One Year On – Revisiting Vista Security

Windows Vista was released almost a year ago, but we haven’t taken a close look at many of the security improvements Microsoft has made, so it’s time to fill that gap now. This is particularly important because of the upcoming release of Service Pack 1, so it will be interesting to see how the first service pack improves on the current product in terms of security. We’ll take a closer look at SPI and its implications in a couple of months, but first let’s review where Vista security stands right now.

We’ve already addressed two key aspects of Vista security – the built-in firewall and the 64-bit protection; today we’re going to take a look at other security measures implemented in Vista. Some of the improvements are primarily intended for corporate users, so we will skip these for the moment (although we may return to them in a future article). Our focus today is on protection for home and small business users, and I’ve grouped the features below according to their impact on system security.

Local interaction policies

User Account Control (UAC)

A pressing problem of all previous versions of Windows has been that, once users log in to their systems as Administrators, they have unlimited access to system resources and can introduce any type of modification they want. This is good when it’s done in a controlled manner and with the appropriate authority (you cannot, for instance, install a new program without having Administrator credentials), but it can be extremely dangerous if malware activates under this type of account and starts operating with Administrator-level privileges. This is because, when run from an Administrator account, malware automatically inherits the same level of privileges as the registered owner of the system, so it could secretly install software, load drivers, change registry settings, piggyback on legitimate applications, write to critical system areas, and perform other unauthorized activity. This deficiency is frequently exploited by hackers and cybercriminals because most XP users designate their accounts as Administrator (the default setting), thus exposing themselves to malware threats whenever they go online.

In an attempt to block this abuse of privileges, Microsoft introduced a new feature called User Account Control (UAC). UAC essentially reduces the rights of any given program to the lowest possible level (even if the user is logged on as Administrator), executes the program in this reduced-rights state, and prompts for user consent if additional rights are required. This ensures that program activity is limited in scope, effectively containing malware.

Unfortunately, while UAC did have a positive effect on users’ ability to isolate malware, it proved quite cumbersome for regular PC users because of the excessive number of action prompts it displayed. With Vista, almost every activity (even something very simple, like changing a desktop screensaver) is followed by an alert window seeking confirmation from the authorized user, resulting in constant distractions. What UAC really needs is a way to memorize appropriate responses to particular activities, removing the need for repeated requests.

Application isolation and IE restricted mode

Vista prevents a process with lower privileges from communicating with a higher-privileged process, ensuring malware cannot hijack a legitimate application or use inter-process commands to control the latter’s activity. Called Mandatory Integrity Control, this function blocks operations such as hooking, injecting a DLL (foreign executable component), and monitoring or managing the activity of a higher-ranked application. This restriction is particularly helpful when applied to Internet Explorer; when IE is started with low credentials, it cannot propagate an infection to other areas of your computer even if the browser itself is exploited.

Address Space Layout Randomization (ASLR)

This function loads system files into random memory locations, making it harder for malicious code to predict where privileged system functions are located. ASLR helps prevent most remote execution attacks because malware would have no way to locate the required object, which might be under any of 256 addresses.

Service hardening

Service hardening prevents Windows services from performing unauthorized operations, thereby blocking malware from using system services for malicious activity. Additionally, services are now run from less-privileged accounts rather than the system account. In terms of communicating with internal Windows resources, services now need permissions to write to certain system objects, and Windows only grants services access to resources that are allowed to be modified by design. In Vista, Microsoft has also enabled independent software vendors to use Windows Service Hardening to harden their own services by specifying write permissions.

Parental control options

We’re planning a separate and more extensive article in the future on this aspect of Vista, but here’s a quick overview of the new parental control features:

• Block specific content categories such as “school shooting”, “drugs” and other sensitive content
• Designate custom block/allow addresses.
• Optionally restrict downloading of files from the internet using UAC controls.
• White-listing of games based on the ratings supplied by the game rating authorities; also enables users to define custom game restriction criteria.
• Account time limitations, defining when and for how long an account can be used.
• Program launch control restricts the use of programs to a white list of allowed titles; this is implemented through Windows Software Restriction Policies.
• Activity logging, including data on websites viewed, applications started, use duration and other statistics.

Drive encryption

Users can now encrypt drives using a USB key or Intel’s Trusted Platform Module, embedded in some motherboards. Bitlocker drive encryption is available only in Vista Enterprise and Ultimate versions; however, considering the increasing need to encrypt critical contents of mobile devices to protect data from unauthorized access, we’ll be addressing this issue in more detail in a future article. The upcoming SP1 is going to add more functionality to the feature, so we will get back to this after SP1 arrives.

Spyware defense

Vista includes Windows Defender, the free antispyware program that promises protection against spyware-like threats. In practice, it has scored poorly in independent tests, so users will continue to need a third-party anti-spyware solution.

Conclusion

Vista is a significant improvement over Windows XP and includes an array of new security features mostly directed at strengthening internal PC defenses against local malicious activities. However, it’s not a deploy-and-forget solution that will deliver 100 percent security (as we all know, there is no such thing as 100 per cent security!). Knowledge and understanding of safe computer usage is vital to keep out of trouble when you’re online, as is the use of third-party security solutions that fill the gaps Microsoft has left unfilled.