Microsoft SRP, DEP and security

One of the main problems with SRP is that Microsoft make it so difficult. It is not available on home versions except for the very inconvenient parental control in Vista. Even if you have it it is hidden away and hard to use. DEP is hidden away too. How is the average user even going to find out such things exist? Until Vista, many XP home PCs came with FAT32 and no security at all. I have the booklet that comes with Vists Home version. It mentions adding users but does not even suggest setting up limited users for added security.

If Microsoft took it seriously and made it easy to use more people might use it. Wizards for installing software, guide you when DEP causes a crash or SRP stopped something from working would help. It could then all be ON by default and people would use it.

It seems like Microsoft do not care about security for home users. Presumably it is all down to money.

 

This is not Microsoft's fault. It's the fault of OEMs, big PC manufacturers, installing Windows on their PCs in a very insecure configuration. FAT32, or NTFS with mucked up permissions... I've seen a lot of it. But it isn't something that Microsoft is responsible for.

Making it easy is not as easy as you might think. Let's use a small example. If there was some kind of a wizard that explained to you what has happened every time SRP blocked something (how would SRP even be enabled unless you learned about it somewhere and then had enough skill to enable it?), guess what Joe User would do? He would just disable SRP because it stops him from installing his crackz and warez or the occasional trojan (which he doesn't know about). And how easy do things really have to be? Trained monkeys could likely use Windows with the way it is. Why would one need wizards for installing software? What would the wizard do? Tell you that you need to be an admin to install and installing may be dangerous? Well, Windows already does that. And installing is just point-and-click in Windows. If you get an access denied warning, log in as admin and try again. Not hard.

And then, look at how things work in Unix. I'm sure most everyone has heard Unix-based systems praised for their security (as compared to Windows as the argument always goes). And how "easy" are these systems to use and configure? Yeah.

Easy isn't automatically only good. If Windows was more difficult to use, people would actually need to learn something before using it, and would know more, and would be less likely to be infected with malware and fall for scams here and there.

Microsoft, like any company, needs to balance ease of use with security. More security equals less easy to use, this is always the case. If Microsoft wanted as much security as possible, they could default to limited accounts and enable a whitelist SRP by default, but that would make using the system so difficult to Joe User that they'd get complaints and people switching to other software. Or in other words, they can't really do that. Making the security features "easy" is a nigh impossible task. The DEP example? If DEP crashes something, and Microsoft pops up a message to let you know and explain what happened and why, what happens? Joe User turns DEP off because it makes things difficult for him.

 

DEP is so far down the chain of icon clicking. Seems somewhat ridiculous.

I guess Microsoft put compatibility first over security.

With DEP enabled I have had a few problems with defrag tools. Can't think of anything else it has bugged me with.

 

If software could only be installed via a wizard it could automatically be added to allowed list in a software restriction policy, it would prompt for an admin passward and allow any other security applications to know you are installing something. Malware would only get on through bugs in the system or by tricking the user into thinking they were installing something OK.

User clicks on install software. It then asks where from, CD or file. It find the autorun program on the CD and run it with the correct privileges.

 

I don't see how that's any better than the current way Windows does things. Your suggestion sounds vaguely like a package manager, with the added security weakness of making the package manager whitelist everything folks can be tricked into installing through it, conveniently bypassing every security precaution on the system from SRP to "other security applications". Sounds pretty bad.

As for software restriction policies, as it is now, if you create a whitelist policy of allowing everything in the Windows and Program Files directories and disallowing everything else, then anything that you install as admin already goes right into the whitelist - because if you install something in Program Files, SRP lets it run no questions asked.

Really, a wizard would only complicate things needlessly.

Umm... that's how the situation is right now. Today, in current Windows versions, malware gets to infect systems through either "bugs in the system" (= by exploiting unpatched vulnerabilities) or by "tricking the user into thinking they were installing something OK" (= social engineering). So, this whole strange wizard business would not change anything - malware would still infect people exactly the same way it does today, by exploiting bugs or by deceiving gullible users.

 

Other security apps could monitor installations and check them for suspicious activity but not automatically block.

If it was that easy then SRP should be default on for all limited users but it is not. Many programs do not install to program files. Some run straight off a CD. A hash rule can be used for a program on a CD but the user would need to be guided to do this.

Most malware exploiting bugs is stopped by an SRP unless the bug gives it admin rights or the bug is in the SRP. Bugs in the browser etc would be much less of a problem.

If limited user and SRP were easy then more people would use them. Most people I know don't even know such things exist. Most of the people I know who work programming computers have not heard of a software restriction policy. It is too well hidden away.

 

I see. That makes more sense. Although I do not see how it differs from the present situation in Windows: since there is no wizard required to install software, any third party security applications will monitor installations all of the time, normally, for any activity they have been designed to monitor. Adding the wizard into the mix would just work as some kind of a "Hey, I'm going to install something, don't block me by default" message to said security software, but that would not really help much, since most security software do not operate in default-deny mode anyway, rather giving warnings and asking the user than silently blocking everything not whitelisted.

It is that easy. Assuming, of course, that the software being installed was coded by people who understand the Windows NT security model, that is to say, programmers that know what they are doing and care about security. Not all programmers know what they are doing, and they may not care about the security model of the OS they are coding for. But before one installs programs made by such people, one should carefully consider this question: If those people can't or won't even follow the basic security guidelines of the OS, what other security holes have they fumbled into their products? Good software defaults to installing into Program Files for global installations, and saves per user settings in the user profile Application Data folders. That is not hard. If a professional programmer can't get that right, they ought to be fired.

As for software running straight from CD, I'm not sure how that is related. Those programs are standalone programs that do not install to the system, so the installation wizard would be rather strange if it interacted with these programs that do not even try to install.

Again, we come to the question of whether easy is always better. SRP is meant to be a tool for advanced users or rather admins (since you really can make your Windows unbootable with it). If SRP was made "easy" and given a flashy GUI wizard with lots of explanations for novices, what would really happen? Would novices suddenly wise up, or would they just allow every scamware that tries to trick them through SRP that so graciously guides them to do just that? My money is on the latter scenario. Ergo, SRP wouldn't help nearly as much as it might at first seem, and it would still add a lot of annoying "Allow this?" for users who mostly already hated Vista for its relatively simple and quiet UAC. See where this is going?

It is a user problem, not a OS design problem, in my opinion. People don't RTFM, people don't try to learn anything, people just want to point and click. And since they want such simplicity, Microsoft gives them just that, with an option for the advanced users who actually bother to learn about these things to tighten things up at the cost of ease of use.

Again, look at Unix based operating systems praised for their security (by some). Are they easy? Do they have pretty wizards to help novices along? Nope.

Making things both easy and safe at the same time isn't easy, or simple. It's rather difficult, actually. And what's more important, making things both easy and safe as well as not annoying to impatient users is almost impossible. Most computer users unfortunately do not want warning popups alerting to whatever program they're trying to install. What you propose wouldn't fly with the people who need it the most. And for the people who have bothered to learn about these things already and are already using them, what you propose wouldn't be any better than what we already have - in fact, some would consider it worse instead of better.