Long view: How secure is Vista?

Discussion in 'other security issues & news' started by DigitalMan, Oct 27, 2007.

Thread Status:
Not open for further replies.
  1. DigitalMan

    DigitalMan Registered Member

    Joined:
    Sep 9, 2004
    Posts:
    90
    Does anyone have an objective assessment of whether or not Vista is more secure than XP or as compared to Mac/Linux? How would we even begin to answer that question with data / objectively?

    I don't think security patches really tell the whole story - its one thing if a vulnerability is fixed, but quite another if its exploited in the real world.

    I'm not an MS fanboy, but I have to belive that the $billions spent on Vista should be reasonably effective at fixing the majority of easy security vulnerabilities in XP; MS has had the benefit of testing/comparing to Mac/Linux, etc. along the way too. I would expect the result to be fairly good in practice even if its not amazing.

    Taking a step back it seems we haven't had any major Vista malware outbreaks - seems its reasonably good about security regardless of whether you like MS competitive tactics.

    My hypothesis is that Vista is pretty secure but I'm open to the discussion.
     
  2. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello,

    I made an article about Vista against leaktests :
    http://www.firewallleaktester.com/articles/vista_and_leaktests.html

    We can see that Vista is more secure than XP out of the box, and provides security features that XP does not have. However Vista is not totally safe, there is still some unsafe things allowed (e.g : process injection, keylogging).

    Regards,
    gkweb.
     
  3. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    GKweb,

    Vista's uses Adress Space Layout Randomization as a new feauture. What would be the additional value of using Whentrust's freeware in XP to implement this on older machines?

    Thanks

    Kees
     
  4. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    Hello,

    The only time I tested Whentrust on XP in the past, my computer was very buggy and HIPS were failing to load. I don't say Whentrust does not work, it should obviously do, it just didn't do well on my system.

    If it works, that should prevent some bufferoverflows to work, as they rely on APIs from always being located at the same addresses. If the adresses are different, it will fails.

    However I'm a bit skeptical about the performance and compatibility issues after adding Whentrust to XP. It is much better when it's native to the OS like in Vista. Nevertheless please note that Vista has ASLR enabled by default only for executables which are specifically linked to be ASLR enabled. That means explorer.exe is protected on Vista for instance, but not all of your other applications such as your browser (until they do it). An application must be ASLR linked at compilation time, when the binary is built. Therefore, as the majority of applications is right now not ASLR "aware", this protection has little effect for now on Vista (it just protects the vital OS binaries).

    I have just installed Whentrust on a Virtual Machine, XP SP2, Thermite leaktest seems successful and after excluding iexplore.exe from Whentrust to check the difference, IE failed to load and crashed. Unlike Vista where the OS let the applications be ASLR aware or not, Whentrust instead forces it for all processes by default.

    More tests should be made security wise, but stability and compatibility wise, I still think it causes more troubles than it solves.

    Just my opinion though, that should not prevent you to test it yourself :) If it works for you, without any compatibility/stability and performance issues, then it's a useful addition.

    Regards,
    gkweb.
     
  5. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    It used to work, but I tried it on my wife's machine (with DefenseWall and ThreatFire Pro) it did not boot, so I had to restore the image from backup.

    So please do not try this at home;)

    I noticed your sig with Vista64. We currently use Avast, Primary Response Safe Connect and Haute Secure. Which security software do you use.

    regards Kees
     
  6. Long View

    Long View Registered Member

    Joined:
    Apr 30, 2004
    Posts:
    2,295
    Location:
    Cromwell Country
    I have no idea. I still use Xp but nice of you to ask.
     
Loading...
Thread Status:
Not open for further replies.