« Ladies & Gentlemen – Welcome to the 3,437,560th most popular site on the internet! | Main | Where’s the Civil Rights Discussion? »
ISBS Tech Guide: Windows Vista Security
By Brian | May 6, 2007 | Share on Facebook
Quite a lot has been written about Vista’s security features, and it basically sums up to this: Vista is more secure than XP, but the security features are so annoying that you’ll hate them instantly. So Microsoft still sucks and everyone should buy a Mac.
Allow me to elaborate a little:
It’s become obvious to the folks at Microsoft that most of what has made Windows behave badly in the past (i.e., security breaches and/or the dreaded “Blue Screen of Death”) has been poorly or maliciously written software running on Windows, and not the operating system itself. The complexity of the Windows architecture, while allowing great flexibility and control in most cases, makes it damn near impossible to plug every potential hole someone might stumble upon or intentionally exploit to do damage to a machine.
Vista represents a significant untangling of the architectural spaghetti, but the basic components (e.g., the registry) are still there, so the problems are not completely going away. The solution therefore, has become one of greater transparency to the end user. For the novice user, this works as a great safety net. For the more advanced user, it works as a CYA move for Microsoft, which will annoy some people.
Here’s how it works: If you launch a regular application within Vista, the application runs with no questions asked. However, if you run an application which, in turn, wants to run another application, Vista tells you that’s happening and asks for your permission. I call it the “Grey Screen of Fear.” The entire screen goes dim, and a single message box appears which says, “Windows needs your permission to run the following application: <blah>. OK?” In my experience, this most often happens when a web page wants to run an ActiveX control, or some other non-visible component. Also, some of the more in-depth Control Panel functions cause it to happen (basically, anything that writes directly to the registry).
If you say yes and then Windows proceeds to crash, the perception is now that this particular application is a bad actor and has crashed your system, as opposed to the typical “F*^%(#ing Windows!” reaction that dominates many blogs and message boards.
My advice for the novice user would be to take the Nancy Reagan approach: Just Say No. Sure, they may miss out on some high-end web content, but if they’re truly novices, that’s probably worth the benefit of not watching their machine melt down when the content turns out to be some Adware package. That, or they’ve wandered into the control panel too deeply and probably shouldn’t be there in the first place.
For the advanced user (and here I’m arrogantly lumping myself into this category), the whole thing hardly ever happens, unless you’re working through a specific problem, in which case you might come across it over and over again as you debug something, or work through a tricky install. This is the only time I found it annoying. And while you can turn it off, I’ll admit that despite my annoyance, I didn’t bother. In the typical case, though, when I click a link on a web page and get the GSOF, I’m typically thankful for the heads up. And, in the true test of whether a warning is useful or not, I have actually said no in some cases.
So color me pleased with Vista security thus far. My system has not crashed since I have it (roughly 3 months) despite being on 24/7. The closest I’ve come to a problem was a memory leak after processing some long movie files with Acrobat Premiere Elements, and that was solved with a simple reboot.
One other quick thing about Vista security: the “Run as Administrator” function. In previous versions of Windows, a typical install created one account that had administrator rights on the system (basically, the right to do anything it wanted), and then other accounts could be created with more restrictive rights. In Vista, even the default account isn’t truly an administrator. Some functions (in my experience, installs for software written before Vista was released), will give you an error message saying, “Administrator rights required for this action.” In that case, all you need to do is right-click on the app, and choose “Run as Administrator.” This enables whatever rights have been turned off by default, and provides a nice two-step process for high-security items that is both easy to remember and easy to do. Again, color me pleased.
The major implication for Vista security is often tied heavily to compatibility issues with software written for Windows XP or earlier. Since Vista is stricter about security than its predecessors, things that were allowed in Windows XP are now prohibited in Vista. In next week’s Tech Guide installment, I’ll discuss Vista’s compatibility issues and how I solved (or didn’t solve) the ones I encountered.
Topics: Tech Talk | 2 Comments »
My thinking is that it’s *meant* to be the Darth Vader music of computers, very ominous and disturbing. So on the Mac, you only use it when something is really wrong. On Windows, though, it’s just to ask for a dialog box? Sounds like overkill.
My system has not crashed since I have it (roughly 3 months) despite being on 24/7.
Morbid curiosity — how often do you have to restart to “clean things up”?
Actually, it’s not so bad when you see it. The first few times, I thought for a second that the computer had crashed when the screen went dark, but eventually you know what’s happening and it really doesn’t much matter.
Re: restarting – the only application that seems to require a restart for “clean up” purposes is Adobe Premiere Elements, and then only when I’m editing large movie files (3-4 hours or more). There’s obviously a bug in the software; I have 4GB of RAM, and almost 200GB free on the hard drive, so it’s not like it’s running out of room.
Other than that, the only time I’ve rebooted the machine was the occasional install that requires it, and when I power down to re-arrange cables, power cords, etc. Everything else seems to be running seamlessly.
(The laptop has never required a reboot, although I do shut it off when I’m done using it, so it doesn’t have to do the whole 24/7 thing…)
FamilyGreenberg.Com is proudly powered by WordPress.
The template is from RFDN and has been modified extensively by yours truly
Here is the RSS feed for the Entries and here is the RSS feed for the Comments