Submitted by Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry. But a bold statement can only go so far, and much of this week’s conference has been spent reinforcing that point.
Um, what industry is that? Are they just talking about the desktop market, or are they comparing themselves to something like Trusted Solaris?
Moreover, how can you judge the security of a product that isn’t out yet? Security, like usability, isn’t a feature that you check off. It’s a reputation you earn based on experience and time.
Microsoft only comes close with Server 2003 vs Linux….
(running a GUI)….when it comes to stability…but secure? I dont think so….
There is a reason they call it Trusted Solaris….
Lets see what Microsoft has got when they release this Vista..
Edited 2006-06-16 02:40
It is called marketing…..
Who is going to want to buy Vista if they think it is as unsecure as XP ?
Companies always market the new products as better/more stable/more secure…..
Look at washing powder adverts for example….
compared to Linux it’s not a big feat
Microsoft has put a lot of efforts to secure Vista, but until it really hits the streets how will we know?
For example, if you look into the WinHEC link posted today (http://osnews.com/comment.php?news_id=14900) youll find a presentation where they explain that they’ve added a new type of processes: “protected” processes, which will be used for software implementing DRM technology. Those processes are protected to avoid people hacking them so you can’t debug/kill/look at them, but that also means (they warn it) that antimalware/antivirus software can’t kill those processes. Theorically only some signed software will be allowed to create those processes but uh, it’d a wonderful hole if someone manages to jump that signed protection.
So I will wait for real world testing to see if this is REALLY secure before trusting people that told us that XP was also secure.
And what if the malware/virus is able to *become* one of these “protected” processes ? Which, given the MS track record, is entirely possible.
Essentially Microsoft is implementing in-kernel copy protection.
If MPAA will be dumb enough to allow implementations of software blu-ray or hd-dvd decoders as protected process, someone will promptly hack the kernel and gain access to ring0. Without processor TCPA support, Microsoft doesn’ have any chances.
If starforce (a very nasty protection) was defeated, I don’t believe that Microsoft can be any harder.
Btw, I doubt that Vista will be able to detect (without the TPM chip) if the system is virtualised/emulated in something like vmware. At that point, anyone will be able to dump unencrypted code or a even get a decryption key for it.
Edited 2006-06-16 10:27
Consumers are being plagued with spam, phishing attacks and spyware, while the corporate world fends off data and identity theft. Microsoft believes its new wave of software will be the panacea for such problems, thanks to the Security Development Lifecycle (SDL) and technologies such as BitLocker and smart cards.
So after years of worms and viruses abounding we’ve finally got it through to a number of people that they have to be aware of what they do to keep from getting into trouble and here comes Microsoft: “Don’t look before you cross the street, with Win Vista!”
Not only that, but isn’t MS *responsible* for the “spam, phishing attacks and spyware” to some degree?
I’m a (careful) Windows user, but sheesh … have the nuts to say, “we screwed up royal on many of our past OS’s, but we’re trying to make Vista better.”
Can’t argue with that. Can’t crack it until it comes out.
I skipped Windows XP because it was more of the same from Microsoft, a bunch of posturing and proclamations with no results. I am going to do the same with Vista and likely whatever follows it, because I cannot trust Microsoft, it has made it abundantly clear that it is incapable of security.
I will use OpenBSD instead, at least it actually is secure.
I skipped XP also until this year when I upgraded from 2K. It was worth it. XP runs applications faster, quicker launch times, and it manages memory better. It is not just a pretty face on the 2K OS. Upgrade you will like it. If you don’t like the bright colors just set it back to look like classic. Keep in mind I am not a MS fan at all. Fedora linux is my main workstation.
Edited 2006-06-16 01:39
I prefer Win2K over XP at any time.
It’s faster, it has a much better User Organisation (what’s up with only “Limited User” and “Administrator” – what happened to “User”, “Power User”, etc.), consumes much fewer system resources.
It’s not as themeable as default, but that’s about it. Oh, and Win2K doesn’t handle games too well, compared with XP.
Win2k is faster? How so? Are there benchmarks to prove it or is it just a seat of the pants kind of feeling that a certain OS is zippier than the other? I read from some forums that if you turn of the XP “eye candy” then you get the same performance as Win2k. I dont know if that is true or not. The reason why I ask is because then I would try to install Win2000. Thanks for any info!
The time it takes to open windows, the speed with which menues react, not to mention the console. All of this perhaps should be called “snappiness” or “latency” ? And Win2K do not require >512 MB ram to feel snappy. 256 MB is enough (running XP with 512 MB ram is like running Gnome with 512 MB ram… pure S/M).
You can get a reasonable performance in XP without all the fancy stuff, but then you’ll end up with a system with less functionality than Win2K. Win2K3 is better though. If you can get your hands on a legal copy, then tweak it to be a workstation OS. That’s probably the best Windows-on-the-Desktop one can possibly get. Just remember to tweak it, though.
XP suffers from a primitive unacceptable User Organisation. Win2K3 (and Win2K) are much better at this.
But to the ordinary clueless user, that of course is irrelevant.
All you have to do to manage users in WinXP like in win2K and Win2k3 is go into Administrative tools and go to manage computer, and all the old groups and users are there. There is not any less user functionality in XP compared to Win2k/2k3
For his personal preference I imagine the seat of his pants is all that matters, don’t you think?
The type of speed he’s talking about is only important in perception anyway. Who really cares if it’s actually faster when it feels faster, it’s not like the 12 microseconds were going to go to good use anyway.
thay all add up !
Win2k is faster? How so?
For me, it is based on meory usage. Here is my guideline for appropriate memory usage in the windows world:
Win 3.1 – 8MB
Win 95 – 32 MB
Win 98 – 128 MB
Win 2K – 256 MB
Win XP – 512 MB
Vista – 1024 MB
** Win ME – Just turn it off and walk away slowly!
You forgot NT4 that is very good OS
Stable & don’t need a lot of RAM 
You forgot NT4 that is very good OS
Stable & don’t need a lot of RAM 
Good Point!
Win NT4 Desktop – 64 MB to 128 MB
Win NT4 Server – 128 MB and up
Actually, being a server OS, NT4 Server depends on what you are serving. I have used NT4 Server boxes with as little as 16MB (file sharing). Of course, with heavy load, it goes up, but it really did seem to need a lot less Ram than I would have thought.
//Win ME – Just turn it off and walk away slowly!//
Take it from a Windows fan … walk away slowly? RUN LIKE HELL!
Win 3.1 – 8MB
Win 95 – 32 MB
Win 98 – 128 MB
Win 2K – 256 MB
Win XP – 512 MB
Vista – 1024 MB
The beast seems to get bigger with every release:
http://en.wikipedia.org/wiki/Lines_of_code
Year Operating System SLOC (Million)
1993 Windows NT 3.1 6
1994 Windows NT 3.5 10
1996 Windows NT 4.0 16
2000 Windows 2000 29
2002 Windows XP 40
I wonder how much more will be added with Vista?
Sever 2003 will run just fine with the right hardware set up…
Edited 2006-06-17 01:57
Played games just fine when I was running it. In fact, played games XP won’t.
Try Worms 2 (it does play but not too well – the movie clips don’t work too well) or Diablo 1 ( I know I know.. ooooold games, but in my mind they are still new… old games are those from my C64
)
If you can make it run under Win2k, please let me know how.
I don’t know about Worms 2 but Diablo (1) ran fine for me. And yes, the older games do seem to be the better ones don’t they? =)
Have you tried ntcompatible.com? they have a nice data base on how to get games working.
Haven’t heard of it before (or cannot remember having heard of it), but I’ll give it a look now. Thx
And oh yes. The older games are the best
Summer Games, here I come
wow…. MS invests more than a billion developing this OS… and you make a comment on how well it plays games! WOW….
what a total waste!
//
It’s faster, it has a much better User Organisation (what’s up with only “Limited User” and “Administrator” – what happened to “User”, “Power User”, etc.), consumes much fewer system resources.
//
User organization is the same.
run
control userpasswords2
Thx
It doesn’t explain why MS changed the behaviour. Is it supposed to be easier the other way?
“what’s up with only “Limited User” and “Administrator” – what happened to “User”, “Power User”, etc”
Ugh….all those still exist, and always have, under computer management, in adminstrative tools, where they always have been, since NT
“it has a much better User Organisation (what’s up with only “Limited User” and “Administrator” – what happened to “User”, “Power User”, etc.),”
control userpasswords2
Oops, missed the prev comment on this. o_0
What happened to the edit button?
The edit button doesn’t always work. Usually it does, but sometimes it’s not there.
well we know it isnt a pretty face. that was pretty obvious from the beginning
>>I will use OpenBSD instead, at least it actually is secure.
Damn you, beat me to the punch.
Of Course Virus-ta is the most secure os in the industry, if you’ve never ever heard of another OS. Just more MS folks showing their “Windows Starter System” experience.
One has to wonder whether the folks in Redmond understand the difference between having buzzword compliant security features and actually being secure.
Edited 2006-06-16 01:37
He had to say it or he will be thrown chairs at.
Edit: typo
Edited 2006-06-16 01:31
Gotta love the executive and manager types that say stupid crap like this and make the whole company look bad. What an idiot.
What’s even more sad is that people will think saying this somehow makes Vista any different or that it’s another reason to not use Vista.
Gotta love the executive and manager types that say stupid crap like this and make the whole company look bad. What an idiot.
But you have to wonder. Did he just blab it out for the hell of it or was he told to say it?
It’s not the first time who MS says that, and will not be the last… in fact, i remember several speeches like that between 2000 and 2001 about winXP.
as the titanic was unsinkable
You know this because you have cracked it? Amazing!!!!
Possibly, there is a public beta available, so anyone can now take it and crack it.. Nothing amazing about that
They said the same about Windows XP.
Do I even need to say anything else?
Who writes this stuff, Steve Ballmer?
Like Janizary and MikeekiM said, who can beat OpenBSD? I would like to hear OpenBSD’s hackers and users complaints and mockery of Vista’s security. The real security test for an OS is how long does it take the default unpatched installation to fall to hackers/crackers and viruses or trojans. “One remote hole in the default install” seems to be an incomprehendable, or should a say unattainable, standard for Microsoft.
Wait for some time to become Vista the most unsecure OS on earth… Have you forgotton what happened to WindowsXP? Have you not gone through the Microsoft history books?
But Microsoft acknowledges that nothing is infallible when it comes to computer security. In turn, the company has employed black hat hackers for what is called a penetration, or pen, test team. This group has only one duty: to break the security in Windows Vista and help the company develop fixes for the vulnerabilities.
Er, no. You don’t “employ” black hats. They work for themselves and have their own agendas, and they’ve been happily pen testing Windows for years now without a paycheque from MS. If they’re on the payroll, they’re white hats.
The company is working closely with developers to add custom “shims” that will ensure their programs are compatible with User Account Control.
10-to-1 odds we have the makings for our first exploit right there.
Work to streamline the experience for consumers will not stop with the final release, however, as Microsoft already has compatibility improvements planned through Windows Vista Service Pack 1.
So they’ve thrown in the towel and are already planning SP1? That’s not inspiring.
In fairness, Microsoft seems to finally “get” it now. Issues with permissions, services, default settings etc. These were all known and discussed prior to XP, and were happily ignored. So I’ll give MS credit for almost admitting where they were wrong, and taking steps to correct it.
But that’s on paper. What really remains to be seen is the execution. The real black hats are waiting…
Interesting post. Thanks for the white/black hat info. As for SP1, I have learned not to use an MS product until there is at least 1 SP out for it. Well XP 64 bit is an exception. Great OS but it already technically has a SP because I think it was based on the OS with an SP in it already. There is supposedly a Vista R2 in the works….which is Vista Redux…or Vista Properly Done…or something along the lines. I dont think I will be the only one in saying, if I were indeed required to upgrade to Vista, waiting for R2 would probably be the best idea. My 2 cents.
Go look up the word “employ”. It doesn’t neccesarily mean they are paying them. They are simply using the services of the hackers.
We’ll have to wait until Vista gets out in the wild before we find out how secure it really is. BUT …
If it does turn it to be secure, I bet the ABM’ers are going to be pissed .. they’ll have less ammunition this time around
Of course, with end users going out of their way to do anything they’re told when they’re promised nude pics of Jessica Simpson, there’s only so much that can be done to secure an OS. Still though, if MS can eliminate the rootkits and drive-by installs, that’ll certainly go a long way.
It could turn out to be the most Secure Microsoft OS ever released but if these “Security” features get in the way of actually using, configuring and administering the system for REAL then users & admins alike will quickly get pissed off and start truning off the bits that get in the way of their “Real Work”
IMHO, is that if an OS Security system is so obtrusive as to stop “Work” then it is a security risk in itself. Why?, Admins are only human and will ‘remove’ those bits that stop them from doing their work.
I think that the BSD Security Model is fine. Its there but not in your face.
The UNIX security model is “just right” for a networked desktop/workstation. It lacks the flexibility and fine-grainedness of ACLs, but at the same time, that lack of flexibility makes it much easier to create a good default security policy. It’s also simple enough that the user has a hope of understanding it, which goes a long way to improving the security of the system by reducing user error.
Once you get into ACLs and authorizing capabilities, you get a framework that is much more powerful, but one that is probably outside the understanding of your average user. It’s easy to succinctly summarize the UNIX security model: each file has an owner, and that owner can authorize either himself, his workgroup, or everyone to read, write, or execute that file. It’s also easy to succinctly summarize the security policy on a UNIX system: each user owns and can write the files under ~/, while everything else on the system is only accessible to the administrator, except temporary directories. Can someone summarize the Vista “User Access Controls” policy in as succinct a manner?
Security in lack of numbers.
Here is a very intelligent sentence from the godfather of security, OpenBSD:
“Security is not a product, but a process”
Well I won’t comment. I will just the OS do that and watch as you all get angry and more jaded about Microsoft. Typical anti-microsoft kids.
All in all, XP has had very few remotely-exploitable non-interactive vulnerabilities. There were some pretty nasty ones which required user interaction, like the WMF flaw, but nothing that would hit you unless you’re looking at scuzzy sites on the net. If people keep the UAC stuff on, then even this stuff won’t be too bad.
What I’d love to see as a feature of UAC is a way to log on with it off for a single session, or to turn it off for a specific amount of time so that one can do a bunch of administrative tasks at once and then reenable it.
All in all, XP has had very few remotely-exploitable non-interactive vulnerabilities. There were some pretty nasty ones which required user interaction, like the WMF flaw, but nothing that would hit you unless you’re looking at scuzzy sites on the net. If people keep the UAC stuff on, then even this stuff won’t be too bad.
I think you forgot things like DCOM enabled by default:
http://packetstormsecurity.org/0307-exploits/dcom.c
Or maybe you also forgot the UPNP exploit:
http://packetstormsecurity.org/0112-exploits/XPloit.c
I can find more and then some unpublished ones, but those are a few I remembered using off of the top of my head. An unpatched version of XP is soooo easy to hack.
In case you hadn’t noticed, he’s a *Microsoft* manager speaking at a *Microsoft* conference. He’s essentially a salesman speaking to the already converted. You cant expect him to say that their new product isn’t going to be better than the last.
But he’s not saying “this is the most secure Windows ever” (like they did with XP). He’s saying “its the ost secure OS in the industry”. That’s not just marketing, that’s throwing down the gauntlet.
“Er, no. You don’t “employ” black hats. They work for themselves and have their own agendas, and they’ve been happily pen testing Windows for years now without a paycheque from MS. If they’re on the payroll, they’re white hats.”
Nonsense. There are legions of black (and white) hats that are more than happy to sell their services to the highest bidder. For some it’s even the sole driving force behind becoming a white/black hat.
What are the guys from L0pht Heavy Industries (that was a pretty cool name, btw) doing these days? Oh right, they got “aqcuired” by @stake (now part of Symantec), a commercial security company that sells consulting services. So much for working for themselves, having their own agenda and not selling out.
http://blogs.msdn.com/michael_howard/default.aspx
See link above:
Maybe if Vista is mummified enough, it will be nearly impossible to exploit. But almost all vulnerabilities in windows stems from the person at the keyboard/mouse.
ahaha, who are they kidding with this stuff, click-and-drool MCSE dimwits that think world doesn’t exit outside of Windows? As far as security is concerned Vista does not have *anything* new or interesting. It is a re-hash of things other operating systems had for years. But MS astroturfers are grasping for straws trying to convince the less intelligent populace of some non-existent Vista superirority. Vista is the same old turd of an OS, which just like XP and W2K before that will suffer from myriad of security breaches (MS tried to convince us before that XP will be a truly secure OS and W2K before that and NT before that). If you want the most secure OS in the industry, go no further than Trusted Solaris, which truly deserves that title (mandatory access control and labels out of the box, enough said).
Will the hard drive encryption lock the drive so you can’t make a new operating system or run other operating systems? I presume Linux will overcome this, but it sucks there are more secrets in the industry. It’s bad enough we don’t get documentation on hardware. Security sucks and is just an excuse for companies which can’t think of new features. See http://www.losethos.com for an operating system with no security, but lots of features.
The spyware industry… xD
“Microsoft senior vice president Bob Muglia opened up TechEd 2006 in Boston Sunday evening by proclaiming that Windows Vista was the most secure operating system in the industry.”
[snip]
http://secunia.com/product/96/
Currently, 0 out of 70 Secunia advisories, are marked as “Unpatched” in the Secunia database.
http://secunia.com/product/4670/
Currently, 0 out of 182 Secunia advisories, are marked as “Unpatched” in the Secunia database.
http://secunia.com/product/22/
Currently, 27 out of 140 Secunia advisories, are marked as “Unpatched” in the Secunia database.
Vista will be more secure then XP… but… most secure? Never.
From the article:
“Consumers are being plagued with spam, phishing attacks and spyware, while the corporate world fends off data and identity theft. Microsoft believes its new wave of software will be the panacea for such problems…”
Yeah sure, but we all know panacea doesn’t exist.
I would love to see what odds one of those UK betting agencys would give you on Vista having less open security vulns, one month after official realease, than openBSD.
I am sure not even Microsoft employees would bet on Microsoft. The article is the best troll I have seen in ages 🙂
“not only is Vista the most secure operating system in the world but it’s going to include Microsoft Bob and borrow some legacy stuff from our most advanced operating system Windows Millenium. People-if you don’t have the horse power to run Vista-go to ebay and buy Windows ME.”
I rather have a virus than to spend a total of 60 minutes weekly getting prompted to do something multiple times.
until you decide to install it.. I am sure.
I’m sensing a pattern here. Not a very good one, either……
Yet Another Security Hole for the Windows Platform (December 2001) http://www.osnews.com/story.php?news_id=431
Microsoft may have touted Windows XP as the most secure operating system it has made, but the company on Thursday released a bug fix for a security hole that could leave some people’s systems open to malicious attack.
I recall that the same claims were made my MS for Win98, WimME, Win2K, all the Server Editions……
After they were unleashed on the computing public, each one was soon discovered to have major security issues and exploitable holes.
As far as Vista is concerned, I’ll stay away as long as I can.
Fool me once…….. (or twice, three times, oh, boy!)
No mention of Server 2K3?
That’s pretty secure. Most of the vulnerabilities in it are things like Media Player and IE, which no one would use in a production server environment. The only remotely exploitable vulnerability was WebDAV in IIS, but everything is off by default, so an unpatched 2k3 box would fare pretty well as a static web server.
“so an unpatched 2k3 box would fare pretty well as a static web server.”
The problem is unpatched 2k3 is same problematic like unpatched XP. & i know that from autopsy
LMAO!! I just reinstalled WinXP yesterday, and one of those advertising screens that pop up while it copies files over stated the EXACT SAME THING. More rehash. I have lost all trust in MS. With all the weird updates that are forced, and completely disregard my preferences (WGA), who knows whats going on in my computer. Even a virgin install of Windows and an clean scan with ad-aware finds MS installed spyware.
I’ll believe it when they don’t need a patch before it even rolls out.
Vista Security Features:
– User Account Control
– Seperating some of the drivers from the kernel
– Honoring the NX (No Execute) bit on modern CPUs
– Modularizing things like IIS Web Servers
– ALSR (Address Space Layout Randomization)
– A sandboxed version of Internet Explorer.
No, this does not make Vista the most secure OS out there, this just puts it closer to (yet still behind) ‘nix security.
Redhat Enterprise Linux 4 Security Features:
– Exec-shield is an LKM that honors the NX bit and does some kernel-foo to prevent buffer overflows.
– FORTIFY_SOURCE – Many critical services are compiled with a hardened version of gcc designed to produce code that detects and prevents buffer overflows using a standard canary stack protection mechanism.
– Specially modified C libraries designed to detect and prevent buffer overflows
– SELinux MAC (Mandatory Access Control). Vista has no form of MAC that I was able to see anywhere in the beta or on the MS site.
ASLR and PIE (Position Independent Executables) works on Linux if you install a PAX kernel (http://pax.grsecurity.net)
SELinux is ACLs, which NT has had since version 3.1 (the first version) so Vista has MAC built in, and so did every other version of Windows, it was just nullified by the fact everyone ran as administrator.
SELinux is ACLs, which NT has had since version 3.1
Wow! Just wow…
SELinux is not ACLS, it is Mandatory Access Control. Windows has never had Mandatory Access Control or anything similar to it. Modern filesystems such as ext3 support acls when mounted with the correct options and acls are set using commands like setfacl.
Please understand that comparing ACLs to MAC is like comparing your highschool locker to the world bank safe. Access Control Lists are a beefed up form of Discretionary Access Control (DAC). There is a HUGE difference between MAC and DAC.
http://en.wikipedia.org/wiki/Mandatory_access_control
http://en.wikipedia.org/wiki/Discretionary_access_control
DAC says that I can have read, write, and execute permissions on a file. MAC says that if I am logging in as root using ssh and ssh is in a role that can only read /home/somedir and only write to /home/somedir/tmp, then thats all I can do. Properly configured MAC such as SELinux or Novell’s AppArmour will prevent exploits in software running as root from doing much harm at all.
Does that make sense?
“SELinux is not ACLS, it is Mandatory Access Control. Windows has never had Mandatory Access Control or anything similar to it. Modern filesystems such as ext3 support acls when mounted with the correct options and acls are set using commands like setfacl. ”
What is the point of that statement? NTFS supports ACLs, you even say it yourself. Using wikipedia for your sources is not adding any credibilty to your arguments either. NTFS supports ACLs when running under NT/2k/2k3 and XP Pro. I can use ACLs to define what directories a user or group have access to. I can define group policy that says what a user can run and not run, where they can log in from (local or network) and how much access to system settings and configuration, just like in unix.
You said, “SELinux is ACLs” and you were incorrect. I am refraining from saying wrong because you obviously don’t understand what SELinux does by a longshot. SELinux also can be used to restrict network data depended on how it is labeled. Can you do that with NTFS or ACLs? No, because they aren’t even similar.
Discretionary Access Control (what ntfs is) is weak compared to Mandatory Access Control. MAC and DAC compliment eachother, but they are VERY different.
Maybe I can break this down better for you to understand. What if…
I login as the Administrator over RDP to a windows 2003 server. I try to access the settings for Exchange Server, but can’t. The rdp service was started with a role that doesn’t have permissions to touch or even read any of those files/settings. Even thought you are the Administrator (which can modify anything), with MAC, you can’t touch any of those settings. MAC makes it physically impossible for something in an unpriviliged role/domain to touch anything in a privileged one. This is currently impossible in Windows as it doesn’t have a form of MAC. It is sooooooo much more than file permissions which is all ACLs are.
If you still don’t understand, can I contact you offline to help you understand the difference between MAC and DAC? I’d be more than willing to help you learn if you are interested.
Your condescending tone doesn’t help your case, as your statement doesn’t take into account group policy, which i can use to limit what users and groups can do when they log in and how they log in, so NTFS ACLs are by themselves not equivalent to SELinux, but mated with GP, they are “roughly” equivalent. I have used SELinux under Fedora Core, and I have used ACLs and GP under Windows for better than a decade.
My original point to my post was to inform the great grandparent that NT has had ACL technology (meaning fine-grained permissions on objects) longer then Linux, as SELinux is only a few years old, and so is AppArmor. I made some mistakes in my first post, granted, but that was due to haste, not misunderstanding. You have managed to ignore my subsequent comment that took Group policy into account. Using GP and AD, I can define what a person has access to, and what they don’t. I can tell the OS not to allow certain users or groups access remotely, or what they can do when they have remote access. I can control what a particular user runs and when. they may not be the same from under the hood, but in my experience, and I do have quite a bit with both, your opinion notwithstanding, they allow similar capabilities.
Ok, Mandatory Access Control and Discretionary Access Control are very different things. You do not seem to understand (or care) about this fact. Yes, NTFS has had ACL support longer than Linux. Modern filesystems such as ext3 and reiserfs introduced ACL support fairly recently when I know windows NT had them. However, ACL and SELinux are two different things altogether. Even ACL + Group Policy don’t compare to what you can do with SELinux. The fact that you still compare ACL to SElinux is what concerns me, there is no comparison.
I apologize if I sounded condescending, but I really hate it when people ignore facts.
ACL != MAC, SELinux != DAC.
ACL == DAC, SELinux == MAC
If you would mind reading this short paper, it might help you to understand what I can obviously not explain to you very well:
http://www.linuxplanet.com/linuxplanet/tutorials/1527/2/
You seem to be ignoring that I have amended my statements to include group policy, perhaps if you read my comments instead of just opening your mouth. I will accept that ACLs are not MAC but like I said, when combined with group policies, they HAVE SIMILIAR CAPABILITIES, if you have problems understanding this fact, I could contact you offline and explain it to you
Virus Infection and Simple Transmission Architecture. Is this not true? Why would Microsoft divert from an apparently winning product strategy?
I’ve heard this before… I don’t trust them anymore. I’ve switched to a Unix based OS. All Windows versions are a bloatted buggy mess of spaghetti code… and hugely overpriced.
I don’t care about Vista anymore.
Hahah. That was funny! Thanks, OSN.
‘”what’s up with only “Limited User” and “Administrator” – what happened to “User”, “Power User”, etc”‘
Only XP Home gives you the option of Administrator and Limited User accounts. XP Pro has the Power Users and more. You may be using XP Home so that is why you didn’t see the other accounts.
Edited 2006-06-16 20:37
Nice work, Jeff.
http://www.indymedia.org/images/2004/06/111168.jpg
A heaping serving for BluenoseJake.
maybe, maybe not, but at least he was mature about it. are you 12?
Doesn’t this remind you of what they said about XP. They claimed that the security issues of windows had now been resolved, and that it was going to be the most secure windows ever when released.
…Sounded promising, but we all know how it played out.