, that Linux/BSD deal with it through software permissions (which pre-Vista Windows didn't support to the extent that Linux/BSD machines do). I could be completely wrong, but this is my understanding of the situation. If you notice something that you KNOW is incorrect, please inform me!
 
Last edited:

praka123

left this forum longback
Yes i know that NT kernel made big advances as with Vista and win95 to win me suffered inferiror permission system which made them very vulnerable.but that doesnt make the kernel fully different.i mean the same base is for winnt,win2000 too holds afaik.but i am skeptical of the Vista kernel too_Only time can tell whether that lives upto M$ claims.
and i heard Vista got a "sudo" so,that means they are copying more from UNIX :D
 

rocket357

Security freak
praka123 said:
i heard Vista got a "sudo" so,that means they are copying more from UNIX :D
Vista introduced two concepts to the NT line that enhance security, and both were pioneered in the Unix world.

First, Address Space Layout Randomization. This means an executable (primary target of buffer overflows, which are arguably the "king" of exploits at the moment) can be built like a dynamic library and the entry points can be randomized. (This was pioneered by IBM in early 2001...look up "ProPolice"...and was rolled into GCC in April 2004 for use on Linux systems, THOUGH NOT ALL LINUX SYSTEMS USE IT!!!!!!!!!) (is my dislike of "user friendly" Linux distros becoming clear? hahaha). This makes it MUCH more difficult to exploit a service/executable because offsets are randomized and the like. (Edit - just for information's sake: PAX is a two-part add-on. The components are PIE (Position Independent Executable...same as Vista's Address Space Layout Randomization) and SSP (Stack Smash Protector) SSP on Unix/Linux works by compiling executables in a specialized manner...every time a buffer is created, the buffer is made slightly larger than necessary. The excess space is filled with a random "canary value", and after the function call completes *but before it returns!*, the canary value is verified. If the canary value is in place still, no buffer overflow has occurred, and the function returns normally. However, if the canary value has been modified (a buffer overflow HAS occurred), then the program terminates without returning from the function call (better to have a program crash than get compromised)).

Second, User Access Control. By default, the "admin" account on Vista (this is my understanding...if some of you that have greater understanding of Vista's security model want to chip in, please do!) runs in "reduced" permission mode, and to switch back to full admin mode requires interaction from the user. Unfortunately, this interaction is simply a click (not password entry) (Edit - my last brush with Vista was RC1, so this MAY have changed since then!), so it's not as secure (though many Linux systems use sudo in an insecure manner, too). Basically, Vista's implementation is a "reverse" sudo.

The bottom line: Yeah, Vista has "copied" stuff from Unix...but then again, Vista has this technology, making it more secure. It's almost a "religious" debate, because you can argue all day that it's "copying" stuff, and Vista supporters can claim that doesn't matter because Vista is more secure...either way, you make no progress on either side.

praka123 said:
but that doesnt make the kernel fully different.i mean the same base is for winnt,win2000 too holds afaik.but i am skeptical of the Vista kernel too_Only time can tell whether that lives upto M$ claims.
Starting with Windows NT, Microsoft completely re-wrote the kernel from the ground up. Part of the reason was that Windows 9x relied on old 16 bit code, and the NT kernel was written to be fully 32 bit. Yes, it's a different animal.

You're right that the same code base is used for NT, 2000, XP, 2003, and Vista. But take a Linux kernel and compile it with the defaults...then patch it with RSBAC and PAX, compile it, and look at the security difference. The same code base can change *quite a bit* based on parameters passed to the compiler, patches to the code base, the hardware it runs on, etc...

I'm not trying to be difficult here, but bashing Microsoft just because it's Microsoft makes no sense (Edit - and yes, I've been guilty of M$ bashing during the course of this discussion...I was trolling =). You have every right to be skeptical because of Microsoft's track record...but just like anything in life, things change constantly. I'm not saying that you should go spend $400 on Vista, but keep an open mind about it. (Edit - my overall goal is to find and use the most secure systems for each category of system I need (server, workstation, home desktop, etc...). Should I discover tomorrow that Microsoft produces a more secure system (which will take a LOT because I have grown accustomed to having access to source code), I'd switch to Microsoft *for that particular need*, not because I'm a Linux fanboy, but because I seek an appropriate system for my needs...and since the majority of the gaming I do is easily covered by Linux (Nexuiz, alienarena, doom3, etc...), I stick to Linux for my gaming needs).

This isn't about winning arguments, this is about discussing reality =)
 
Last edited:
OP
anandk

anandk

Distinguished Member
latest...:rolleyes:

secure.png


Jeff Jones Security Blog
 

vish786

"The Gentleman"
infra_red_dude said:
the argument continues! :D
couldn't agree more. :D

me also expectin someone to reply here too....

but after comparin first graph and this graph, theirs a lot of changes in Mac OS fixes.
 
Last edited:

rocket357

Security freak
^^ Yep...Vista is doing good. Just goes to show that Microsoft does listen to their customers (even if it takes setting back their anticipated release date a few times), and the customers want security. This is a good combination.

But comparing Vista to Ubuntu is really funny, IMHO. Even RedHat/Novell... I'd still like to see these studies re-run with a security-minded Linux system, a *real* BSD system (not Mac), and Vista...I'm genuinely curious to see the results of such a study.
 

kalpik

In Pursuit of "Happyness"
^^ Here we go again! :| Please READ the thread title, and just point out WHERE THE HELL the word desktop is mentioned?!!!
 

ankushkool

Youngling
wait 4 few months n then we will talk about vista's security....
n this dosent hide de fact that vista has features which apple came up with 4-5 years back... no more 2 say :)
 

infra_red_dude

Wire muncher!
kalpik said:
^^ Here we go again! :| Please READ the thread title, and just point out WHERE THE HELL the word desktop is mentioned?!!!
no use pointing it out, kalpik. i think they better add the word desktop everywhere - the graph, the article, the thread title.... since everyone's going gaga over it!
 

din

Tribal Boy
anandk said:

WOW, yes it continues !!

Thought its something new, like some third party analysis atleast. This is the same guy rt ? I mean the author of the blog work for Microsoft, and we expect him to tell Vista is not secure ?

Anyway, we could have changed the title atleast, as we all agreed in the first phase of the heated up arguement, I mean about the desktop sector....
 

praka123

left this forum longback
^the fellow who started this thread is posting pro-M$ news and some other craps just to create trolls for sometime now. I hope better keep his fanboyism to himself and his vista club.dont make Linux/other OS users blood pressure risen.and I think as per what i get there is a pro-windows and office forum supported devil itself in India.some "merawindow$" etc.go there-dont come here to create troll by posting FUD pro-m$ ideas here.
 

ankushkool

Youngling
you know what i thought of windows as a great company... n bill as a genius ...UNTILL i saw "pirates of de silicon valley"
they r smart not genius
 

nik_for_you

In the zone
still vista is not much spread as xp.
so there might be some security issues in it but still not discovered..
i am using vista since one month.. still not found any major prob except compitibility issues
 
Lol.. I can't believe how well the vista fanboys argue about such things. The matter of fact is that it is a report by a Microsoft Security Developer and NOT by an Security Industry Analyst!! No matter how much the author himself says he is not biased, it's common nature to be biased towards what you are doing, otherwise it undermines the whole point of what you are working on. Do you expect someone to tell that the work is doing is crap?? So, conclusion is that it's a perfectly biased report. You Vista Fanboys can keep on aruging about it as long as you like!

The second part is that just because lesser vulnerabilities have been found in an OS doesn't make it secure at all!! And also where the hell did he get the report for the other OS's from?? Do you expect Apple to give out their security report to some rival Microsoft a** so that he can publish it on his blog?? How sad for those who think that is right. As far as what the author has written in his blog, it's clear that his perception of security reports about other OS is from his past experience and not with regards to current updated security issues. So, in short, this ja**a** is comparing his past security knowledge of other OS with the present day work that he is doing! Nothing more to say about it.

And I have to say agian that this is not an industry accepted report!! It is just the view of a Microsoftian! This report has been thrown into the garbage by industry experts because it has no credibility or authenticity! So, vista Fanboys, for the love of GOD, stop backing up crap reports!!
 
Status
Not open for further replies.
Top Bottom