Security company Kaspersky claimed that Vista's User Account Control (UAC), the system of user privileges that can be used to restrict users' administrative rights, will be so annoying that users will disable it.
Natalya Kaspersky, the company's chief executive, said that without UAC, Vista will be less secure than Windows XP SP2. "There's a question mark if Vista security has improved, or has really dropped down," she said to our sister site ZDNet UK at the CeBIT show in Hanover last week.
Kaspersky provides one of the scanning engines in ForeFront, Microsoft's business security product.
Arno Edelmann, business security product manager for Microsoft, said that Kaspersky's claims were surprising. "We have a thriving community of partners, and Kasperky is one of our best partners," Edelmann told ZDNet UK. "I find their statements a little strange because they have one of the best insights into Microsoft security products."
After being roundly criticised over its security strategy in the past, Microsoft has done a lot of work to improve its approach and has been touting Vista as its most secure operating system. But Kaspersky confirmed that her analysts had found five ways to bypass Vista's UAC, and that malware writers will find more security holes.
Kaspersky also added her voice to Symantec and McAfee complaints that PatchGuard, designed to protect the Vista kernel, is hindering security companies' work.
"PatchGuard doesn't allow legitimate security vendors to do what we used to do," said Kaspersky.
Symantec has claimed that PatchGuard is hurting security vendors more than it was hurting malware writers. Bruce McCorkendale, a chief engineer at Symantec, said: "There are types of security policies and next-generation security products that can only work through some of the mechanisms that PatchGuard prohibits."
Eugene Kaspersky, the company founder, said last Thursday that while vendors had to interact with Vista legitimately, hackers were under no such constraints.
"Cybercriminals seem not to care about Vista licensing," said Eugene Kaspersky. "They don't need to follow regulations or be certified by Microsoft -- antivirus vendors do."
Tom Espiner reported for ZDNet UK from London
1
Steve Miller - 20/03/07
How I installed Vista:
Step 1: Install Vista.
Step 2: Disable UAC.
Kaspersky got the disabling of the UAC right.
sm
» Report offensive content
2
rei - 20/03/07
I turned off UAC too.
As for the rest? Bull.
First of all they need to tell me how they got around UAC. Security vendors have been reporting totally irrelevant things about Microsoft security lately. I don't trust them one bit.
Second, they'll need to tell me why it's less secure than XP if UAC is off.
Obviously, they're like Norton and McAfee. Less security problems in Windows = less income.
» Report offensive content
3
Brandon - 21/03/07
Heh. You can try and disable UAC, but then the functionality of key Microsoft programs won't be there (like VS 2005). I'd prefer they just overhaul UAC and make it something above-average rather than the awful mess it is now.
» Report offensive content
4
Postman - 21/03/07
Do they want some cheese to go with their whine?
I kept UAC enabled and find it a very minor inconvenience (compared to fixing virus attacks that have gotten through my fully patched and updated xp with symantec security system twice in the last year). Perhaps less educated users can be fooled into allowing something to run that shouldn't, but I think most will know if they have initiated anything or not and figure it out. I'm not a big fan of MS, but it has gotten to the point where the 'in' thing is to bash their every move. They will never make everyone happy, but Vista does what it is supposed to do well. Don't fault the program if you want it to do something it is not designed to do.
» Report offensive content
5
Medmerd - 21/03/07
Sure Vista is deigned to be an Opperating system, and thats what it does. But from what i can see now MS looks as if they took widows 98 and made is more pretty. From the "Reports" coming off Visa, some say its SOOOOO good and other say its SOOOO bad. Look at every new opperating system relased, they have all pretty much had some huge faults in the first year. I dont plan to ever use Vista if i dont have a gun to my head. I can pretty much say that the upgrading cost will prevent many people from using it untill they buy a new computer, and with all the upgrading going on you will be able to get super cheap windows XP boxes for next to nothing becase of the people who will buy Vista.
I have seen examples of MS process maps and Linux process maps for certain things in the OS, as soon as linux has the ablity to function in place of a Windows box MS is going to start to hurting, any bets as to why Bill is really leaving the company? Or do you really beleve he feel he has enough money?
» Report offensive content
6
Frank - 21/03/07
Are there still people who don't use a router and Firefox?
Well, in that case I can understand the concerns voiced.
» Report offensive content