Microsoft Windows Vista is finally moving towards a security model that competing operating systems such as Mac OS X and Linux have utilized for years. As usual, Microsoft is a late comer. Since Microsoft has a virtual monopoly on the world's desktop, Microsoft will prevail in the mission of securing Windows Vista. Microsoft will expend more resources than Apple, and Linux combined to catch up and out do Linux, and OS X. Now off my rant, and back to the regular scheduled portion of the program. Administrators will now run majority of the applications with Standard User Privileges. The restricted privileges gives hackers a much smaller footprint for attack. This ensures more overall security. The main new feature in this category is called User Account Control (previously known as User Account Protection and Limited User Account).
User Account Control is necessary because the previous versions of Windows was way too lax concerning user accounts. It was took easy to configure any user account with administrator privileges. This allowed for an open and undefended system for hacker and virus attacks. Therefore, most Windows applications written assumed that users had administrator account privileges. This creates a problem of an open system, where the user has access to everything - I mean EVERYTHING - on the computer. When the system is compromise by worm, Trojan, virus, or other form of malware, that malicious code then runs with administrator privileges as well. That's how PCs get "owned."; everything in the OS is fair game.
Security Minded individuals initially attempted to improve the previous Windows security model. Due to the poor design, these security minded individual realized the entire model needed to be rearchitected. One of the main components in this new security model is the UAC.
Below are the various features and benefits:
Standard User Privileges
In Windows Vista, Standard user accounts have additional privileges to perform common tasks which will not require helpdesk assistance. The tasks can be completed on your schedule, and not the schedule of the helpdesk. The privileges have been determine to have minimal system impact, and potential to a compromised system. The administrators still have the option of restricting the privileges. The new permissions for standard user accounts in Windows Vista include:
* View system clock and calendar
* Change time zone
* Install Wired Equivalent Privacy (WEP) to connect to secure wireless networks
* Change power management settings
* Add printers and other devices that have the required drivers installed on computer or have been allowed by an IT administrator in Group Policy
* Install ActiveX Controls from sites approved by an IT administrator
* Create and configure a Virtual Private Network connection
* Install critical Windows Updates
Additionally, disk defragmentation is now an automatically scheduled process in Windows Vista, so users will not have a need to initiate that action.
An excellent example is users able to change time. In previous versions of Windows only administrators had privileges to change time. The current Windows Vista reduces this uncertainty by using a shield icon throughout the operating system to identify commands that require administrator privileges.
Figure 1: The shield icon notifies users that they cannot perform the Change Date and Time operation.
tags: Windows Vista, User Account Control, Mac OS X, OS Security, software
No comments:
Post a Comment