Microsoft has outlined key elements designed to boost security in Longhorn
Longhorn locked down to fight hackers
/v3-uk/news/1999532/longhorn-locked-fight-hackers
06 Jul 2005, Iain Thomson , V3
Microsoft's forthcoming Longhorn operating system places great emphasis on locking down PCs to prevent unauthorised access to hardware and software, the software giant revealed today.
According to Detlef Echert, Microsoft's chief security advisor in Europe, there are several key elements designed to boost security in its next OS.
Hardware locking via a dedicated chip is combined with "hardening" of the OS to restrict how memory can be accessed.
Security will also be boosted using a technique dubbed User Account Protection, which aims to ensure that computers can be locked so that local users are not given full administrator access by default.
The first stage of enhancing security in Longhorn centres on the use of the Trusted Platform Module 1.2, a chip governed by the non-profit Trusted Computing Group and that is already being manufactured by Inifeon, National Semiconductor and Broadcom.
This will act as a vault for a user passwords and identity information. If a computer is stolen a thief would not only have to unlock the computer, but break into the chip to access any personal information.
"If [a thief] wants to try this I say good luck," Echert told vnunet.com. "It is not impossible but it requires highly specialised tools, a lot of time and a certain amount of luck. It will certainly protect data in 99 per cent of attacks."
An additional layer of defence comes from what Echert calls "system hardening ". This ensures that only certain parts of the computer's memory can be written to, thus stopping memory resident malware from causing disruption.
Finally, User Account Protection will help protect against local PC infection by locking user rights, so that a hacker cannot gain full control if a computer is infected.
Echert explained that not everyone needs administrator-level access to their PC but that developers often set this as default because it is easier.
Administrator access can be granted with Longhorn, but local access only will be the default.
© Incisive Media Investments Limited 2010, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093
Do you agree?
XP is a pain
XP's non-admin accounts are so restricted that you can't make any meaningful changes. And unlike Linux, where you can just enter the root password, XP makes you change users. Didn't anyone in Redmond think of how inconvenient that is for users? It's just a lot easier to stay logged on as admin.
Posted by Phil Hall, 07 Jul 2005
Security
How does this change anything? i thought that the default for new accounts on a Windows system was a standard user anyway, yet most people are still set up as an Admin user, mainly because it is actually quite difficult to get some software working on Windows unless the user has Admin rights (I don't mean installing software, although that is also true, but *using* the software).
Posted by geom, 06 Jul 2005
runas.exe
actually hold shift and right click an exe file and you can run the application as another user.
Posted by seymour butts, 07 Jul 2005
RUNAS Command in WinXP/2000 like su in Unix
Ever heard of RunAs command? It will allow you to run another program as another user. This has been available since Windows 2000.
At the MS-DOS Prompt, type:
RUNAS /USER:DOMAIN@USER CMD
It will then prompt you for your password. Enter it, and the MS-DOS Prompt running under user DOMAIN@USER will be avaiable to you.
"XP's non-admin accounts are so restricted that you can't make any meaningful changes. And unlike Linux, where you can just enter the root password, XP makes you change users. Didn't anyone in Redmond think of how inconvenient that is for users? "
Posted by Daniel Morgan, 07 Jul 2005
Microsoft and security don't go together well
1- The mass adoption and blind reliance on an encryption chip will be a strong incentive to build hardware devices designed to crack it in an acceptable time.
2- This won't keep your confidential info protected from Microsoft/the government/spectre etc.
You can bet your life the chip is full of backdoors to allow government and law enforcement agencies unlimited access.
How much can YOU trust them?
3- The possibility of preventing a simple user from altering the system has been around in UNIX for decades; this has not stopped a breed of privilege escalation attacks from wreaking havoc.
So, what is new?
When it comes to security and Microsoft, I have never been so consistently and sytematically disappointed..
Good news for third party vendors of security hardware and software solutions!
Posted by Geese Howard, 07 Jul 2005
You dont need to log out
On windows XP you dont have to log out and log on with admin to run as adimin. You can use the Run As function and perform your administrative tasks. In fact this is a recomendation from microsoft.
Posted by Marcio, 07 Jul 2005
Re:XP is a pain
I agree. I dual boot SuSE 9.3 and run XP Pro. You dont have to switch users to run or install programs. Right click or shift right click to use "runas" then type in user account and password that has admin priveleges. Just make sure the user directory youre in isnt private..else you'll have problems. I recommend just running as a power user take off simple file sharing and then explicitly give permissions to what you need. And then again, some programs still give you trouble. I've managed to make Half Life 2 run and other games that require Admin priveleges. Notably iTunes has some string problems even when using "runas" but thats just the text for the installer. I've managed to make all my programs work under a limited user account.
Posted by Jeremy, 07 Jul 2005
Security
Amazing now they are introducing all of these things, yet Windows already has other security accounts that don't work well.
Windows already has that type of Memory locking and trying to prevent buffer overruns etc, and it doesn't work well either.
All these things are already in there, and they don't work now, how do they expect it's going to run any better with Longhorn?
As well as Developers setting people as Administrator, I'm pretty sure Windows does a good job of that by itself, maybe they mean THEIR developers make it default =P
Keep hearing about all these new Security enhancements, until they re-write their complete OS, the thing will never be secure, it's just adding more and more rubbish ontop of an already insecure OS.
Posted by Frasier, 07 Jul 2005
XP Pain? Use runas
Use runas and make sure the user's program directory isnt private. I NEVER run my XP as and admin...ARE YOU NUTS? I lose no functionality either.I mainly run SuSE 9.3 though anyway.
**I tried posting this already..so sorry if it double posts
Posted by Jeremy, 08 Jul 2005
Uh, not true
>>XP's non-admin accounts are so restricted that you can't make any meaningful changes.
You can assign account rights based on policy. See System Policy Editor.
>>And unlike Linux, where you can just enter the root password, XP makes you change users.
You apparently have never heard of "Run As...". It's the same thing as "su user command"
Posted by Tom, 08 Jul 2005
Taking credit where credit is not due!
Quote...
"Security will also be boosted using a technique dubbed User Account Protection, which aims to ensure that computers can be locked so that local users are not given full administrator access by default."
UNIX has been doing this since the 1970's!
viv la Linux
Posted by da truth, 08 Jul 2005
Well what about..
Ummm.. Ya so what.. Did you ever hear of the "Run As" command... Has always worked for me..
Posted by joe, 08 Jul 2005
Use RunAS command
Use runas command to run any program with any windows user without logging off and on. Its something like su of unix.
Posted by Jatinder, 08 Jul 2005
Changing user under XP on the fly
If you push shift and click right mouse button you will see "Run As...". This also applies to win2k.
Posted by Iker Amescua, 08 Jul 2005
Strange stuff...
Heard absolutely different explanation of TPM functionality just 1 month ago on US TechEd in Orlando. I wonder why Microsoft people in Europe say absolutely different things...
Posted by Tony, 08 Jul 2005