Need arguments in favor of WIndows 7 security...go!

H

HOCP4ME

2[H]4U
Joined
Jul 1, 2005
Messages
2,959
So, today while setting up some computers I met an embedded systems programmer (you can already tell where this is going, can't you? :p ) and he and I talked for a while as Windows 7 was installing. We got to discussing XP vs. Vista vs. 7, and he said he was still unconvinced why anyone should upgrade from XP. He obviously hasn't upgraded from XP, either: while installing Firefox he saw the UAC dialog, apparently for the first time, and wondered aloud about its purpose.

I mentioned that the security in Vista and 7 is much improved, to which he replied, "you know what? I don't believe that. Microsoft has been shipping insecure operating systems since 95, so I don't believe one bit of that."

So...to win back my geek points :p , I need some hard, definitive evidence that Windows Vista and 7 are secure OSes while XP was not. Specifically, this guy would like to see something from the open-source community conceding that Windows Vista and/or 7 are secure. I thought all of you [H]'ers would be up to this task.

Any ideas?
 
Catweazle said:
Give up!

He's an idiot. You can't win the argument when you're arguing against an idiot whose mind is already made up!

:D
Click to expand...

Lol. In most cases, I'd agree with you, but this guy seems genuinely interested. He actually asked me, "what is UAC?" But when I replied "it's a feature that does blah blah blah and in doing so keeps the system secure," he wanted proof.

Surely there exist some independent studies that show the efficacy of UAC and other Vista/7 security features?
 
Catweazle said:
Give up!

He's an idiot. You can't win the argument when you're arguing against an idiot whose mind is already made up!

:D
Click to expand...

+1

I'm sick and tired of people who think magically like this. "It's this way because I believe it to be so" is pretty retarded.

UAC was a big step up for Windows, but that isn't obviously the only reason why Windows 7 is more secure than XP. Virtualstore is another example. I'm not going to list every single improvement though when you can basically find out by googling "Windows 7 security improvements."
 
Built in WPA, better firewall, Microsoft Defender (anti spyware), probably more secure code... after all, it is 8+ years to the day of XP... that buggy, hole filled, XP. Only after SP2 did it really clean up it's act.

UAC is kinda useless, so I have disabled mine.

I haven't run an AV for about... 3 years now. Just stay soley on [H] and newegg (and school sites), and you'll be fine.
 
Wait a minute. This guy says MS has been shipping insecure software since '95 and didn't know what UAC was?

Why didn't you tell him that he was THREE years behind in Windows technology and probably needed a little brush up on things before his opinion was worth more than warm piss.
 
jeremyshaw said:
UAC is kinda useless, so I have disabled mine.
Click to expand...

...and yet another ridiculous comment. UAC is Microsoft';s implementation of 'least user privilege' protection, and as such is the absolute heart of the security improvements made. Disabling it renders the later Windows versions pretty much as 'open' as the earlier versions!
 
Catweazle said:
...and yet another ridiculous comment. UAC is Microsoft';s implementation of 'least user privilege' protection, and as such is the absolute heart of the security improvements made. Disabling it renders the later Windows versions pretty much as 'open' as the earlier versions!
Click to expand...

I agree with the heart of what you're saying but its not technically correct. Even without UAC you can still practice the principle of 'least user privilege', just not as conveniently.

You can still create standard user accounts and log in using them but you loose the ability to elevate to higher privileges easily.
 
heatlesssun said:
I agree with the heart of what you're saying but its not technically correct. Even without UAC you can still practice the principle of 'least user privilege', just not as conveniently.

You can still create standard user accounts and log in using them but you loose the ability to elevate to higher privileges easily.
Click to expand...

True, but a standard user account is pretty frustrating to use on a home computer. You'll constantly be logging in as an admin to change things. Vista UAC is also annoying, but it's not nearly as bad.

The biggest security improvement with Win7 is that UAC is less annoying so more people will leave it enabled...
 
JimmiG said:
True, but a standard user account is pretty frustrating to use on a home computer. You'll constantly be logging in as an admin to change things. Vista UAC is also annoying, but it's not nearly as bad.

The biggest security improvement with Win7 is that UAC is less annoying so more people will leave it enabled...
Click to expand...

I disabled it for more then just simple convenience, several of my applications are incompatible with it. It doesn't make it as 'open,' it just makes it less secure (one last confirmation before the final click!), due to user error. It very rare to get an infection from just doing 'normal' things.

I haven't managed to get a infection in 3 years, so...
 
jeremyshaw said:
I disabled it for more then just simple convenience, several of my applications are incompatible with it. It doesn't make it as 'open,' it just makes it less secure (one last confirmation before the final click!), due to user error. It very rare to get an infection from just doing 'normal' things.

I haven't managed to get a infection in 3 years, so...
Click to expand...

Keep saying that until you catch a drive by ad on a website like WSJ, which just happened to be compromised in the last month. UAC would catch the drive by and the user would have to allow it to proceed.

On topic though the guy is an idiot. It's better to just ignore him or you can dig up the stats that show malware/virus infections are down considerably on Vista versus XP and that is due to the security enhancements like UAC.
 
This article from the May 09 Technet magazine covers security improvements fairly succinctly:

http://technet.microsoft.com/en-us/magazine/2009.05.win7.aspx

The following links are about the kernel software changes in Vista, by the best guy on the planet for explaining esoteric stuff concisely. the correct response to every posting of Vista FUD over the last couple of years was just to respond with these links:

http://technet.microsoft.com/en-us/magazine/2007.02.vistakernel.aspx
http://technet.microsoft.com/en-us/magazine/2007.03.vistakernel.aspx
http://technet.microsoft.com/en-us/magazine/2007.04.vistakernel.aspx

This months online issue of Technet magazine covers a lot of the new Win 7 stuff:

http://technet.microsoft.com/en-us/magazine/ee532389.aspx
 
Kick him in the nuts, and while he's on the floor writhing in pain, say "Windows 7 comes with a protective cup"
 
Start here: http://en.wikipedia.org/wiki/Security_and_safety_features_new_to_Windows_Vista

Highlights are ASLR (randomizes code, data, stack addresses so malware can't guess where these things are and infect the system), sandboxed IE (so if you get passed DEP and ASLR, which are huge barriers in their own right, you still can not affect user files.) ACLs on services so they can only access required resources. Heap and stack checksumming and canary values to detect attempts to trash the heap/stack in order to infect the system.

Then check out: http://blogs.pcmag.com/securitywatch/2009/04/malware_on_vista_rare_accordin.php

A fully patched OS in either case is going to be pretty secure, but check out the unpatched infection rates. Vista with no patches has HALF the infections (per thousand) of a fully patched XP box. A lot of the security in Vista was designed to defeat 0-day exploits and that's proof that it does it well.

Then there's this: http://www.geekishblog.com/2008/05/windows-vistas-uac-block-spywarerootkits/

On Vista the story was a little bit different. Only six of the 30 rootkits could actually run on the operating system, and that was after the testers turned off the User Account Control (UAC). The UAC stopped the rootkits cold in their tracks, provided that the user actually acknowledges the prompt and reacts accordingly.
Click to expand...

The wikipedia article doesn't even cover all the anti-exploit stuff that was added, here are some more: http://blogs.technet.com/srd/archiv...ser-mode-heap-corruption-vulnerabilities.aspx

Then there's the Pwn2Own hacking contest winner who stated Vista was very secure and more secure than the Mac OS, even the latest Snow Leopard.

But you are probably wasting your time, most people who think like that don't let facts interfere with their conclusions.
 
Last edited:
You must log in or register to reply here.
Back
Top