How exactly will Vista be less safe one day?

I've played around with this topic before, but I'm gonna ressurect it again.

Ring accesses are used to protect OS's from data faults from viruses, spyware, etc.

People on this forum have said completely stonewalling, so to say, an OS, would make it more unsafe in the end.

How exactly is it more safe for virus protection companies to use the same method a virus would use to 'protect' you?

 

Just like XP did. And Win98. And Win95. And Linux. And every other OS in the world.

That has *nothing* to do with Vista.
What Vista does, is simply giving users limited permissions *on the OS level*. It has *nothing*, repeat, *nothing* to do with the CPU's ring levels.

It runs everything except drivers in user-mode (is that ring 3? Can't remember exactly, but the "outermost" one. And Drivers + the kernel runs in ring 0 as they've always done.

If you want to keep digging this topic up from the dead, perhaps you should start by reading up a bit on what a OS actually is.

Now, about "stonewalling the OS", they haven't done that. You can still install software that runs in ring 0 mode. That software is called "drivers". Which is the *exact* same case as with XP. So it's not completely stonewalled. Malicious software can still get access to the kernel. The only difference in this respect is that now, Vista complains (by default) if you try to install unsigned drivers. Well, big deal. Drivers can still get signed no matter how dangerous they are. All it takes for that is a certain amount of money, and a somewhat robust driver. (It's allowed to do bad things, it just isn't allowed to crash too much)

The biggest difference between XP and Vista is not how hard it is for malicious software to get ring 0 access (which, let me stress once again, has *nothing* to do with whether or not your Windows account has admin privileges), but how hard it is for antivirus software to get information about important system events.

It's classic security by obscurity. "We refuse give out any information on our system, because that way it'll be harder to exploit".

Yes, except the security community realized 15 years ago that the only effect this has is that security exploits aren't found (by anyone other than hackers, that is, who aren't inclined to share their findings), because only the original software vendors (in this case Microsoft) are able to effectively look for bugs and flaws.

Under XP, it is possible for third party software to monitor the system. It is also possible for malicious software to do the same.

Under Vista, it's made harder for both parties, although it'd be naive to believe that virus writers will be stopped by that. Antivirus software, however, will have a problem because unlike viruses they have to play by the rules. Antivirus software that uses security flaws in the OS to get access would look a bit suspicious, wouldn't it?

Basically, they've barred the one "legal" way to get system access. But since when did virus writers stick to the "legal" entry point only? The illegal ones are what matters.

 

Completely clueless, are we?

http://www.tech2.com/india/news/pc-games/vista-hates-starforce/527/0

According to Extreme Tech, "StarForce installs a low-level (ring 0) driver to access your optical drive, and this driver has not been Vista certified. So Splinter Cell: Chaos Theory asks you to reboot after installing, which you do, and then upon reboot Vista informs you that it won't load the driver due to compatibility problems.


Were we asleep when starforce had to be released WITHOUT ring 0 access?

By going into Ring 0, antivirus companies are modifying kernels, making them just as bad as the spyware/viruses/trojans they want to get rid of.

Now then, are you ready to quit pitching a fit like the anti virus companies and ready to make some sense?

Don't you get it yet? The antivirus companies are mad because ring 0 access is gone, or not as easy to access, and they can't exploit (I don't mean exploit like a haxxor. I mean use ring 0 access like a hacker would to stop a hacker, or a virus) Windows as easily anymore. So their job is alot harder.

 

Just to give an example of real security, suppose you had XP and antivirus, firewall, etc...

All using your rings to access your pc.

All fine and dandy when your machine is okay, right?

But suppose it isn't?

Suppose a virus or a trojan goes through the lines and takes control of the anti-virus or firewall?

Guess what, your entire machine is now under it's control...

So what would happen under Vista? Either it would get blocked by Vista, or you would simply uninstall the anti-virus software, because Vista wouldn't allow that garbage.

Their are about a million other ways to hurt you via ring 0. A hacker could probably hack into your anti virus since it's connected to ring 0 and have access to all of your system files.

It's not a good idea to compromise your system in this way.

I'm sorry to say, but there's no logic in this. There's no logic in giving antivirus and firewall software complete control over your pc, esp. to say that if something were to happen, like a virus breaking thru, and taking over your av software, your pc is toast.

The OS should be the captain, the leader. Yet, the antivirus wants to be the leader too?

And I hate to say it, but this is EXACTLY why people machines get trashed. Because of av software and ring 0 access.

AV software is always a big help, but they always say you should not have two conflicting av software, two conflicting spyware blockers, etc.

What do they say about two conflicting OS's (or one wannabe os)

The whole point is, you can by all means use a higher ring to make access to antivirus. I don't see what is with interacting with the cpu and memory and giving yourself privs unless your planning something...

All you need to do is have it scan and watch files... I mean really now.

 

Vista is already on the way of being compromised.

Their security features are not amazing at all.

 

Any system can be compromised.

 

Very true.

Any one else not understand this thread's title?

I have absolutely no knowledge in this area... Wikipedia it is!

Matt

 

It's true the security features are not amazing.

But if they aren't amazing, what would you call the 'security' in Xp? At least they tried in Vista...

But anyways, like the topic says, I honestly think while antivirus helped, it may have also hurt due to ring 0 access. If a virus breaks thru your antivirus and assumes control, it can basically assume control of ring 0 access, giving it control of your system.

It's like downloading a virus OS. Would you?

Windows Vista wil have exploits, but hopefully it won't be as bad as ring 0...

 

Zellio, seem to have a lot of maybe's in there. Overall I prefered to have the AV companies, why? Because I have choice there, and while they may not all be good, I have more to choose from to protect me.

With Vista I have to trust that Microsoft has done the job well, and given past experience with Microsoft I don't trust that.

 

Exactly. And if the system is going to be compromised anyway, the best remaining option is to at least ensure that it's possible to detect this and try to keep the system safe. That's what Vista tries to prevent.

Of course, a little disclaimer here is that Vista is a couple of weeks old. We don't know yet how it will turn out, and I can't say that it is less secure than XP.

There are some problems with their improved security that make much less effective than you might think. But it might still be better than XP.

I'd say that Vista is *definitely* more safe than XP out of the box. But still, neither are safe out of the box.

And no one runs XP out of the box anyway. In the same way, no one *should* run Vista out of the box either. But if people use firewalls and antivirus apps *anyway*, it suddenly becomes a lot harder to measure security. I've no clue how it'd make sense to measure it.

With those apps running, both OS'es are reasonably secure. But none of them are foolproof.

 

Infected?

Cut off internet connection immediately.

Boot in safe mode, run AV.

Backup and Refomat if necessary.

dont go to any dodgy sites.

 

Outta the question, I've got to have my NBR!

As for drivers, Vista prompts you when an unsigned device driver asks for permission to be installed. I'm not sure how difficult it is to get a device driver signed and certified according to MS's standards, but it is safe to say that your typical virus/worm maker no longer be able to simply attach the code to the end of a program and have that code install the infection driver straight into kernel mode. At least, not without the user agreeing to suspicious popup driver install messages anyway (imagine you launch Outlook.exe one day and it asks you to install an unsigned driver by an unknown author). As well, Vista is said to be better guarded against other infection methods, such as kernel32.dll exploits---I'm sure it's a new way of generating a checksum for the kernel32 DLL to verify that no malicious code has been appended. I've not heard of attacks on Vista installed OS's as of yet, so we'll just have to wait and see for the Vista tailored viruses.

 

I am using Norton Internet Security 2007 and everything is still as fast as before the installation. NIS is definitely not a resource hog, at least in Vista that i use.

Is this mean that NIS is less secure than before? Because they could not get access in to the kernel?

Maybe this is the reason why NIS under Vista is almost inobtrusive? Or they definitely re-written the AV program?