Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

9/28/2006
08:05 AM
50%
50%

Deconstructing Vista

A battle is forming over what security capabilities Microsoft's new operating system should have, but Microsoft should ultimately be allowed to make that call

There is a large battle forming over what Windows Vista should, or should not, have in it. On the security front, this battle focuses on three features: the security software Microsoft will bundle with Vista; the Security Center that will manage most of the security software to be used on Vista; and PatchGuard, a feature unique to the 64-bit edition of the operating system. Let's take a closer look at each of these potential elements of the Vista package.

The Battle for Content: Vista's Security Bundle

This battle didn’t just begin; it started some time ago when the European Union requested and got a special version of Windows without a media player -- only to discover that customers didn’t want it. The voice of the customer often goes unheard as Microsoft plans its next-generation Windows capabilities, so let's examine that demand.

Number one, customers like free things. In fact, if Google is any example, they really like free things. In general, customers don’t want to pay for something in the future they get for free today. So far, the anti-phishing and anti-spyware products in Vista are free; the antivirus product is not. It is priced below other products, but it is also considered inferior to most, so it will be possible for third parties to market their security products in a way that makes their premium price appear reasonable.

In the near term, if Microsoft provides an adequate product for less, the market will likely go for it. But security products become obsolete very fast and need to be updated on a regular basis. If hardware OEMs continue to regularly bundle third party security products with their offerings, Microsoft's advantage will likely be fleeting.

Security Center

Security Center is the Windows component that monitors the overall security health of the system. Other vendors have competing products, but Microsoft has refused to allow them to replace this component of Windows. Microsoft's reasoning is easy to understand: Whichever vendor owns this component is the most likely to sell the parts of the entire solution. If a Windows customer uses Symantec’s Security Center, that customer is more likely to favor Symantec’s security products.

The Microsoft feature, as of this writing, is not strongly branded. But third-party vendors remain concerned because Windows itself is a very strong brand. Meanwhile, customers want a tool that will help them manage all of the security software on the computer. So far, none of the third-party Security Centers we have tested does that.

Given the requirements of such a tool, it doesn’t seem unreasonable that Microsoft would not allow its tool to be replaced by one that couldn’t work across vendors. And could you really trust one competing vendor to properly link to another -- even if it wanted to?

Windows Vista 64 Patch Guard

In the near term, I don’t expect a lot of folks to run the 64 bit edition of Windows Vista, even though it will clearly be the most secure. One of its special security features is a unique component called Patch Guard.

In a nutshell, Microsoft is locking everyone -- including its own security software people -- out of the operating system kernel to assure the integrity of that kernel.

Symantec and others feel this is wrong because, despite Microsoft’s best efforts, they say the kernel will be compromised, and they will need access to it to protect their customers against future problems. But for Microsoft, giving one group of companies the ability to change the kernel is like giving everyone that ability, and this would decrease Vista's overall security.

Certainly, interfaces to the kernel can and should be allowed. The question is whether any third party should be allowed unfettered authority to alter the kernel.

This is a tough one to call, but our view is that the decision should be made by the company that is truly accountable for the security of the platform. If Vista were Symantec’s product, Symantec should get the final say on what methods are most appropriate to secure the product. If Microsoft keeps to its plan of restricting access to the kernel, it could lead to greater security, reliability, and consistency in the offering.

I’m a firm believer that the kernel should be locked up; the question is whether or not this is even possible. The only way to know for sure is to try it -- and what better way to try it than with a low-volume product that will generally be used by the most technically competent?

Microsoft's Broken Security Process

Years ago, Microsoft passed the security responsibility for its products to other companies, and that may have been a bad idea. Now Microsoft is trying to reverse this position and take ownership of the security of its platform. Preventing Microsoft from doing that probably isn’t in the customer’s best interest.

Whether it is a car, home, business, or operating system, the company that builds a thing should own the responsibility for securing that thing. Only then is security designed in from the start, and this is the most secure way to secure anything. In the current hostile environment, even Symantec reports that most attacks are now targeting employees at home. We desperately need to allow Microsoft to secure its own offerings because we just as desperately need to raise the base level of desktop security.

— Rob Enderle is President and Founder of Enderle Group . Special to Dark Reading

  • Microsoft Corp. (Nasdaq: MSFT)

     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 8/3/2020
    Pen Testers Who Got Arrested Doing Their Jobs Tell All
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
    New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
    Nicole Ferraro, Contributing Writer,  8/3/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Changing Face of Threat Intelligence
    The Changing Face of Threat Intelligence
    This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-15820
    PUBLISHED: 2020-08-08
    In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
    CVE-2020-15821
    PUBLISHED: 2020-08-08
    In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
    CVE-2020-15823
    PUBLISHED: 2020-08-08
    JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
    CVE-2020-15824
    PUBLISHED: 2020-08-08
    In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
    CVE-2020-15825
    PUBLISHED: 2020-08-08
    In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.