Five ways to get Vista's security now
Windows Vista is months away. Maybe a lot of months. And so is the additional security it's promising.
Or is it?
Microsoft has touted User Account Controls (UAC) as among the most significant additions/improvements to Vista. UAC is Microsoft's answer to the security model long used by Linux (and the Unix-based Mac OS X), which requires users to have administrator privileges for selected tasks, like installing software, but gives them fewer rights the rest of the time. The reason? To keep hackers from abusing users. If an attacker hijacks a browser by exploiting an unpatched bug, he also hijacks that user's rights. Because the user can install software, so can the hacker. Result? The attacker "owns" the PC and can drop in his Trojans and worms and rootkits and spyware. Millions of Windows users run the OS with an administrator account because Microsoft's never made it easy to do anything different. In fact, you have to work a lot harder to run with fewer rights.L33tdawg: Make sure you've booked your seats for the upcoming HITBSecConf2006 - Malaysia where attendees will get an exclusive look at Vista's security through 2 papers being by Dave Tamasi and Douglas MacIver. It's gonna be cool :)
