There's no question that Microsoft wants people to believe Windows Vista is the most secure version of Windows yet. On Vista's homepage, security is the second-highest listed feature aside from the user experience. How can Microsoft be so sure? The company solicited endless rounds of feedback from beta testers to make sure Vista's new security functions worked well.
The end result, as I've tested it in its release candidate form, is quite promising -- but will Vista mean the end of malware worries for Windows users when they upgrade to it?
The time factor
The first thing to keep in mind is Vista's availability. The vast majority of people will only benefit immediately from Vista if they actually upgrade to it. Since most Windows licenses are sold as OEM preloads with existing PCs and are not boxed copies of the operating system (OS), that means the pace of upgrades to Vista will largely match the pace of replacements for existing PCs. If Vista eclipses XP at the rate that XP eclipsed previous versions of Windows, it may be as long as three years before the majority of Windows desktops run Vista.
Possibly, there are a few positive "back-impacts" from Vista's development that in the future may help with XP's own security, if not immediately. One of them is the more stringent code review process Microsoft adopted during Vista's gestation. Signs already point tentatively to that having been a good idea: The latest crop of security alerts for Windows and Microsoft Office do not show the same vulnerabilities in Vista or Office 2007. (This isn't to say that Vista and Office 2007 aren't going to show any security issues -- only that they aren't likely to be vulnerable to the same grade of issues.) In time, future updates to XP ought to tighten things up that much further, provided, of course, that the people who need them download them and apply them in the first place.
UAC and Windows Defender
The under-the-hood changes to Vista's security revolve around a few new mechanisms that make it far more difficult for an unwanted program to dig its hooks into Windows. One of the biggest changes, User Account Control (UAC), forces the user to approve certain actions manually, such as launching a program that could change certain system settings or installing an application with full administrative rights.
By default, applications in Vista are not run as administrator, even if you log in under an admin account. You need to specifically declare that a given application will run as admin before it does. Typically, you do that by shift-right-clicking on the program in question and selecting "Run as Administrator." Most applications that are not written specifically for Vista need to be installed under admin rights to work properly as well.
The worst-case scenario is that people will grow frustrated with unexpected application behaviors, turn off UAC entirely (which is possible and doesn't require a hack) and then re-expose themselves to many of the same issues that Vista was designed to prevent.
Another problem is the question of what's "unwanted." Many people who install malware do not realize that what they're installing is, in fact, bad for their PC, and sometimes they jump through a fair number of hoops to install it!
In short, UAC is only going to protect people who learn how to work with it, rather than against it. If you're responsible for educating people about the way Vista works, make it a top priority to tell people exactly how UAC works and how they must deal with it.
Vista also comes pre-equipped with Windows Defender, a set of interlocking anti-malware and system-protection tools including a revised version of the Windows firewall that debuted in XP. Defender is turned on by default and protects a system actively against a variety of unauthorized changes, such as if an application tries to register itself to start automatically without your authorization.
Defender can also be disabled by the user (albeit through a UAC action). One of the bigger worries I had about Defender, as with UAC, is that it would prove to be a frustration and that people would turn it off just to get regular work done. This does not seem to be the case. But, again, people moving to a Vista computer and encountering Defender for the first time would need some degree of training to understand what it implies for them. Be sure you tell them not to simply turn it off out of spite without perhaps replacing it with something else or having other programs or protocols in place to prevent attacks.
The known and unknown threats
One thing seems clear: The tighter Vista's native protections get, the more third parties are going to find ways to subvert the operating system that weren't even considered viable before.
While Vista was still in beta, security researcher Joanna Rutkowska discovered that unsigned kernel code could be back-injected into the OS by modifying the page file; Microsoft's response (admittedly a bit heavy-handed) was to disallow any application from performing sector-level writes to disk without operating through a signed kernel driver.
The presence of such possibilities was deeply troubling to security analysts because they signaled how a cunning hacker could simply perform an end-run around Vista's defenses. Using rootkits or other subversive technologies to hide their tracks, they might be able to slip through such cracks without ever coming up against UAC or any of Windows's other defenses. On the other hand, the attack was not something that had been witnessed in the wild, and now Microsoft had been at least made aware of how such things can be engineered.
The motives behind hjiacking people's computers will not diminish. There's more incentive than ever to do this -- it's big business. Those who make use of exploits to write malware usually do so for one reason: stealing (typically from someone's bank account). Additionally, people who discover system exploits can resell them on the black market for cash -- tens of thousands of dollars each -- which are, in turn, used by exploiters to steal from unsuspecting victims.
Vista could mean the end of malware as we have come to know it: most commonly in the form of browser plug-in exploits and AIM links that launch Trojans. This would be a great thing, and it is much overdue. But, it may be the beginning of the next wave in malware -- intrusions so subtle and difficult to detect that Vista users (and Microsoft, too) will be forced to retrench once again.
About the author:Serdar Yegulalp is editor of the Windows Power Users Newsletter. Check it out for the latest advice and musings on the world of Windows network administrators -- and please share your thoughts as well!