Windows Vista: New take on security

In the second of our four-part series, we look at security in Windows Vista

Microsoft intends Vista to be the most secure version of Windows yet released. Security has been beefed up throughout the operating system, with secure booting, protected data transfer across system buses and enforced driver signing helping to protect the system from attack.

Additionally, Digital Rights Management (DRM) gives copyright owners the ability to protect their digital media from piracy if they wish.

User Account Control
Certainly the most noticeable – and probably the most irritating security measure from the user’s point of view – is the introduction of User Account Control (UAC).

Today, most Windows users are running with default administrator privileges. Home users and anyone who had been using Windows since the days of Windows 3.0 or even Dos will have grown up in an environment where there is only one user on the system, and that user has the power to control, edit – and screw up – anything and everything on the PC.

Today, the vast majority of Windows XP users run their systems using administrator accounts. While running the system in this way doesn’t increase the likelihood of attacks from malware or hackers, it does mean that any such program that manages to sneakily execute using your privileges while you’re in command has the power to erase your hard drive, or much worse.

In Windows XP, it’s easy to configure users to have either standard or administrator privileges. It was always Microsoft’s intention that everybody would run Windows XP as a standard user and only log in as an administrator when performing genuine administrative tasks, such as installing device drivers and software or changing networking configurations.

Unfortunately, a huge amount of existing software simply didn’t run well as a standard user. For example, applications often assumed they had read and write access to the entire filesystem and system Registry. Denying such an application access to any of these assumed rights would cause the application to fail.

Standard users
The result is that running Windows XP as a standard user is just too much of a pain for most people. Even in business environments where attempts are made to force staff to run as standard users, there are many applications which break. There’s also no easy way to swap between standard and administrator accounts – XP’s ‘Run as..’ option is far too clunky for regular use.

Everybody is a standard user in Vista– even the system administrator runs with only standard user privileges. Tasks that require administrative privileges to execute are blocked. If the current user has administrative privileges, then they are given the option of temporarily elevating themselves to administrator status for the duration of the operation.

If the user doesn’t have administrator privileges, then you have to supply a valid administrator’s credentials (username and password) at the keyboard to allow the operation to continue. The user created during installation is made an administrator by default.

This way of working is common practice in other operating systems such as Linux, where users are used to the concept of using ‘super-user’ privileges only when absolutely necessary.

However, Vista goes one step further by dimming the entire desktop and blocking access to all running applications until the UAC dialogue is dismissed. Programs that require administrator privileges to run have their icons marked with a shield.

The reason is that the UAC dialogue is actually running in its own separate terminal session. This means that other applications running on the desktop have no access to the UAC dialogue box and are therefore blocked from elevating themselves to administrator status by unscrupulous means.

Now, if a rogue program is executed on your system it has no access to administrator-level functions or files, unless you choose to grant it those rights manually.