Yesterday I wrote about Joanna Rutkowska’s
work
that highlighted a serious security flaw in Windows Vista. Her finding was
that in Vista, many applications require that they be installed with
administrator privileges, and that during the install process users are
given two options: 1) install with elevated privileges, or 2) don’t install
the application at all.
Yesterday’s post was sloppy, however. It came to the conclusion that
Microsoft made a security design error in implementing this system. The
truth of the matter is that there is a serious security problem with respect
to Vista,
but that problem is not due to a recent decision by Microsoft.
Microsoft had no other choice, really. The alternative is telling people
that their old programs are insecurely written and can’t be used. That
wouldn’t go over well. Unfortunately, allowing the applications to go in as
administrator creates a major problem for Microsoft: it trains the users to say yes when an application asks to be installed
with elevated privileges.
Not good.
But it’s not a Vista problem, really. It’s going to hurt Vista, but
the real problem is that of legacy support. It’s ironic, really. All this
work to make Vista more secure and it’s going to be largely undermined by
how lax they were in the past.:
Meet Mary — Your Smart AI ICT Teacher for O-Level Secondary Education in Uganda! Welcome…
Journey Through Faith: An Introduction to Senior Three Islamic Religious EducationWelcome, students, to an enriching…
Meet Isha Karungi — Your Smart AI Islamic Studies Teacher for O-Level! Welcome to the…
Having studied Spanish for over 6 years, I knew what dulce de leche meant. Sweet.…
I found kiwis on sale. Five for $1! In the middle of winter. In January.…
An experience. That’s what Ghirardelli is to me. For many years, San Francisco was a…
Leave a Comment