Review of Windows Vista final code shows security needs admin attention
Corporate administrators need to take pains to set security specifics.
Our Clear Choice Test shows Vista Ultimate has much to like, and issues to fear, because of security holes.
How we tested Vista
Slide show: Getting the slide show from Vista
Archive of Network World tests
Subscribe to the Network Product Test Results newsletter
We also found Vista Ultimate’s much-needed hierarchical user security model -- called User Access Control (UAC) -- will likely become problematic in a widespread deployment from both systems security and administrative points of view. Historically, many Windows-based applications have presumed they be given the right to root access to some operating-system features.
When an application does this on a machine running Vista Ultimate, the attempt triggers an automatic response from the operating system that asks the user whether this access should be granted and demands some level of administrative password to complete a requested operation desired by an application. (The text for this response is often cryptic and offers only a registry entry when a user requests "details" regarding an exception pop-up message.) Both good software as well as malware in our testing consistently provoked these messages and subsequent choices.
Users of Windows XP SP2 may be accustomed to root-access-intervention messaging, but Vista Ultimate goes much further, preventing even with some of its own utilities from effecting changes to the underlying operating system without user or administrator permission. The temptation is to accept, rather than reject, these requests in order to get access to the applications users will need. The downside to that decision would be letting a virus, Trojan or malware application infect the system through the front door despite the presence of Windows Defender antimalware application and despite numerous security settings put in place by a careful administrator.
We were easily able to infect our Vista Ultimate machines with variations of the Blaster Trojan by letting an application proceed as described. Microsoft elected to lay this decision on the hapless user and their support mechanisms, rather than force thousands of applications vendors to modify their code to behave in a hierarchical user access model.
Unless administrators preload all possible enterprise applications before the users get their new Vista Ultimate machines, any application exception will require mitigation by administrative/help desk support personnel, because users won’t know what to do when presented with the options.
We also found issues with how Vista Ultimate in combination with the new Internet Explorer 7 handles digital certificate interactions with -protected Web sites and services. Vista Ultimate and Internet Explorer 7 change the way digital certificates are processed and can cause error messages that don’t typically provide details about the certificate in question. Users or administrators have almost no information with which to debug the sometimes thorny problems that SSL can cause, let alone track down attackers who attempt to spoof sites by using invalid/inappropriate certificates.
Migration and installation
We received two preloaded HP dual-core PCs from Microsoft, one desktop and one notebook with Vista Ultimate Edition installed on them. We found that tightening security on a fresh install is a matter of using an appropriately configured registry hive, a packaged group of registry changes, to "cure" the weak defaults provided.
|
This may need attention for some organizations, as the fresh local security policies prevented us from accessing all but the most recent SAMBA versions on our Linux servers. In order to have these clients access our other lab servers, we had to upgrade our Mac OS-based Xservers’ Samba implementation, or diminish Vista Ultimate’s NTLM password strength setting, a problem we first noted with Windows 2003 Server Editions.
To aid in preconfiguration and migration, Microsoft has updated its User State Migration Tool (USMT) for Windows 2003 Server Enterprise Editions to allow two different types of Vista Ultimate installations: an in situ migration where a user’s settings and data are moved in their entirety, and wipe-and-retrofit migration. Also available is a toolkit called Windows Easy Transfer, which is an old-fashioned DVD-based installation that took three-plus hours to load to on an HP/Compaq 32-bit desktop with 512MB of DRAM and an 80MB disk. A simple system wipe-and-replace took just 35 minutes. Clearly, migrations need to be planned.
The USMT application produces Windows Imaging file (WIM) payloads, which can be subsequently used as distributed Vista Ultimate operating-system samples as varietals to match certain hardware types. Unlike prior editions of Windows, Vista Ultimate is driven solely by a GUI, and drivers can be loaded at install time from USB drives, CD/DVDs or nonfloppy-disk sources — or embedded within a USMT organizational distribution image. Several such different images (variations for differing hardware or application selections and settings) can be used in the same WIM file. Users that employ a homogeneous Microsoft operating system and application environment will have little trouble with these processes.
Some of the Vista Ultimate’s communications applications, such as Windows Meeting Space, require that an administrator down-rate some security settings unless users are authenticated against Windows Active Directory. This application allows application or desktop sharing between (as many 10) users that have all met permissions and authentication tests. Sessions can be established if a user is authenticated against Active Directory, but can’t be authenticated against SAMBA (the SMB/Active Directory emulator), we found in our testing.
What we liked
Disks installed in a Vista Ultimate machine can now be completely encrypted, thanks to a reworked encryption implementation in Microsoft BitLocker. It requires two partitions (one is encrypted) and a Trusted Platform Module chip (V1.2 or higher) and a BIOS that supports it. Some versions of the chip/BIOS combination support storing keys on the chip itself, others require an external USB flash drive. Machines using Windows XP that are upgraded to Vista Ultimate will likely need disk repartitioning to use this.
Windows Mobility Center, designed to wrap the various settings needed for a PC to function in mobile networking situations, amalgamates the myriad applications (such as settings which formerly required navigating several applications) needed in Windows XP into a single area, making them easier to understand and adding a few critical features, such as native IEEE // WPA2 support (even in ad-hoc mode) and connection status.
And depending on the quality level of a display adapter (we used nVidia adapters throughout our tests), the revamped user interface is far easier on the eyes (dare we say — approaching Mac quality?) and is much easier to navigate, as icon boundaries are defined better, and overall scrolling and object movements are smoother.
Users also can synchronize their data via the Sync Center, this year’s reworking of Microsoft’s original BriefCase concept, except that this one seems to work very well. Potentially, it can synchronize information across numerous platforms and with flexibility not found in prior versions. It can do without needing to subscribe to a service, though it’ll likely be compatible with third party services soon.
Overall
As we said, we like Vista Ultimate, but that endorsement comes with the important caveat that is must be controlled before its released to users. User Access Controls must be dealt with in organizational policy, or a user will unwittingly hurt himself and potentially the entire corporate network by making incorrect choices. We were shocked at the uniformly inarticulate error messages, a criticism of Microsoft for more than a dozen years, and what we saw will drive help-desk support personnel to the pharmacy.
Henderson is principal of, and Szenes is a researcher for, ExtremeLabs in Indianapolis. Thayer is a private network security consultant in Mountain View, Calif.
Henderson, Szenes and Thayer are also members of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to www.networkworld.com/alliance.
Copyright © 2006 IDG Communications, Inc.