Sorry for the delay of part 3 of my series (Part 1, Part 2) on The FUDing of Windows Vista, but I've been pretty busy.

Today, however, I simply couldn't stop myself. The Register decided to write a "review" of Windows Vista's security features. Needless to say, it's a prime example of the FUD I'm talking about.

So, point by point:

While referring to IE's Protected Mode feature:

However, there is a brokering mechanism that enables users to download files to any location they have access to, or to install browser plugins and extensions, and the like. So users are still invited to make a mess of their systems, and no doubt many will, while Microsoft has a chance to shift blame away from itself.

Uh huh. First, you can't install plugins/extensions (with the exception of signed ActiveX) without admin privs. Period. Second, how, exactly, would you propose the user be able to save files to their Documents folder, or do any other file operation in their profile (or basically anyplace on the system) without this brokering mechanism? Would you prefer that Microsoft not allow users to download *any* files via the browser? Ya, that would work out well.

However, IE7 on Vista does still write to parts of the registry in protected mode.

IE7 is running as an extremely low-rights user. This does *not* mean that it doesn't have the ability to write to any part of the registry. It means that the registry's ACLs must explicitly allow write access to the IE's low-rights user. Certain locations have been explicitly marked as write-safe for the low integrity process. The example given by The Register is one of them. In other words, it's not an issue.

However, DEP, when full on, may cause a number of applications to crash, or interfere with their installation. I'm betting that a majority of users will opt for the more conservative setting, and this of course means less defense for everyone.

You're betting that the majority of users, most of whom think "DEP" is an actor's last name, will go and hunt down the DEP setting and turn it off because it will supposedly cause lots of applications to crash? Really? You mean they won't selectively turn it off via the dialog box that comes up after a DEP-related crash that asks if you want to turn it off just for this application? Oh, and what quantitative study are you citing that shows that lots of commonly used applications will crash because of DEP? Give me a break.

User Account Control (UAC) is another good idea, because it finally, finally, finally allows the machine's owner to work from a standard user account, and still perform administrative tasks by supplying admin credentials as needed on a per-action basis. You know, the way Linux has been doing it forever.

Windows has supported running individual processes as admin (or any other account) since NT4. It was integrated into the GUI in Windows 2000. That is not the point of UAC, and it's not how Linux does it at all. If you try and run an application or perform an operation on Linux or Unix that requires admin access, it will fail. It doesn't prompt you. It's a subtle, but big difference. And it's a critical difference in the Windows world where that vast majority of applications won't work without admin privs.

Of course, it only works if everyone stays out of the admin account as much as possible, and if everyone with an admin password knows better than to install a questionable program with admin privileges. And there's the catch: "Windows needs your permission to install this cleverly-disguised Trojan nifty program. Click Yes to get rooted continue."

Wrong. It works regardless of what user you *think* you're running as. An admin account on Vista (with UAC enabled) is NOT AN ADMIN ACCOUNT. It's a limited user. The *only* difference is that an admin account isn't prompted to type in credentials in the UAC prompt, where as a limited user is.

So you see that, here again, MS's security strategy involves shifting responsibility to the user.

Ok, smart ass. What's a better solution? Get rid of admin accounts entirely? Don't allow any programs to run at all? Never allow a user to connect to the net? Oh, how about only allowing signed, Microsoft approved applications to be installed on Vista. Ya, that would go over well. What would you say about "The Vole", then?

And the reason why it's never going to work is because MS still encourages the person who installs Vista (the owner presumably) to run their machine with admin privileges by default....Until MS gets it through their thick skulls that a multi-user OS needs a separate admin account and a user account for the owner, and that the owner should be encouraged to work from a regular user account as much as possible, UAC will never work as intended.

Wow. Ok. Imagine this scenario: A person installs/buys Vista and sets up the machine. Vista does what you want so badly and first asks for an admin account password, but then asks the user for the login/password for their limited account. Having an admin account on the machine is unavoidable if you ever want to do anything on the machine past checking your e-mail and reading high-quality publications like The Register.

So now the user has the admin account (that they're not using as their primary account), and they have their limited user account. Now anytime they need to do something that does require admin privs they will be prompted via UAC for the admin password. Since they're the ones who setup the machine, they'll type in the admin password. For all the other users on the machine, they'll have to go get the person who setup the machine to type in the admin password, exactly as they'll have to do right now in Vista.

So, how is this any better? Now, instead of the occasional annoying OK button, you'll have an OK button and be required to type in admin credentials. If you're the guy who setup the machine, you know the password. If you're not, then it works just like it does now.

Or perhaps you would rather have it just like it is in Linux, and have all operations simply fail with access denied errors? See, it works fairly well for Linux because all Linux applications were designed from the ground up with a multi-user system in mind. But Microsoft *must* support as many legacy applications as possible. That legacy application support is one big reason why Linux on the desktop has failed to defeat Windows.

Furthermore, if you want UAC to always prompt for credentials even as the "admin" user, there is a policy setting to make that the case.

UAC is, in my opinion, a good solution to a problem that exists only on Windows. Saying that Windows should operate its elevation system like Linux simply shows that you don't understand the problems at hand.

In fact, UAC is the most complained-about new feature of Vista, and most people are disabling it as soon as possible.

It's the most complained about by people like you, and by a few vocal power users. But guess what, you're all in the minority. Most people will fairly rarely encounter UAC. As a person actually using Vista on a daily basis at both work and at home, I don't find UAC annoying at all. There ya go.

And when you're running in an admin account, UAC is nothing but a bother.

And when you're running as a non-admin account, UAC is nothing but a time consuming bother? Give me a break.

And once UAC is disabled, all of its security enhancements are lost. Yes, the basic idea is good, but the implementation has been completely bungled.

So what's the better solution?

And since it's very likely that you will still be running your Windows box as an admin, if you're going to open a file with Windows Explorer, you'd better look to see whether or not it's an executable, because it will run with your privileges. So, at a minimum, the folder view should default to showing file extensions.

I kind of agree with this, but the chances that you'll run an application without knowing it's an application are fairly small. If you downloaded this application from the net, Windows will flag it as potentially unsafe. When you try and run it, Windows will ask you to confirm that you really want to run this application and that you trust it. (And yes, you can turn this off by unchecking a box in the properties dialog of the file.)

As usual, Windows enables far too many services by default.

Examples? Oh, that's right... we don't need examples. This is The Register.

It's a little craplet with a stereotypical icon that looks like a shield, and it simply informs you of whether or not the firewall is on, whether or not you've got anti-virus software installed, and so on.

One major hurdle for users security their system is that they don't know all the things they need to secure. The Security Center provides a single place where they can check their most important security settings. Seems like a good idea to me, and it seems to work pretty well. But I guess because The Register thinks it's a "craplet", I must be wrong.

We have got, instead, a slightly more secure version than XP SP2.

Uh huh. And if I took this "review" at face value, I might have to agree with you. Except luckily, I don't usually take things at face value. The "review" ignores many of Vista's security features, and it gives an extremely biased and unfair assessment of the ones it does touch on.

Only time will tell as far as how security Vista will be against the onslaught of hackers that will undoubtedly be attacking it, but it's a helluva lot better than The Register gives it credit for.

My previous blog post, The FUDing of Windows Vista, concentrated on how the major tech media organizations are giving Vista a bum rap, either intentionally or out of simple ignorance. But Vista reviewers are not the only ones doing their best to spread the FUD.

Several major security vendors, such as McAfee and Symantec, see Vista as a major threat. Vista's new security features will make it much, much harder to attack. Since these companies make the majority of their money from providing products to protect users from these kinds of attacks, I can understand why they would be worried.

Instead of innovating and coming up with new products and services to supplant a business built on other's mistakes, they decided to try and FUD their way out. McAfee took out a full page ad in the Financial Times that claimed that Vista will be less secure than previous versions of Windows.

McAfee's reasoning is that because Vista prevents direct access to the kernel via a technology called PatchGuard, McAfee will no longer be able to modify Windows at will to provide their services.

Of course, this also means that the bad guys won't be able to either, which is kind of the point. The most dangerous malware out there right now are of the rootkit variety, and these guys rely on patching the kernel.

Furthermore, Microsoft has never supported directly patching the kernel. In addition, Microsoft has provided a rich set of APIs to perform the tasks that McAfee and Symantec need for their product to function. How do I know these APIs work? Maybe because several other security vendors, such as AVG, Kaspersky, and even Microsoft, have already released Vista compatible security suites that use these APIs are work just fine.

Lastly, PatchGuard is only in Vista x64, which probably won't be adopted in wide form for at least another year. Not to mention the fact that Microsoft has a nearly identical feature in XP 64 bit edition, and announced their intentions to include it in Vista x64 several years ago. McAfee and Symantec have had ample time to fix their stuff.

The other feature of Vista that these vendors are getting upset about is the Security Center. The Security Center basically just gives you one stop shopping for all your computer's security related settings. In order to provide a consistent user interface (consistency is a key for usability, and when it comes to security that's very, very important) they prohibit 3rd parties from modifying the interface. Instead, if you have a 3rd party firewall or antivirus package, it will list them in the security center and provide links to modify their settings.

McAfee and Symantec didn't like that. Why? Because they want to brand everything they possibly can. They want you to think that the security of your computer is completely dependant on them. That way you'll be less likely to cancel your subscription. So they scream and yell about this, calling it anti-competitive, and claiming that Microsoft is trying to give special treatment to their own OneCare software. They of course ignore that OneCare follows all the same rules that Microsoft is asking McAfee and Symantec to follow.

McAfee and Symantec are terrified that Vista will make their business less profitable, so they're lashing out. They figure if they can scare enough people into thinking that Vista is unsafe, they won't have to spend as much time and money fixing their software and coming up with products that actually provide value to their customers.

Update: Be sure to checkout the 3rd part in my series of blog posts about The FUDing of Windows Vista!