Secure IT Foundation

Posts Tagged ‘Windows7

Unlike the default settings in Windows, Linux users have to enter the administrative password before they can install new software. Recently a popular variant of Linux called Fedora introduced a change to alter the security model of Fedora to no longer require the administrative password before installing new software.

On paper it seems sensible, Fedora users could only install applications using the equivalent of ‘Add and Remove Programs / Software’ in Windows, from a list of approved titles. To ensure only approved software is installed, these approved items have a digital signature to prove they have not been altered before they are installed.

Seems reasonable so far, so why is it a problem for the Linux security model? It is a matter of trust. If you have administrative password to an operating system then it is assumed that you will only install software you trust. If you don’t have administrative password or equivalent permissions granted to you by someone who does, then it is assumed you won’t have the administrator’s trust to install new software.

What Fedora did was to move the trust from administrators only, to allowing any user to trust third party software implicitly. Suddenly the only security control to protect an unprivileged user, was the process of getting software added to the Fedora software collection, to get a digital signature.

Windows users may be lost at this point because you are mostly used to a world where you have full control of your operating system. The outcome was that Fedora reverted back to the typical Linux security model due to public pressure. What this shows is that the correct security model for operating systems is not to allow the user to install software without entering the admin password to grant your trust to the software provider. It works for OSX, UNIX, LINUX etc and it can work in Windows XP / Vista / 7.

So why doesn’t Windows come with this security feature as a default, you may ask? One to ask Microsoft…

SecurityBrad

Not much of a surprise this one, given the similarity to XP / Vista under the hood, but Windows 7 is just as vulnerable to viruses and this has now confirmed by Sophos. Then again if they said otherwise who would use their product. Next week they will tell us the sky is blue and you need an umbrella in the rain to stay dry.

SecurityBrad

Now the dust is beginning to settle, Windows 7 testing has begun in earnest. IT professionals who have been using the Windows 7 release candidate for several months were a little surprised to see the final version is virtually the same. Our verdict from testing, is that it gives a good initial experience over Vista. Longer term use though gives a different impression.

Despite defragmenting the hard drive, tuning the OS and keeping the registry cleaned, Windows 7 just gets slower and slower in use. From a ‘wow that’s quick’ to ‘I want XP back’ in a few months. It is better than Vista, but that is no benchmark and in every day use XP still gives a better user experience, quicker to start, does less in the background and easier to keep well tuned.

There will be little OS choice soon, with XP being phased out (and Vista binned quicker than an ecoli sausage), so there is going to be a lot of people wondering why their super fast PC with Windows 7 starts running like a three legged dog. We will keep testing and eventually the slow down cause will be found. Once we do we will let you know as well, as security is marginally improved with Windows 7, and it is much better to run as non-admin user in 7 than XP. Even User Access Control (UAC) is tolerable in 7 compared to Vista, so the time when all Windows users login as non-admin users is getting closer.

SecurityBrad

There hasn’t been a major operating system update for some time then two come along together. Both Apple Mac’s Snow Leopard and Microsoft’s Windows 7 are available, so both PC and Mac users have to decide if they upgrade.

We have covered the correct decision process you should use when deciding if you should buy a new computer to get Windows 7 previously. The verdict was if your current secure computer is working fine with XP or Vista, then there is little benefit for the home user apart from eye candy. If your computer is slow now then adding 7 will not change much, software is no substitute for having fast hardware. Mac’s have an advantage here in that the hardware is known by Apple, and they will know the benefits of software changes better than Microsoft whose user could have a near infinite combination of hardware.

From testing and research though, neither operating system could be called ‘secure out the box’. Macs have the advantage of using non admin users on a daily basis, a practice that Windows 7 does not yet enforce, but can do perfectly well. Malware is mostly a Windows problem but Macs have their own malware these days, and the inclusion of very basic malware detection in Snow Leopard shows that it will only get worse according to Apple.

Both have fully functioning firewalls, and the default services offered over a network are mostly a sensible choice for either OS. However it is not all good. Both do suffer from default browsers with known security issues. Years ago the problem with PCs was their accessibility over a network to viruses and worms, but this vulnerability has been mostly closed.

The risk comes these days from the moment the home computer user starts to use their computer! You open a web page loaded with malware and your brand new operating system can be compromised. Even if both Snow Leopard and Windows 7 are using non admin users, poor security practice by the user can allow malware to run. There is nothing any operating system can do if the user enters the administrative password and installs an application which contains malware. The new malware detection in Snow Leopard only stops a couple of known viruses, so the virus writers will modify them not to be detected. Then begins the Mac Anti Virus arms race as seen with Windows.

Overall both operating systems offer a default level of security. Macs do offer a higher level of security out the box, but it still is far from a truly secured compared to the Secure Computer Standard. Windows 7 has a much higher security level than Windows XP out the box, but again it still is far from a truly secured compared to the Secure Computer Standard. Both 7 and Snow Leopard offer better user experiences than previous versions, so Mac users will upgrade and 7 will be adopted through people updating their hardware over time. The Secure IT Foundation’s conclusion is that Windows 7 and Snow Leopard are both not secure out the box, and both offer little in the way of user education.

Wouldn’t it be nice if you had to watch a safety video before you used the new operating system. Works well to give all air passengers a minimum level of safety knowledge for flight, perhaps its time computers came with a safety manual. Until then you can always read the Home Computer Policy

SB

October 22nd 2009 was the launch date of the new version of Windows, called exotically Windows 7. Unless you have never used a computer and are looking to buy your first one, then you will be used to using either Windows XP or Vista already. So the big question for home computer users is, should I buy a new computer with Windows 7 installed or buy Windows 7 and install on my current computer, else just keep using what I have?

We will answer this by running through the three different scenarios:

  1. Buying a new computer to get Windows 7
  2. Buying Windows 7 and installing it on my current computer
  3. Keep using my current computer with Windows Vista or XP

1. Buying a new computer to get Windows 7

Before you rush out and buy a new computer to get Windows 7, you should first ask yourself one very important question – Do you need a new computer at this moment? If the current computer over three years old and feels slow to you then you may have a valid reason for buying a new computer, regardless of the operating system. The old computer could then have its hard drives wiped securely, Windows or Linux installed and secured, and given to children, family or friends who currently do not have one. If you choose wisely then you will have a fast feeling computer with a fresh copy of Windows 7. As long as you remember that even a brand new computer with Windows 7 will need securing, then you are in for a good computing experience.

By using a non-administrator account for daily use, hardening Windows 7 and applications installed, then you are on the path to a secure a more secure computer. Windows 7 is mostly the same of Vista or XP under the hood, so there is no magic security added here to save you if you don’t, so all the rules for XP and Vista apply for Windows 7. You still need to use the Home Computer Policy!

2. Buying Windows 7 and installing it on my current computer

This scenario is the hardest to justify. Buying Windows 7 to install over Windows XP or Vista begs one question – What feature is it you think Windows 7 will add over your current operating system (Mac users may think they can nod off at this point, but you will have the same questions with the next version of OSX!). If your computer is working fine then you need to be sure of your reasons to justify the expense. While this blog is written on 7, and the Foundation agrees it is a good operating system compared to the bad days of Windows ME and 98, there is nothing it does that cannot be achieved with Windows XP or Vista. Unless there is a particular killer application or must have game that will only work on 7 produced in the future, the only reasons to buy it at the moment is you want to keep up with the Jones family or it looks pretty on screen.

Vista upgraders will find their computer works a bit quicker if the hardware was not up to standard for Vista when it was sold to you, else if your computer works fast on Vista then it is just a fast computer anyway, Windows 7 will not change that! Windows XP users may find 7 actually a bit slower due to increase of background stuff 7 does or you have an old graphics card and the new shiny desktop needs more power to run it. Do expect to change some of your hardware to get the most out of 7, if you currently use XP on a slow computer. You will need to backup XP before you install, as 7 can only upgrade an existing operating system if it is already using Vista.

3. Keep using my current computer with Windows Vista or XP

If your current computer over three years old and feels slow to you then you may have a valid reason for buying a new computer, regardless of the operating system, but if everything works as you want it already, doing nothing is a good option!

XP will be supported for at least a few more years, so a secured version of XP or Vista now will not benefit from having 7 in terms of security. There is no killer feature in Windows 7, just it works well and looks prettier, but style over content users will have chosen a Mac a long time ago. Don’t believe the hype, don’t expect Windows 7 to transform a dog of a computer into a stallion! Quick hardware makes computers run quickly, a good operating system is one that maximises the speed of the hardware available.

SecurityBrad



  • None
  • Coldwind: Couldn't agree more. I downloaded a piece of software just now, disabled the 'toolbar' 'offer' (which fortunately for me has become a reflex); but co
  • ModemJunki: I only discovered this today - I had updated the firmware to the latest out of habit, and I could STILL access my TrendNet cams on the local network w
  • PrentOS – a Simple Secure Computer « Secure IT Foundation: [...] September 2010 we said it was time for a brand new start to computing, well it is starting to take shape… [...]

Categories