Vista
From Blindside
Contents |
[edit] What is it
Brief abstract of the emerging technology
[edit] Impact & Maturity assessment
Impact: 2
Maturity: 3
Impact 2: Aspects such as DRM could affect the way we consider the availabiltiy of on-line content.
Maturity 3: Software is publicly available.
[edit] Information Assurance issues
It is most likely that Windows Vista, released at the beginning of 2007, will like previous version of Windows become the dominant operating system on desktop PCs across the world. Microsoft has 90% of the operating system market for desktop users, and unless some thing truly unexpected happens over time most are expected to upgrade to Vista.
Microsoft has become much more focused on security since Bill Gates decided that it should be the company's top priority in 2001. Vista contains a number of security enhancements such as the sandboxing of Internet Explorer 7, which will reduce the amount of damage possible if the browser becomes compromised. It also further reduces the amount of time users need to spend with administrator rights, which is crucial to reduce the spread of malware and the use of tools like SnoopStick. However, Vista's market share will make it a popular target for hackers and malware authors; and such a complex system (upwards of 60m lines of code) will always be vulnerable to attack. As Bruce Schneier and Adam Shostack commented:
Complexity is the worst enemy of security, and systems that are loaded with features, capabilities, and options are much less secure than simple systems that do a few things reliably.
Much more controversially, Vista contains a large amount of functionality to support Digital Rights Management technology. This is one part of Microsoft's efforts to sell the platform to the music and movie industries as the centre of home entertainment networks, a huge new potential market for the OS.
- I would imagine that, by now, everyone has read Gutman's warning.
- Vista isn't happening in the Square Mile this year. It's that simple. We do not know what the DRM code is doing, it runs at a level of privilege way, way above our own security systems and we simply cannot cede that degree of control over our operations. Let's not even think about malicious code masquerading as the DRM components of a device driver, or as a revocation notice; the worst of it is that bad drivers cannot be backed-out to a minimum certified functionality (like the basic 640x480 video mode) unless we have a long train of certificates permitting us to do so - and that train only needs to be broken once to cost us millions. Nobody has done any of the thinking about system recovery before they started coding driver revocation, and it's simply too late to put it in now.
- What happens in five years time is another matter: hell, we're only just getting 'round to XP. We do innovate, despite the staid reputation, and we do spend money if there's a measurable gain - and all too often if there isn't one - but we are very, very cautious about system changeovers because subtle changes in our calculations can cost megabucks and the regression-testing to prevent that costs an eye-watering amount of time and money.
[edit] Timescale
Is the impact of this emerging technology felt - now (less than 18 months) - in 2-5 years? - in 5-25 years - longer-term than that even
[edit] Examples
Why Vista's DRM is bad for you
[edit] Comments (attributed)
Bruce Schneier, security guru and celebrated cryptographer, who is credited with designing or co-designing several widely used encryption algorithms. Quoted from DRM in Windows Vista
- "Windows Vista includes an array of "features" that you don't want. These features will make your computer less reliable and less secure. They'll make your computer less stable and run slower. They will cause technical support problems. They may even require you to upgrade some of your peripheral hardware and existing software. And these features won't do anything useful. In fact, they're working against you. They're digital rights management (DRM) features built into Vista at the behest of the entertainment industry."
- ...
- "In the meantime, the only advice I can offer you is to not upgrade to Vista. It will be hard. Microsoft's bundling deals with computer manufacturers mean that it will be increasingly hard not to get the new operating system with new computers. And Microsoft has some pretty deep pockets and can wait us all out if it wants to. Yes, some people will shift to Macintosh and some fewer number to Linux, but most of us are stuck on Windows. Still, if enough customers say no to Vista, the company might actually listen."
“Windows Vista includes an array of features that you don't want. These features will make your computer less reliable and less secure. They'll make your computer less stable and run slower. They will cause technical support problems. They may even require you to upgrade some of your peripheral hardware and existing software. And these features won't do anything useful. In fact, they're working against you. They're digital rights management (DRM) features built into Vista at the behest of the entertainment industry,” said by Bruce Schneier. He is an internationally renowned security technologist and author. He is the founder and CTO of BT Counterpane.
[edit] Organisations
Groups which have a particular contribution or point of view about this emerging technology, eg tech businesses, user organisations or advocacy groups
[edit] Documents & research papers
Windows Vista Security and Data Protection improvements by Tony Northrup, Microsoft
Analysis of the Vista security model by Matthew Conover, principal security researcher, Symantec Corporation.
Vista security overview: too little too late
[edit] Experts (academic, practitioner)
Ross Anderson / Steve Bellovin / Yvo Desmedt / Ed Felten / Angelos Keromytis / Mike Roe / Bruce Schneier
