Anti-Windows Catalog

Vista Scares The Industry. This is a Good Thing.

Written by Gordon Fecyk, 5/25/2006

YES, I KNOW, MORE KNEE-JERKS to write about today. Boring!

Let's start with Wikipedia:

Windows XP has been criticized for its susceptibility to malware, viruses, trojan horses and worms. Security issues are compounded by the fact that users, by default, receive an administrator account that provides unrestricted access to the underpinnings of the system. If the administrator's account is broken into, there is no limit to the control that can be asserted over the compromised PC.

Yeah, yeah, yeah, yeah. Let's play Mad-Libs with this one, shall we?

The Automobile has been criticized for its susceptibility to weather, rust, metal fatigue and car thieves. Security issues are compounded by the fact that motorists, by default, receive a hood release catch that provides unrestricted access to the underpinnings of the system. If the ignition system is broken into, there is no limit to the control that can be asserted over the compromised car.

Sure, you'll criticize me by saying that said hood catch isn't something that motorists usually play with. Right. I'll remember that the next time you check your oil, or update your anti-virus software.

Not everyone plays with their car's hood. Certainly, no one plays with it while they're actually driving. So close the hood on your computer, already, and start driving the information highway safely.

SO CRITICIZING ADMIN ACCESS IS ABSURD. With that firmly established, let's resume with more current stupidity:

Anti-virus firms at Infosec say they expect Vista and [Internet Explorer 7] to change nothing for the industry. Microsoft used its presence at the show to laud the security features they've been busy building in the upcoming software.

Eugene Kaspersky, founder of [Kaspersky Labs] said he expects the new privilege regime to have little effect. He said: "Of course [virus writers] will find a way round it. Within a year there will be something like a rootkit for Vista."

If you don't know what a "root kit" is, Wikipedia also provides an informative article on it:

Rootkits come in three different flavours, kernel, library and application level kits.

Kernel level rootkits add additional code and/or replace a portion of kernel code with modified code to help hide a backdoor on a computer system. This is often accomplished by adding new code to the kernel via a device driver or loadable module, such as Loadable Kernel Modules in Linux or device drivers in Microsoft Windows.

Library rootkits commonly patch, hook, or replace system calls with versions that hide information about the attacker.

Application level rootkits may replace regular application binaries with trojanized fakes, or they may modify the behavior of existing applications using hooks, patches, injected code, or other means.

This last line's particularly ominous:

Kernel rootkits can be especially dangerous because they can be difficult to detect without appropriate software.

As usual, this type of writing jabs on and on and on about how difficult it is to remove this evil piece of software, but never, ever touches on how to keep it off in the first place.

They won't tell you, so I will.

1. To prevent adding new code to a Windows Kernel, avoid using an administrator account for your daily work. Only administrators have the power to add device drivers or other code to the Windows Kernel.
2. To stop programs from replacing system calls, avoid using an administrator account for your daily work. Only administrators have the power to change or replace system calls.
3. To prevent replacing application binaries, avoid using an administrator account for your daily work. Only administrators have the power to replace or modify applications.

Do I sound like a broken record yet?

Actually, "replacing system calls" and "replacing application binaries" are things that viruses, spy ware and trojan horses already do. All the Wikipedia's told you is a fancy, scary new name for the same old things.

VISTA'S SECURITY FEATURES MIGHT BE ILLEGAL! Can you believe that?

"Overall, Microsoft Vista will bring spectacular improvements to the overall level of security for users, but only if Microsoft succeeds in making customers and ISVs comfortable with the new security system," Yankee Group security solutions and services program manager Andrew Jaquith said.

"However, Windows security issues will continue to be a permanent fact of life for Microsoft, which means that third parties will always have a rich and robust aftermarket available to them to serve."

Ahh, yes. Tantalize customers with a glimer of hope, then stomp all over it with fear, uncertainty and doubt. And don't forget to sell more umbrellas, um, anti-virus licenses, just after the big virus storm hits.

And if that isn't enough to encourage more AV sales, then perhaps the legal angle will work:

Microsoft will also have to be careful that the new system adheres to competition rules. Microsoft has already been put on the alert by EU regulators, who will be closely watching Vista for signs of anti-competitive practices.

Translation: It might become illegal for Microsoft to protect their own customers in the name of fair competition! Computer security firm Symantec already fired the first legal salvo just last week!

The security firm is after Microsoft for unspecified damages and an injunction that could halt the release of Vista and the Longhorn server suite. The case relates to a 1996 contract between Microsoft and Veritas [Now part of Symantec] which licensed the latter's software for dealing with large chunks of data.

Yes, yes, yes, I know it has nothing to do with Vista's built in security capabilities, just its built-in data handling capabilities. But if the computer security industry doesn't let the facts get in the way of a good story, why should I?

You have to appreciate the irony here, folks. A computer security firm will take any steps necessary, including legal ones, just to stop Microsoft from protecting its own customers.

If that actually comes to pass, then Microsoft would have to be fined retroactively starting from about Fall 1999, when they released Windows 2000.

IN REALITY, MICROSOFT gave their customers better security features six years ago. Back then, customers had a choice: Either stick with Windows 95, Windows 98 or Millennium and remain satisfied with lesser computing requirements and third-party security solutions, or consider upgrading to newer computers that could run Windows 2000 with its built-in safeties.

Let's take a look at how much Windows 2000 would have cost, compared to what Windows Millennium Edition cost you, from Winter 2000 through Summer 2006:

A note about the numbers: Pricing information from Winter 2000 wasn't easy to find, and the software prices are actually based on full retail costs as of May 2006. I can only say with authority that the Windows 2000 price is reasonably close to what I paid in Summer 2000, which was just over C$350.00.

Not a whole lot of difference, in the end. You actually would have saved a little with Windows 2000 up front, but you would have saved a lot more in prevented downtime by catching most computing problems before the fact. And you'd probably even have a slightly faster PC, since the Pentium II and AMD K6 series processors of the day ran Windows 2000 faster than they ran Windows Millennium.

The Windows ME user wouldn't have avoided I-Love-You, BadTrans, etc because Norton Antivirus could only catch viruses after the fact. The Windows 2000 user wouldn't have avoided Blaster, but by about late 2002 hardware firewalls were available, adding about $100 to each side's total, which would have saved the Win2K user before Blaster came out.

By this logic, Microsoft's Windows 2000 operating system represented unfair competition to Norton Antivirus. By the same logic exercised by computer security firms today, Windows Vista represents unfair competition to the entire computer security industry! The horror!

LETS FACE IT, EVERYONE. Microsoft has the IT Security industry running scared. Its pundits laugh at Microsoft's security track record on the surface, but when Vista encourages Limited User access by default, as opposed to just supporting it starting from Windows 2000, their current after-the-fact business model will collapse. It will mean the end of after-the-fact anti-virus software, the end of after-the-fact anti-spam, maybe even the end of after-the-fact reformat-and-reinstall repair bills.

Indeed, Microsoft will force the IT security industry to up their game, and the industry is doing all they can to delay it, right down to legal tactics and smear campaigns.

I don't know what my peers think of all this, because let's face it, this is the end of their prized cash cow. But if this finally forces the IT security industry to evolve, then I'm all for it.

Related Links:

• AV firms rubbish MS Vista security claims -- The Register
• Vista bad news for anti-spyware market? -- ElectricNews.Net
• Symantec moves to slap Redmond with Vista injunction
  Symantec drops Microsoft lawsuit -- The Register (Fight's over, move along.)
• GOOD news: Microsoft joins the antivirus industry -- VMyths
• The smear campaigns continue: Sunbelt Pot calls Microsoft Kettle Black
• Would umbrella manufacturers predict good weather? -- VMyths

[Catalog Home]

Resources:

Recently Edited Categories:

Browse All Categories

Recent Commentaries:

Browse All Commentaries