dinside.no says:


Sikkerhet er det store salgsargumentet Microsoft bruker på Vista. I motsetning til i XP, vil ikke Windows Vista kjøre i administrator-modus unntatt når det trengs og da bare med eksplisitt godkjennelse fra brukeren. Dette vil stoppe mange sikkerhetstrusler.

Translation:
Security is the big salesargument Microsoft uses for Vista. As opposed to XP, Vista will not run in Administrator mode except when needed, and then only with authorization from the user. This will stop many security threats.


:)

yup, Vista has been built from the ground up, as a true multi-user environment, finally following the Unix security model of root and user. In some ways, vista's set-up will more closely resemble unix than the traditional windows way of doing things. They are re-introducing the CLI to windows for the 'power-users' with a full instruction set, and it's called Monad. Monad will actually use the unix command structure (i.e, ls, rm, mv, cp, ) and also be able to recognise all DOS commands through an aliasing system. Even vista's root tree will be unix-like, with a dir for .dlls, a dir for .exe's, a common share dir, etc. Even the GUI runs as a seperate module of the kernel (unlike X which runs as a program), and is actually called "The Aeroglass Window Manager". For the first time, Microsoft may have actually built a fast and stable OS, although it will still contain alot of bugs by shipping time, as it hasn't had the same bug feedback level that Open source OS's get.

Yay! Windows just might just work TM.

Wasnt for the DRM mess I might try it.

Security is the big salesargument Microsoft uses for Vista. As opposed to XP, Vista will not run in Administrator mode except when needed, and then only with authorization from the user. This will stop many security threats.

It's about f---ing time.

It's about f---ing time.
Aint that the damn truth!!

Only threat in VISTA is M$..

Well here are my concerns.

1. Monad is a virtual piece of crap. Yes, I said Crap. Im not sure what exactly was going through their minds when the decided to try to ressurect CLI. The scripting involved with Monad is confusing, not very straighforward, and from what Ive read (http://www.amazon.com/gp/product/0596100094/sr=8-1/qid=1140810426/ref=pd_bbs_1/103-7416305-2996628?%5Fencoding=UTF80
its scalability and intuitive nature is non existent. I know how to write batch files.

2. Affects and Functionality. From all I have seen beta wise, there really isnt any decent piece of hardware , thats affordable at least, that will allow VISTA to run full on with all the eye candy turned up. So users will be pushed into upgrading fully qualified hardware they have now, to next gen hardware to run this monster. This coupled with the fact that the PC release of Halo 2 will be Vista only (forcing others to upgrade unessecarily). This kind of push can only be positively expressed in an almost Randriodian way (sorry friends of Ayn, not meant to be offensive).

3. SaaS pushing. 49 Dollars a year for AV, 29 dollars a year for AntiSpy, etc. I think this kind of push to create this kind of software will have Symantec, MacFee and other such enterprises screaming Antitrust , specially if Microsoft wont rate VISTA for installation of products that these companies provide. Microsoft is already known for upgrading to NON-functionality in SPs for software , Will VISTA do the same?

4. Signed Driver mess. No unsigned or unapproved Drivers. This means if companies dont spend X amount of dollars out to Microsoft to get their drivers approved and set, your hardware wont run in a Vista envoirnment.

These 4 issues alone cause me to be sceptical about the release of this product. Honestly, I feel like Microsoft has to be successful with it. They are lacking in the innovation department, have been for some time. At least on the OS level. I hope they are successful with it, like I say , they need it. Now all that be said, I think there are some positive aspects of VISTA that give a chance. *would be nice for me to finish the post first rather than quick handly hit submit* Its an attractive interface, if they can tone it down a bit, I think it will market relatively well, while still keeping a decent footprint in the market.

My computer isn't all that and right now I'm running the latest Vista build and it's running faster than XP with me doing what I'd usually be doing on XP. The install process only took about 10-15 mins thats faster than XP ever installs.

Maybe I'm just one of the lucky one's, but at the moment all I can see from Vista is good. It's a major improvement upon XP and is a brilliant OS.

My computer isn't all that and right now I'm running the latest Vista build and it's running faster than XP with me doing what I'd usually be doing on XP. The install process only took about 10-15 mins thats faster than XP ever installs.

Maybe I'm just one of the lucky one's, but at the moment all I can see from Vista is good. It's a major improvement upon XP and is a brilliant OS.

Thats totally admireable, but only addresses 1/4th of the problems I have. I certainly hope that luck has little or nothing to do with it. I hope that its functionality coming through.

Well I doubt it's luck, just a figure of speech. It's definately better than previous builds which hardly ran like this one. What problems are you having?

Rackerz , most of my problems are non functional, ie -- they dont come from my use of the product, but more about the philosophy behind the functioning of the product.

Signed and digitally approved drivers , for instance. Ubuntu doesnt take stake with such a thing, as a result a multitude of hardware is supported by it. You boot it up, it accepts your hardware relatively well. In Vista, what will be supported hardware wise will be up to what Microsoft "deems" will be acceptable either based on a monetary value or a popularity value, or possibly some other related value to determine if a piece of hardware will work in the OS. An OS shouldnt be discrminate about the hardware it runs, but rather, should be open to all forms of hardware, even if that means running a generic driver.....

I still think the words "secure vista" is a oxymoron.:KS

Securing it shouldnt be a problem, one would just hope that it wont involve having to unplug your RJ-45 to make it that way. =)

yup, Vista has been built from the ground up, as a true multi-user environment, finally following the Unix security model of root and user.Uhh, Windows NT has always been multiuser. It's always used those levels too. In fact, any installation of Windows NT is using multiple users all the time.


In some ways, vista's set-up will more closely resemble unix than the traditional windows way of doing things.No, it won't, because all interactive users will run with no privileges all the the time. This is stark contrast to UNIX where privileged users have their privileges all the time, and cannot relinquish them.


They are re-introducing the CLI to windows for the 'power-users' with a full instruction set, and it's called Monad.No, that's not what Monad is and it's not a part of Vista anyway.


Monad will actually use the unix command structure (i.e, ls, rm, mv, cp, )No, not in any way that's really UNIX. It'll be a work-like, but will have serious, fundamental differences.


Even vista's root tree will be unix-like, with a dir for .dlls, a dir for .exe's, a common share dir, etc.Sorta like it is now?


Even the GUI runs as a seperate module of the kernel (unlike X which runs as a program),It always has.


as it hasn't had the same bug feedback level that Open source OS's get.:rolleyes: You're absolutely, totally, completely delusional and ignorant if you believe this for even a split-second. This is easy the dumbest mistruth in your post.


Signed Driver mess. No unsigned or unapproved Drivers. This means if companies dont spend X amount of dollars out to Microsoft to get their drivers approved and set, your hardware wont run in a Vista envoirnment.No, wrong. You pay $500 to Verisign to get a code signing certificate. The overwhelming majority of drivers are signed already anyway, and are WHQL compliant.


Securing it shouldnt be a problem, one would just hope that it wont involve having to unplug your RJ-45 to make it that way. =)That's true of all operating systems, so...

The amount of sheer incorrectness in this thread is absolutely totally and positvely overwhelming. Can we just have threads like this locked from the getgo? People clearly are still committing the same factual errors after having them rebutted for like 1000 times now, and it's frankly just sickening.

So if it is that secure, (for some reason I doubt it though) Linux will have one less reason to pull users from windows? I switched for security and to try something new. I hope most ppl who switch or consider it are like me, it was more because I was bored with windows, security was just a bonus.

So if it is that secure, (for some reason I doubt it though)Well, they haven't solved the social engineering issues. Neither has Linux, so that's moot.


Linux will have one less reason to pull users from windows? I switched for security and to try something new.You swithced for the wrong reason, then.

Nevermind

No, wrong. You pay $500 to Verisign to get a code signing certificate. The overwhelming majority of drivers are signed already anyway, and are WHQL compliant.And, to correct an error I myself made, it's only for x86_64 machines anyway. 32-bit machines will still be able to run unsigned drivers.

here's a page which shows you how to make cmd run more like a linux shell - tab complete etc

http://www.infonomicon.org/text/cmd_linux.txt

4. Signed Driver mess. No unsigned or unapproved Drivers. This means if companies dont spend X amount of dollars out to Microsoft to get their drivers approved and set, your hardware wont run in a Vista envoirnment.
Man, that doesn't sound good. WinXP has signed drivers, but they seem like a joke to me. Pretty much all of the drivers I used to install on my system were unsigned, and it let me know. But of course that means nothing, because you go ahead and install anyway. A driver would have to be pretty bad if it would be better not to install than to have a non-functioning piece of hardware.

yup, Vista has been built from the ground up, as a true multi-user environment, finally following the Unix security model of root and user. In some ways, vista's set-up will more closely resemble unix than the traditional windows way of doing things. They are re-introducing the CLI to windows for the 'power-users' with a full instruction set, and it's called Monad. Monad will actually use the unix command structure (i.e, ls, rm, mv, cp, ) and also be able to recognise all DOS commands through an aliasing system. Even vista's root tree will be unix-like, with a dir for .dlls, a dir for .exe's, a common share dir, etc. Even the GUI runs as a seperate module of the kernel (unlike X which runs as a program), and is actually called "The Aeroglass Window Manager". For the first time, Microsoft may have actually built a fast and stable OS, although it will still contain alot of bugs by shipping time, as it hasn't had the same bug feedback level that Open source OS's get.
Monad is far more powerful than unix shells it can use .NET objects/methods etc from what i have seen.

going to be interesting the amount of virii monad brings with it then its gonna create a hole for themselves

The amount of sheer incorrectness in this thread is absolutely totally and positvely overwhelming. Can we just have threads like this locked from the getgo? People clearly are still committing the same factual errors after having them rebutted for like 1000 times now, and it's frankly just sickening.

Sorry you feel that way. I started this thread because for a linux user it is actually quite hilarious that it's big news to not run as admin... And no matter how correct it is, this is from the sort of website that normal users read, and they will never learn all the technical details. Anyways, this is community chat, and a good place to say what one thinks is right. Please continue to correct peoples mistakes, but please do so in a polite manner.

Sorry you feel that way.It's true. This happens every thread, too.


Anyways, this is community chat, and a good place to say what one thinks is right.At this point, anyone who's still perputating these myths (I've refuted everything wrong said in this thread at least twice before, in CC, no less) deserves to be clubed. Just stopping and thinking for 30 seconds would make you realize that a lot of those statements are simply logically impossible.

At this point, anyone who's still perputating these myths (I've refuted everything wrong said in this thread at least twice before, in CC, no less) deserves to be clubed. Just stopping and thinking for 30 seconds would make you realize that a lot of those statements are simply logically impossible. Because LordHunter says so then it must be true?

You can't just say because you've "refuted" a "myth" that it's then impossible for people to disagree with you. You've rebutted, true. But others have rebutted your rebuttals as well.

The fact of the matter is that there are two sides to the issue.

If Windows is used properly, there's nothing structurally wrong with it security-wise. I think this is your main point, and it's solid. The OS itself is not inherently more secure or insecure than Ubuntu is.

Windows' defaults are, however, more dangerous than Ubuntu's defaults. Windows does, in fact, default to one user who is the administrator and does not get prompted for a password in order to make dangerous, system-wide changes.

Windows does, however (like Linspire), allow for the creation of users without administrative privileges. In rare cases, though, certain programs will not function correctly without the user having administrative privileges. While this is probably the fault of the third-party creating these problems (and not Microsoft), that reality does exist.

Ultimately, it's up to the user to secure her machine through good practice, and anyone who's dumb enough to run an operating system's defaults without questioning whether they are the best to use or not is likely to be (though not necessarily someone who) also downloads and installs dodgy programs from untrustworthy sources and clicks on attachments in emails from strange addresses, in which case, Lord help her, and it really might not matter what operating system she uses.

But others have rebutted your rebuttals as well.No, they never have. Not validly anyway.


Windows' defaults are, however, more dangerous than Ubuntu's defaults.And I've never argued that. I have in fact, agreed to this on several occasions.

No, they never have. Not validly anyway. In your opinion...


And I've never argued that. I have in fact, agreed to this on several occasions. Well, then let's celebrate Vista for, as I understand from this thread, defaulting to a multi-user environment.

In your opinion...Here, you want support. Fine:


Uhh, Windows NT has always been multiuser. It's always used those levels too. In fact, any installation of Windows NT is using multiple users all the time.Hit Ctrl-Alt-Delete to call up the task manager. Go to the 'Processes' tab. Click on 'Show processes from all users'. Look at the user tab. Processes are running as users other than yourself. By default, you should see some as 'SYSTEM', 'LOCAL SERVICE', and 'NETWORK SERVICE'.

As for the root vs. unprivileged claim, see: The platform SDK documentation on the LocalSystem account. (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/localsystem_account.asp[/url). Windows comes with several accounts that have privilege.


No, it won't, because all interactive users will run with no privileges all the the time. This is stark contrast to UNIX where privileged users have their privileges all the time, and cannot relinquish them.The new vista documentation claims about UAP are here (http://msdn.microsoft.com/windowsvista/security/), the only that isn't clear is if the UAP tokens are actually implemented as secondary user accounts (it's not clear). If that is the case, then setup is identical to UNIX using sudo, but with a dedicated 'root' account for each account that can elevate privilege. However, it's not clear how a UAP token is implemented, and I couldn't find more details.

As for lowering privilege? On Linux, the only way to do is is by taking bits out of the capability set. You can either do it on a per-process basis, or for everything root runs at once. At either rate, if you remove the bits, you can't put them back. I'll leave you to google on capabilities, it's documented in enough places. There may even be documentation on your system already.

I could go on, but the reason no one can validly rebut me is I'm stating facts. You can't argue with things that are true. These aren't subjective matters.

Uhh, Windows NT has always been multiuser. It's always used those levels too. In fact, any installation of Windows NT is using multiple users all the time.In the cpu there are different ring which ha different access to different devices. You could say there is a "allow everything" ring and a "user" ring. Microsoft has always used the "allow everything" ring and emulated a multiuser enviorment(software instead of hardware takes care of priviliges) while unix actually uses the different rings and only root is runned under "allow everything". This makes unix safer by default and a true multiuser enviorment.

You could say there is a "allow everything" ring and a "user" ring.No, you can't, because that's not actually true. However, it will suffice for refuting you.


Microsoft has always used the "allow everything" ringNo, it doesn't. If that were true, then I should be able to access abritrary hardware as any user. I cannot do that.


If that were true and emulated a multiuser enviorment(software instead of hardware takes care of priviliges)Umm, on all modern operating systems running on any CPU that supports protection levels uses both.


that while unix actually uses the different rings and only root is runned under "allow everything".No, wrong. Only the kernel is. Once again, the same proof applies. I cannot access arbitrary hardware in userspace.


This makes unix safer by default and a true multiuser enviorment.No, it doesn't.

It's true. This happens every thread, too.

At this point, anyone who's still perputating these myths (I've refuted everything wrong said in this thread at least twice before, in CC, no less) deserves to be clubed. Just stopping and thinking for 30 seconds would make you realize that a lot of those statements are simply logically impossible.

That statement is umm a tad arrogant. Your stance is your opinion and as such my not necessary be correct. And is definately inflammatory.

However I do agree with one point you have made. These endless Ms debates are and to use an old phrase ....So last year.

You solve your annoyance at them and not respond to them.

Your stance is your opinion and as such my not necessary be correct.:rolleyes: Show how the facts I linked to above are wrong then.

Wow. This is just amazing. What part of, opinions aren't facts and facts can't be argued is hard to understand?

These aren't subjective matters. Windows NT is multiuser. It always has been, it always will be. You can't claim, "it's a matter of opinion." It's a matter of fact, and you can't argue around it.


You solve your annoyance at them and not respond to them.Parading mistruths is far more hurtful for the community than not responding.

I think we just have a semantics issue over what the term multi-user means.

What really matters is that the new Windows will apparently default to making the first user created not an administrator. This is a good thing from a security standpoint. Can we all at least agree on that?

I think we just have a semantics issue over what the term multi-user means.I don't even see how that's possible, seeing as every operating system in existance has defined it as, "The ability to run tasks as different users at once."


What really matters is that the new Windows will apparently default to making the first user created not an administrator. This is a good thing from a security standpoint. Can we all at least agree on that?Yes, I can agree to that, and have in fact, said they should have done as much originally.

I don't even see how that's possible, seeing as every operating system in existance has defined it as, "The ability to run tasks as different users at once." The operating system has a dictionary? You're just putting your own definition as the definition. I can see where some of the semantics confusion comes in when discussing the term multi-user:

1. Is it an actual user logged into and driven by a live human being?
2. Is it the ability to have multiple users or the default setup that encourages a multi-user environment?
3. From a security standpoint (particularly coming from Ubuntu) there don't even need to be multiple actual users, as sudo basically allows for there to be one practical (human being) user who is a virtual regular user most of the time and a virtual superuser some of the time (with a password prompt).

The operating system has a dictionary?:rolleyes:

]quote] You're just putting your own definition as the definition.[/quote]No, every operating system defines it like that. VMS. Windows NT. Linux. All flavors of UNIX. OS/390 or z/OS or whatever it's called now. OS X. The definition of multi-user is the ability to run multiple tasks as multiple users at once.

Google agrees with me. And you can't come up with a simpler definition that covers all relevant cases.


1. Is it an actual user logged into and driven by a live human being?Irrelevant. Interactivity isn't a useful definition, it cannot include all cases.

A cron job written by me running as my user account isn't interactive, but there is no question I'm on the system.

Same applys to say, the cron jobs Ubuntu runs as root at night.

Someone must be logged into the system to run them, but it isn't a human. Hence, interactivity isn't a sufficent definition.

[edit]Cleaned this up as it made no sense.


2. Is it the ability to have multiple users or the default setup that encourages a multi-user environment?If you use that definition, then XP is more multiuser than Ubuntu. XP prompts me to create multiple accounts, and every account but the first one isn't privileged. Ubuntu only gives me one account that can elevate privilege.

I don't think we'll agree to that being reasonable, so that's an unreasonable definition.

The definition is as simple as I posted above. It's what's taught in operating system classes, and what has been taught since time-sharing systems. You're arguing against an accepted, standard definition if you don't take what I said.

And that definition includes any version of NT.

You can't dismiss as "irrelevant" anything that doesn't fit with your understanding of things.

It's perfectly reasonable for a layperson to define "multi-user" as allowing or using several logged in real human being users.

It's also perfectly reasonable to define a user in terms of processes. I run
top in Ubuntu and see that the "root" user is running some processes and my regular user is also running some processes.

Regardless, it doesn't matter whether a definition is "reasonable" or not according to you. The very idea that people can define "multi-user" or understand multi-user in more than one way means it can be very easy for people to get caught up in semantics. You can call those people "ignorant" if you want or "ill-informed" or just plain "wrong," but you can't possibly believe there's only one possible definition or understanding of the term multi-user and that everyone who could possible stumble upon this thread agrees what that definition is.

You can't dismiss as "irrelevant" anything that doesn't fit with your understanding of things.Yes, I can. Show me how interactive is a useful definition.


It's perfectly reasonable for a layperson to define "multi-user" as allowing or using several logged in real human being users.No, it isn't. But even if that were the case, NT still meets that definition. Since NT 3.1, even. However, being a layperson doesn't exclude you from ignoring the basic definition. It might let you ignore advanced things, like all the different kinds of user accounts you can have, but it doesn't change the definition.

You're just moving the goalposts at this point.


The very idea that people can define "multi-user" or understand multi-user in more than one way means it can be very easy for people to get caught up in semantics.There's only one definition that's been supplied that covers all cases. More importantly, NT meets every definition supplied anyway.

So it doesn't matter how you define multi-user. NT still meets it.


but you can't possibly believe there's only one possible definition or understanding of the term multi-userYes, I can. Just like there's one definition of Ohm's Law: E=IR.


and that everyone who could possible stumble upon this thread agrees what that definition is.As I've said, if they don't, they're arguing with a standard definition. You're free to say the word 'apple' means something other than what it does, but it doesn't change the fact you're wrong. This situation is no different.

And as I've said, it doesn't matter anyway because NT meets every definition provided by anyone.

This thread like so many akin has out lived its usefullness.

If Ballmer says that UNIX is a disease, why in hell did Microsogg switch to UNIX? Is it because Mac OS X is based on UNIX? :rolleyes:

This thread like so many akin has out lived its usefullness.
Yes, I agree. Sorry. I never ment for this to be an argument of what's right or wrong or secure or not... That said, let me say this too... :)


The definition of multi-user is the ability to run multiple tasks as multiple users at once.

That sentence doesn't make sense. You want to say The definition of multi-user is the ability to run multiple tasks as multiple users simultaneously. Anyway, I guess the point isn't about grammar....
My issue here, Lord, is that whatever people say or do here, you can be respectful. What you said in your first post here;


The amount of sheer incorrectness in this thread is absolutely totally and positvely overwhelming. Can we just have threads like this locked from the getgo? People clearly are still committing the same factual errors after having them rebutted for like 1000 times now, and it's frankly just sickening.

...is completely unnessesary. Do you really expect people to read through all of the thousands of posts on this forum? Really, some of us have lives apart from here... (allright, that's childish and not really an argument, I'm just getting a bit upset here).

You have a lot of valid points, and you obviously know a lot more than me about this. However, you are missing out on some points too. You're saying

No, it isn't. But even if that were the case, NT still meets that definition. Since NT 3.1, even. However, being a layperson doesn't exclude you from ignoring the basic definition. It might let you ignore advanced things, like all the different kinds of user accounts you can have, but it doesn't change the definition.

but you fail to understand that a definition is not a fact. A definition is no more than what someone, at a certain point in time, with a certain amount of knowledge, decides. I can define the sky as being pink. Then we can start to argue about it (not much of an argument I suppose :) ) To clarify what I mean, from my line of knowledge, what is a species? Many definitions have been proposed, but still noone can actually give a satisfying answer.
Windows vs Linux has been argued about for as long as they have both existed. I don't know anything bout the technicalities. I don't care either. But it is a fact (note: not definition...) that during my time of windows use I had a lot more problems with security than when using linux. This may be because I'm stupid, don't know enough about computers etc, but if that is the case, then computers should only be for the elite. Maybe so. Maybe computers aren't ready for the average joe yet. But that is another discussion alltoghether :)

That sentence doesn't make sense.Yes, it does. "At once" is a synonym for "simultaneously", but it doesn't matter.


but you fail to understand that a definition is not a fact.The point is that it's the widely accepted definition. More importantly, of all the definitions presented, it's the only one that covers all the cases. So it's the only acceptable one by the rules of logic, because it's the only one with complete coverage.

Frankly, I'm more than shocked that someone would even have to gall to challenge that definition. That's how widely accepted it is. I made the Ohm's Law comparsion on purpose, it's simply a known and accepted quantity.

And as I pointed out, challenging the definition was simply irrelevant, and anyone who understood the definitions they purported as alternates and what they applied to would have understood that. And by recogonizing that, it's reasonable to assume they wouldn't have purposed a different definition, because it didn't matter.

if you guys are taking a break with the nonsense..

at a recent, local ms-event i learned that the sudo of vista does not require a password (as long as you are loged in as someone who can su). i'm sure hopeing they have gone some length to stop programmatical clicks from hitting that button..

isn't gonna help much anyway, as most windows users are used to clicking next, next, next, yes, agree, next, finnish. no one, NO ONE, ever reads error messages. makes it hard to help the little bastards (friends, family, work, whatever).

the CLI is only for longhorn (server version), isn't it?

the comment about a folder for dlls, exes and so on was incorrect. XP does not have a Program Files for each user. vista will (in a way). that is a true improvement.

drivers are probably signed for security reasons (tampering), not for quality. with .NET framework 2.0 that is a big security must. signing everything (at least for networking execution).

at a recent, local ms-event i learned that the sudo of vista does not require a password (as long as you are loged in as someone who can su).Uhh, that's not the case in the least. Privilege elevation will require a password at least in some situations.


i'm sure hopeing they have gone some length to stop programmatical clicks from hitting that button..Yes, they have. What isn't clear is how hard it will be to spoof the authentication dialog. They say they've found a way, but I am skeptical at the very least.


the CLI is only for longhorn (server version), isn't it?It will probably debut integrated on Longhorn server, correct. However, Monad will run on both Longhorn and Server.


the comment about a folder for dlls, exes and so on was incorrect.No, it wasn't. Shared dlls go in Program Files\Common Files.

We weren't talking about per-user or anything of that sort.


XP does not have a Program Files for each user. vista will (in a way). that is a true improvement.Perhaps, though I question the value in most situations.