Robert Hensing's Blog

Software Security . . . and stuff.

Vista security portal

Vista security portal

  • Comments 1
  • Likes

No not from us - but from Symantec:
http://www.symantec.com/enterprise/theme.jsp?themeid=vista_research

It offers some 'security reports' which are Symantec's 'deep dives' or in-depth technical analysis of Vista's core security features which they have obviously been very closely scrutinizing over the last couple of years.  These are some surprisingly (for Symantec) balanced whitepapers that give the average reader a fairly good understanding of why Vista security rocks (they touch on just about everything we've done 'under the covers' to make it harder to exploit Windows - none of which OSX has b.t.w.).  "Mac, the PC has issued you a warning that your protection technologies are non-existant and many, many years behind Windows Vistas - cancel or allow?" :)

Of course at the end of the day Symantec is trying to remain relevant and sell you Norton 360 for Vista by pointing out ways in which you can still get owned on Vista (i.e. users can still run malware as administrator if they try hard enough and they are definitely still going to get social engineered into so doing).  Norton 360 sounds a LOT like our very own OneCare product.  It costs a bit more (like $19USD) but it installs on 3 PC's just like OneCare and it offers all of the same features as OneCare.

Right now on Windows XP with everyone running as Administrator all of the time - if you get hit with much of today's nasty adware / spyware / malware - you're pretty much screwed - even if you run antivirus software.  As an admin you can do fundamental things like *alter the operating system* and install stealth software like rootkits which can make detection, and clean-up very difficult if not impossible (for today's AV scanners).  Your best bet if you get hit with much of today's malware on XP is to simply re-install the OS and try not to get owned again as an admin.  My hope is that with Vista - since administrators are 'protected' by default with UAC that much of tomorrow's malware will be easier to clean / remove if you do happen to run it.  For example on the 64bit versions of Vista - you can't install un-signed drivers / code into the kernel (not even as an administrator!) and we have the Patchguard watchdog guarding key kernel structures.  This should hopefully do a pretty good job of keeping malware in user-land making it far easier for the AV products of the world to detect, clean and remove . . . my hope is that at the end of the day the average Vista user's recovery experience is much easier to swallow than the average XP user (at least on 64bit - and hopefully even on 32bit) and involves simply getting updated signatures and removing malware - as opposed to flattening the box and re-installing.

Comments
Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment