VISTA SECURITY

  • Thread starter Thread starter R. A. Pazderski
  • Start date Start date
R

R. A. Pazderski

I know I will be "flamed" out of this Vista discussion group but I feel I
must add my comments.

RC1 sets up fine with a Clean Install on a fairly modern machine using up to
date ancillary software.

HOWEVER:

1. How many "Joe Six Pack" Windows single machine users actually want to
spend time "logging" into their personal machines ?

2. How many "average" Windows users have enough knowledge to actually "cut
off" and "cut on" the security features they really need ?

3. How many "average" Windows users have enough knowledge to even know what
the security setting's Terminology's mean ?

4. How many "average" Windows users, after purchasing their off the shelf
machine, have the time or want to read a 2000 page Tec Manual or go to MS
Tech Net just to be able to to use their new machine for its intended
purpose ?

5. How many "average" Windows users know what Permissions are, UAC is,
rundll does, WMI's function, what Active X controls are for, how the
Registry is built, what Protocols, Ports, Tokens and Objects are, etc.,
etc..... just to name a few of thousands of computer related knowledge base
items ?


Like me, most in this discussion group have been around since Dos 1.0, build
their own hardware and do some programming and experiment with different
Operating Systems if not just for the fun of it.

However, I would venture a guess that 95% of "average" Windows users have
real computer work to accomplish daily and other outside hobbies besides IT
experimentation and electronics plus really don't want to spent hours / days
trying to figure out and configure there machines.

On the other hand, most "average users don't won't to feel that they are are
being treated as children and are being protected and saved from their own
stupidy by a higher power either !

Vista seems to accomplish both goals.


In my opinion, it is a "darn" shame for a company like MS to develop a
common everyday product such as Vista that will take at least (8-12) hours
(just a guess) to configure right out of the box which will then be useful
for the "average" user in accomplishing what they purchased their computer
for originally.


My last comment concerns WPA, WGA and who knows what's to come.

The "average" computer user knows nothing at all of what this is all about
so there was no huge public out cry just as there will be none when Vista is
released. Business monopolies can just about do as they please when there is
no competition to speak of.


And NO, Windows 98 was NOT the best version of Windows developed. Probably
Windows 2000-SP4 was / is the fastest O/S, took the least time to configure
with the least "fluff" and could be locked down tighter than a drum for net
working.

I won't even speak about Office 12 with its "comic book" interface.


Regards,
 
Hello,
I know I will be "flamed" out of this Vista discussion group but I feel I
must add my comments.

Doubtful. However, since you posted to a discussion forum, I will discuss
the topic with you.

1. How many "Joe Six Pack" Windows single machine users actually want to
spend time "logging" into their personal machines ?

I doubt it bothers them too much clicking their picture after the computer
starts up. In fact, I bet they enjoying seeing the picture they chose. Those
that don't will probably find out how to automatically log in if it bothers
them that much.
2. How many "average" Windows users have enough knowledge to actually "cut
off" and "cut on" the security features they really need ?

They don't need to modify these settings unless they are directed by product
support or someone technical because they are having a specific problem.
They probably don't even know they're there. Moot point.
3. How many "average" Windows users have enough knowledge to even know
what
the security setting's Terminology's mean ?

Why would they care? The UI they will want deal with are worded so that even
a novice can understand them. If they are having a technical problem, they
will need to contact product support or a technical fellow, as most average
users do.
4. How many "average" Windows users, after purchasing their off the shelf
machine, have the time or want to read a 2000 page Tec Manual or go to MS
Tech Net just to be able to to use their new machine for its intended
purpose ?

They don't have to.
5. How many "average" Windows users know what Permissions are, UAC is,
rundll does, WMI's function, what Active X controls are for, how the
Registry is built, what Protocols, Ports, Tokens and Objects are, etc.,
etc..... just to name a few of thousands of computer related knowledge
base
items ?

Why would they want to know stuff like that? They don't need to know that
stuff.

users ... don't want to spent hours / days
trying to figure out and configure there machines.

It comes configured out of the box for the "average user".
On the other hand, most "average users don't won't to feel that they are
are
being treated as children and are being protected and saved from their own
stupidy by a higher power either !

If you are referring to "Windows needs your permission..." and other
security-related features, I don't see how you think this is treating the
user like a child. Windows is asking the user what they want to do and
allowing them to control whether a certain action is taken - where as
before, Windows made the decision for the user. I see the average user being
given more control over their computer than ever before.

In my opinion, it is a "darn" shame for a company like MS to develop a
common everyday product such as Vista that will take at least (8-12) hours
(just a guess) to configure right out of the box which will then be useful
for the "average" user in accomplishing what they purchased their computer
for originally.

Again, Vista comes pre-configured for the average user.
My last comment concerns WPA, WGA and who knows what's to come.

You never fleshed out this comment. What do you think is comming? All I see
is Microsoft ensuring customers and OEMs are paying for their product.
 
Jim,

Appreciate the reply.

My post original was based on the fact that so many people have questions
concerning setting up Vista secuity in the discussion group. Just read them.

It appears that since the default settings for Vista security are ALL ON,
many will have difficulty configuring their systems to do even simple tasks
such as recieving E-mail with pictures or setting up the firewall for gaming
past through, etc., etc......

Even my website gets a Vista warning with all the security cut on and my
code validates perfectly except for the MS proprietary (margee tag) I use for
scrolling text.

Also some of the "fluff" needs to be removed, non essential Services cut off
and the Registry Tweaked to speed up the O/S etc., etc......

I guess I could go on forever concerning O/S set up but time is limited.

It appears you either work for MS or a big fan of their systems and business
model. Nothing wrong with that at all but surely from your experience, you
must have some disagreements with Vista. No software is perfect out of the
box without some set up.

As for me, I'm an old retired electrical engineer PE that grew up with
computers and O/Ses from the 70s. I guess time has past me by as I'm still
use to setting up systems from scratch to be Fast, Efficient with Just Enough
Security to do the job but still allow for Maximun Machine and System
Usability which pretty well dates me.
(Laughing Out Loud)

Concerning WPA, WGA, Etc.; I hate that type of business model BUT as long as
MS is allowed to get away with such actions, then all us will have to live
with it. Just being a (hobbist) and to get around WPA and WGA, it cost me
$1000s to purchase (5) seat (Volume Licenses) for MS Client software not to
mention Server software. A bit unfair for a hobbist in opinion.

You might get the opinion that I dispise MS as most other people do, BUT
that is NOT truth at all - MS knows me by my first name in many departments
and programs. I just philosophically disagree with them in many cases BUT one
cannot argue with their succcess !!

Kindest Regards,

Rick P.
======================
 
Okay, I can see your concern.

Not everyone is a tech whiz kid. Granted. I think a lot of the install
issues people are seeing have to do with it not being a full release version.
Yes, there are still bugs in the system that need to be worked out. There is
still a couple months to do that if needed.

You are right.

Most common users won't know what some of the terms are, some will. But it
has been my experience that those who dont, usually know someone who does. I
know that is little comfort in the idea.
But here is the clincher.

I remember when Win 95 came out, there were classes in colleges for learning
the system. Though we look at it now saying either, "Why did I waste the
money?" or, "What kind of an idiot needed to go to college to work Win 95."

There is no easy solution to learning a new program. My father at 66 is
still learning how to use his fancy new computer, he asks, "How do you learn
this stuff?" To which I always reply, "Look, just go through and see what you
can do, if you screw it up, we can re-load." And he now knows how to re-load
his computer, I think he has done it about 8 times now. But he is learning.

When this software comes out, you will have two kinds of users, the ones who
got it on their new PC, who may have problems at first, and those who buy and
load it on their computer, who won't have very many problems.

But just like 3.11, 95, 98, and XP, people will learn it. This release will
not be much different than the ones before. Every release gets better, every
release gets more technical, but every release gets more user friendly as
well. But with every release, there will be a learning period. There will be
people who are calling the windows help desk. Best Buy, Circuit City, and
probably every other small computer shop will be busy after the release, just
as they were with XP and other releases before it. That is just part of the
game.

And honestly, as a user, I would rather the computer be set up with too
tight security and have to learn how to turn some off, than to get a computer
that starts with no security and learn the hard way how to turn them on.
Because lets be honest, the day a virus screws up your computer is the worst
day to say "Maybe I need Anti-Virus." And programs like "Defender" are only
good if they are on.

Some will read the tech books, some will not, some will keep it around to
figure out what OAC means. Some may just feel through it, screw it up a few
times ane learn how to do things right. Either way, in a year or two,
everyone will be able to use the system, and most of them flawlessly.

Be optomistic. We can get through this. :-)
 
My post original was based on the fact that so many people have questions
concerning setting up Vista secuity in the discussion group. Just read
them.

I am very familiar with the posts about security in these groups :)

However, in your post you were arguing about problems that the "average
user" will encounter, and that is why I had to disagree with most of your
points. Don't misunderstand me, I don't think your issues are meritless, but
I don't agree with you in the context in which you presented them :). The
people who post here are not average users, especially the ones that ask
about security-related topics.

Most of the security-related problems encountered by the members of this
group are generally caused by:

1) Failure to interoperate with a dual-boot with Windows XP - this is caused
by Vista enforcing the security permissions on files created from within
Windows XP. Many people have never encountered NTFS security permissions
before due to always running as administrator

2) Failure to use command-line tools or non-Microsoft admin tools -> caused
by needing to elevate the program manually

3) Inability to access "old" Windows XP folders such as Documents and
Settings, because these folders have been moved or renamed and replaced with
hidden junctions

4) Inability to remotely administer a vista machine without changing a
registry key

5) Programs that misbehave in the new Windows

Of these, only #5 (and to a much, much lesser extent #2) will apply to the
"average user", but by the time Vista is publically available and beyond,
this should be less and less of a problem. This always happens after a major
upgrade to the operating system.
It appears that since the default settings for Vista security are ALL ON,
many will have difficulty configuring their systems to do even simple
tasks
such as recieving E-mail with pictures or setting up the firewall for
gaming
past through, etc., etc......

I believe MS has addressed the example issues fairly well ... I.E., blocked
pictures can be enabled by clicking an information-bar type thing that
bloops up, and Windows Firewall gives the user the chance to unblock an
application the first time it encounters it.

Also, I would like to point out here that the issues caused by these
security settings are caused by application incompatability with Vista, not
the security procedures themselves. Like any program designed for an
operating system, the applications will need to use the services that Widows
provides in order to provide their functionality.
Even my website gets a Vista warning with all the security cut on and my
code validates perfectly except for the MS proprietary (margee tag) I use
for
scrolling text.

Maybe your website is doing something considered risky, like using an
unsigned ActiveX control or doing something with JavaScript that isn't
considered "propper" these days?
Also some of the "fluff" needs to be removed, non essential Services cut
off
and the Registry Tweaked to speed up the O/S etc., etc......

This is very much an advanced-user thing... but really, Microsoft spends a
lot of time doing this themselves and making it just right for the "average
user" ... Sure, you may be able to do some additional stuff yourself, but it
takes a lot of knowledge to be able to know what to do. This isn't really
Microsoft's fault ... a complex operating system is complex to configure.

It appears you either work for MS or a big fan of their systems and
business
model. Nothing wrong with that at all but surely from your experience, you
must have some disagreements with Vista. No software is perfect out of the
box without some set up.

I do not work for Microsoft, but I am a big fan of Windows NT ... I really
know nothing about their business model. I do have disagreements with some
of the implementation details of the security in Vista, but I agree
completely with the abstract model.

As for being "perfect" out of the box ... I can say that, when looking at
the big picture, I believe that things will be "pretty good" for "average
users". However, we all know that there is no such thing as perfect, pretty
good, or average user.

I see Windows providing two things: A platform for software to be built
upon, and the minimal software needed for the user to be able to use the
system (i.e. the shell).

I see the need for tweaking the platform itself minimal; most users don't
need to muck around by disabling services or turning off core features of
the operating system, unless it is preventing them from performing a certain
task, at which point they will need assistance. I see users primarily
configuring the software they use - such as windows explorer, word, etc,
which has a pretty good interface for adjusting its behavior.

I see this in the same way as a car - I don't need to adjust the properties
that make the car work unless I am having a problem (i.e. the idle speed,
fuel-mix-ratio, etc). The car is set up for the average user in mind (those
going highway speeds).

Those who do not fall into this "average user" category (i.e. people who
like to race or want a show car) can modify how these things work (making it
use more fuel, removing the limiter on speed, etc), but the average user
could care less about doing this. Why should the car manufacturer make these
things easy to do?

However, everyone is free to customize the car as they see fit by buying new
radios and changing the appearance of the car - I see this equivalent to
buying new software or changing application options in Windows, things which
are fairly easy to do.

I think the problem here is that Microsoft is changing the way that they
built their "car" and a lot of "accessories" for the car are going to be
obsoleted or won't work correctly, mostly because of stupid things those
"accessories" have done (i.e. software not following the spec MS has laid
out for how they are supposed to access the operating system - imagine a car
radio depending on the idle speed of a car being set at a certain value and
messing up if it is changed!)
As for me, I'm an old retired electrical engineer PE that grew up with
computers and O/Ses from the 70s. I guess time has past me by as I'm still
use to setting up systems from scratch to be Fast, Efficient with Just
Enough
Security to do the job but still allow for Maximun Machine and System
Usability which pretty well dates me.
(Laughing Out Loud)

Ah, now I see where you are comming from. From my perspective, Microsoft's
approach is to design the operating system for the majority ("average
users") but allow specialization by the minority. That is why I say windows
is already configured for the average user.

And I really think this is the way it is because that's how the "average"
people want it. They don't want to have to tell the computer what they are
going to do with it by answering a bunch of questions, even if it was easy
to do and understand. They just want to use the computer, and they want the
computer to be able to do anything they want to do with it, with as little
configuration as possible.

It really would be nice if everyone could have a "custom" version of Windows
stamped out just for there needs - and this is in fact possible now and will
be even more so in the future, for those advanced users wishing to do this.
But, I really don't think this is what average users want to do, and that is
primarily why Windows doesn't make it super simple to do - why spend so much
time working on something that won't be used by the majority of users? Just
make it good enough for the users who will actually use it.

Previously, Microsoft has done what you suggest with the security issue
(putting app compatability/usability before security) - and they ended up
with Windows ME. LOL.

Seriously, though, I think most of the security improvements, when
considered as a whole, signal a move by Microsoft to re-architect Windows by
defining the interface between applications and the operating system better.
Microsoft is kind of re-asserting there right to be "boss" of the operating
system, where as before they kind of allowed applications to enter into
their territory and act as the operating system with minimal fuss. I believe
this is the root of many of the security problems in Windows, from an
abstract point-of-view.

To put it back into my car perspective, why should the radio be able to tell
what the idle speed of the car is, let alone modify it? If the radio wants
to do something, it will need to follow the interface available to it by the
car design, not change the car design to suit its needs (possibly mucking
things up for other accessories on the car).

This is evident by the changes in device driver policies and kernel patching
as well as User Account Control. Essentially, Microsoft is building a big
wall between the operating system and applications, and forcing the
applications to use the services Windows provides in order to do what they
want, instead of allowing the application to just delve into the system and
muck up everything. And if the application really needs that kind of access
to the system in order to do what it needs, it can still do it, but it will
have to be done "correctly" and the user will have to allow it.

Before Vista, it was kind of like rival gangs (programs) battling for
control of the city (the operating system) with little concern for the
damage caused to the city and innocent victims (the users). (Although not
nearly as bad as pre-NT systems).

Right now, this shift will have major negative consequences on usability,
but in the future this will allow Microsoft greater room to improve Windows
without breaking as many third-party apps, which I believe will in the
long-term increase usability.

After thinking about it a bit, I think you and I see Windows in two
different lights ... I see it as a framework for an infinite number of
possible uses, more as an abstract thing, and that it is the applications
that are the concrete inplementation of this framework and that they should
be customized to fit the user.

But I think you see Windows more as a concrete thing, as if it it were a
block of clay that exists to be molded to only support the needs of the user
and the applications that user specifically uses, whatevery they may be, and
that unless this is done it is not really complete.
Concerning WPA, WGA, Etc.; I hate that type of business model BUT as long
as
MS is allowed to get away with such actions, then all us will have to live
with it. Just being a (hobbist) and to get around WPA and WGA, it cost me
$1000s to purchase (5) seat (Volume Licenses) for MS Client software not
to
mention Server software. A bit unfair for a hobbist in opinion.

I don't see how product activation constitutes a business model. All I see
is them making sure they get paid? I don't see this as a problem. If you
don't like the price, you don't get to use the software ..... that has
always been the way it has been for any product.

I see product activation in the same way that I see sensormatic security
tags at a retail store.
 
you can RUN secpol.msc (Local Security Policies) and neutralize any of the
security blocks, access levels, alerts, etc. that you may find uneccesary or
nuisances for your environment. I agree with you though, the "average" user
will be paralyzed.
 
Back
Top