I will not buy Windows 7 unless it has ... *Feature*

[Gabureiru]

That would be a horrible idea.

How so?

I mean, a higher percentage of users have as their main OS WinXP. Are people really that stupid that they're going to buy a new OS based on a product they didn't like?

Is like trying to build a brand new car based on the Gremlin (I'm exagerating but it makes my point a lot easier to see ;))

[y_notm]

As far as I know, VSC only does byte level changes of the original? How would that fare as a real backup solution if the original drive/file fails or gets corrupted? How does one set an interval for backing up?

Other things I'm not sure about? Does VSC work through actual applications rather than just Explorer for restoring mail, contacts, or photos? (Live Mail, Windows Contacts, Photo Gallery)

VSC does only record byte level backups, and only on the same volume, as far as i know. However, Vista (don't remember which editions but im assuming at least all of them that ship with VSC) also ships with the backup and restore center which allows you to backup to external HDs, etc which does what you are asking.

VSC also can be accessed through other programs. WPG/WLPG uses it to track changes you make to photos, for example.

[Linkinfamous]

How so?

I mean, a higher percentage of users have as their main OS WinXP. Are people really that stupid that they're going to buy a new OS based on a product they didn't like?

Is like trying to build a brand new car based on the Gremlin (I'm exagerating but it makes my point a lot easier to see ;))

Because Vista is, architecturally, much more stable and secure than XP could ever hope to be.

Vista is a significantly greater stepping stone for a future OS than XP. It doesn't matter what people do or do not like, the fact is that XP is a last generation operating system, and between the massive driver model, security, etc. changes to Windows, it'd be too much work to make a modern OS out of XP (And you'd just end up with Vista, anyway.)

Also, given that everything in Vista has had time to mature (WDDM, for instance), 7 should be great.

[Eric Veteran]

How so?

I mean, a higher percentage of users have as their main OS WinXP. Are people really that stupid that they're going to buy a new OS based on a product they didn't like?

Is like trying to build a brand new car based on the Gremlin (I'm exagerating but it makes my point a lot easier to see ;))

The reason it doesn't make any sense is that the possible thousands of people that complain about Vista in no way equal the millions that are using it without complaint. :)

[Quillz]

How so?

I mean, a higher percentage of users have as their main OS WinXP. Are people really that stupid that they're going to buy a new OS based on a product they didn't like?

Is like trying to build a brand new car based on the Gremlin (I'm exagerating but it makes my point a lot easier to see ;) )

It's a horrible idea because Vista is built on Windows Server 2003, a much different and better kernel than Windows XP, which was built mainly from Windows 2000. "Vista" is largely just a GUI built on top of Windows Server 2003, and therefore, Windows 7 could theoretically look exactly like Windows XP, and yet still have the better kernel. And this is why basing anything on WinXP is a horrible idea. Because any new product will continue to suffer from the major security exploits and instability that plagues Windows XP even with SP3.

And as stated above, millions use Vista with no complaints. It's only a very small minority that complains on the Internet, and more often than that, the complainers have no clue what they're talking about. Microsoft bashing has become a big trend in the past couple years.

[Denis W. Veteran]

That is what Linux does, too. Ubuntu, anyhow, the existing screen is "frozen" as it transitions and asserts a separate prompt screen that uses the previous image as a background. It isn't unique to Vista.

I have, on many occasions, commended Microsoft on the security work they have put into Vista. The only "shame" of it that I have pointed out is that it should have been done in XP. At least they are finally treating security seriously.

There's two implementations I see in Ubuntu. gksudo (full screen blackout) and the OS X-style dialog with the 'unlock' button. The latter may be capable of keystroke hijacking.

Also I recall seeing video playback in the background through the gksudo dialog's black background, at least if compiz is on.

[capr]

i really don't get why all these anti trust things are out there.. i would love to be able to install windows of a disk and have it have everything that i would ever need. i am sure anyone would do the same... if microsoft bundled it's office with windows i am sure no one would say anything... but if it's internet explorer there is hell to be raised... wtf... just put everything in one place and of course give us the option to install it or not.

[giga Veteran]

VSC does only record byte level backups, and only on the same volume, as far as i know. However, Vista (don't remember which editions but im assuming at least all of them that ship with VSC) also ships with the backup and restore center which allows you to backup to external HDs, etc which does what you are asking.

VSC also can be accessed through other programs. WPG/WLPG uses it to track changes you make to photos, for example.

You can think of Time Machine as a combination of the Backup and Restore Center backup with VSC functionality.

I'm reading more up on Vista's backup and some things have caught my eye.

Instead of backing up based on file types, they should be based on directories or files. I can have thousands of different pictures or zips/rars scattered around my hdd--I don't want them all backed up. For example, let me schedule automated backup for just my Home folder. Or say just my Documents, Pictures, and preferences. :

This is basically how I have my backup set up in Time Machine. By default, TM will backup your entire volume [like Vista Complete PC Backup] but I've set it to exclude everything, save my Home folder which contains all my documents, pictures, files, preferences, etc. It first copies files exactly and then resorts to only incremental backups for files that have changed since the last backup. I can set the backup intervals to hourly, daily, weekly, or monthly. [extra options with TimeMachineEditor]

[Brandon Live Veteran]

Exactly. If your drive fails or shadow copy backup gets corrupted, you'd be sol. This is basically where Time Machine differs--it's not really a comparable service to VSC even though it offers the same functionality of restoring from previous versions.

Wait what? They're exactly the same as far as I know. I'm pretty sure they both store entire backups of the files.

There's two implementations I see in Ubuntu. gksudo (full screen blackout) and the OS X-style dialog with the 'unlock' button. The latter may be capable of keystroke hijacking.

Also I recall seeing video playback in the background through the gksudo dialog's black background, at least if compiz is on.

As far as I know, Ubuntu's default only dims the screen and makes the prompt modal. It doesn't actually live in a different user session like Secure Desktop. Does Ubuntu even support a "Continue/Cancel" consent model instead of password entry? If you require the user to type a password then there's no reason for anything like Secure Desktop. Instead you get to worry about spoofing.

[fix-this!]

I will not buy Win7 unless is based on WinXP instead of WinVista ;)

jesus, some of you REALLY need to get over xp already.

Edited October 10, 2008 by smooth3006

[giga Veteran]

Wait what? They're exactly the same. They both store entire backups of the files.

I was told that Volume Shadow Copy stores the files on the same hard disk and only makes a snapshot once a day?

(But if you can use VSC on an external drive, what good would it be if it can't restore files or your system fully in the case of a hard drive failure because it only stores byte level changes in the snapshots? I assume this is why they implemented the Backup and Restore Center additionally.)

[markwolfe Veteran]

As far as I know, Ubuntu's default only dims the screen and makes the prompt modal. It doesn't actually live in a different user session like Secure Desktop. Does Ubuntu even support a "Continue/Cancel" consent model instead of password entry? If you require the user to type a password then there's no reason for anything like Secure Desktop. Instead you get to worry about spoofing.

There is the standard "password" dialog box (I can get this when accessing the user settings "control panel" ), which is like a standard dialog. I can still use other windows without addressing this.

There is the dialog that forbids interaction with the background (you are shown a static shot of when the prompt appears). I just tried it, and even the X manipulations to switch sessions (Linux has several user sessions, most TTY, but can have multiple X sessions running simultaneously) are locked out. This would appear to me to also lock out any other session from interacting with the prompt.

If you are interested in "continue/cancel" type authorization (which is nonsense in my book), it can be done by using a blank password for user/root - and this is prevented by default (one would have to alter Ubuntu a bit to allow a null password). Are you promoting "cancel/allow" as a security improvement in some way I don't see? :unsure:

[Brandon Live Veteran]

There is the dialog that forbids interaction with the background (you are shown a static shot of when the prompt appears). I just tried it, and even the X manipulations to switch sessions (Linux has several user sessions, most TTY, but can have multiple X sessions running simultaneously) are locked out. This would appear to me to also lock out any other session from interacting with the prompt.

But what is the reason for this? If it's not a consent (continue/cancel prompt) this just seems like it would be a nuisance.

If you are interested in "continue/cancel" type authorization (which is nonsense in my book), it can be done by using a blank password for user/root - and this is prevented by default (one would have to alter Ubuntu a bit to allow a null password). Are you promoting "cancel/allow" as a security improvement in some way I don't see? :unsure:

Consent vs credentials each have their advantages. Obviously consent tends to be easier for users.

If you're authenticating the same user, then consent prompts can be more secure as they cannot be the target of spoofing attacks. With a credential prompt my code can create a replica that you type your password into, and now I own your machine AND actually know your password (something even your OS probably doesn't know), which you probably use elsewhere.

Credential prompts can also be targetted for keystroke recording, if you don't take measures like require a Ctrl+Alt+Del press before entering it.

[markwolfe Veteran]

But what is the reason for this? If it's not a consent (continue/cancel prompt) this just seems like it would be a nuisance.

Consent vs credentials each have their advantages. Obviously consent tends to be easier for users.

If you're authenticating the same user, then consent prompts can be more secure as they cannot be the target of spoofing attacks. With a credential prompt my code can create a replica that you type your password into, and now I own your machine AND actually know your password (something even your OS probably doesn't know), which you probably use elsewhere.

Credential prompts can also be targetted for keystroke recording, if you don't take measures like require a Ctrl+Alt+Del press before entering it.

You have to be kidding to think that un-credentialled authorizations are more secure than credentialed. :blink:

[anonymous_user]

if microsoft bundled it's office with windows i am sure no one would say anything...

Im sure Corel and Sun would say something.

[Denis W. Veteran]

You have to be kidding to think that un-credentialled authorizations are more secure than credentialed. :blink:

I think what Brandon's getting at is for Windows, assuming you keep Secure Desktop on (personal note: now I do, I used to shut it off) it's guaranteed 99% of the time* only the user has full control over giving consent to a secured dialog not requiring credentials, as opposed to providing credentials to a dialog potentially open for exploitation. He's suggesting that there's the possibility a rogue *nix process can track keystrokes used to authenticate sudo prompts, and then hijack the next sudo prompt to carry out its dirty business. Whether such proof of concept exists, I don't know. If it does exist, Ubuntu distros and Mac OS X would be in trouble.

What I'm still sketchy on for, say Ubuntu and similar distro's implementation of these consent dialogs, is the grace period given after authenticating a gksudo prompt. I'm not entirely sure if the OS can distinguish between a user-initiated action and one done by a program automatically - on the Windows side at least, it can't, so it opts to prompt everytime just to be on the safe side.

Of course, Vista users who are extremely paranoid about security can choose to enable credentialled UAC dialog boxes even for administrators with a simple setting change in Local Security Policy.

*let's leave 1% in case someone discovers a flaw in UAC

[Konstanov]

Porn icon on the desktop that when clicked used the internet the way it was meant for.

[Brandon Live Veteran]

You have to be kidding to think that un-credentialled authorizations are more secure than credentialed. :blink:

Absolutely. You're very naive if you think otherwise. Remember, we're talking about a situation where the user has already been authenticated with an account that has administrator privileges.

Do you disagree that virtually any credential prompt can be easily spoofed? Or that software keyloggers are a valid concern?

It is possible to take steps to prevent spoofing and keylogging (a verification image / phrase, Ctrl+Alt+Del press, etc) - but it's very difficult to take steps like that during a user session, for every administrative action. And those steps don't completely eliminate the concern.

He's suggesting that there's the possibility a rogue *nix process can track keystrokes used to authenticate sudo prompts, and then hijack the next sudo prompt to carry out its dirty business. Whether such proof of concept exists, I don't know. If it does exist, Ubuntu distros and Mac OS X would be in trouble.

More importantly, my rogue application can display a prompt that looks exactly like the gksudo prompt, so you type in your password and now I know something that even your OS doesn't know. Now for many people I likely have your bank account, e-mail, or paypal password.

[markwolfe Veteran]

Absolutely. You're very naive if you think otherwise. Remember, we're talking about a situation where the user has already been authenticated with an account that has administrator privileges.

...

No. The login gives the user his "user" permissions.

An attempt to do an "admin" task gets a password prompt with gksudo. And a "Click here" prompt with UAC.

The "click here" is less secure.

[Kirkburn]

I think there is a little confusion here.

The idea is, a typed prompt, if it manages to look like a real prompt, allows a program to steal your password. At this point, you've already lost a lot of your security - and not only for the OS - for whatever else you might use that password for.

With a Click here, there's no password to steal. You've entered the password at login. The average Vista user is an "admin" (essentially), and it's based around that being the norm (a lesson learnt from XP, since everyone just set their accounts as admin). This may not be the case with Linux, which makes some comparisons difficult.

Yes, a password is more secure in terms of user initiation than a button - but that is not what is being protected against. It's versus malicious programs.

[Brandon Live Veteran]

No. The login gives the user his "user" permissions.

An attempt to do an "admin" task gets a password prompt with gksudo. And a "Click here" prompt with UAC.

The "click here" is less secure.

Did you even read my post? It is not less secure! There is no fathomable way in which it is less secure, in the context of an authenticated admin user (the most common scenario). If you're talking about an over-the-shoulder elevation, then obviously that's not possible with a consent prompt - but that scenario doesn't even apply here.

Please give me one conceivable way in which credential prompting is more secure than consent prompting. I've given you the counter example.

[markwolfe Veteran]

You are talking about an admin user? Right there it is insecure. Adding "are you sure?" prompts are pointless.

If you want me to give "one conceivable way in which credential prompting is more secure than consent prompting", then let me do so just to stop this silly line of reasoning.

I, as an admin user on a secure Vista box, leave my PC for a second. My 7 year old comes in and tries to delete a system file. He gets a UAC prompt asking to continue. He does. It is gone. Buh-bye.

If prompted for a password credential, the little snot-nosed brat would have been stopped, and saved himself an hour in time-out. :p

There. Does that show you "one conceivable way"?

[realmccoy]

I would love it if Microsoft would shrink the size of the OS by doing like Apple not support all old app's and drivers. It's time for Microsoft to say if want to run an application that is ten years old then use a virtual machine with Windows XX on it so can make there OS smaller and faster. I would like Microsoft to rethink the registry and come up with no registry or something better.

that's my two cents

[Brandon Live Veteran]

You are talking about an admin user? Right there it is insecure. Adding "are you sure?" prompts are pointless.

This is a naive statement. There is no "are you sure" prompt involved with UAC. There is only the "Do you want to allow this program to run with administrator privileges" dialog. This has nothing to do with certainty. It's there to inform you that an application wants to run with admin privileges, and to give you the opportunity to stop that from happening.

They are far from pointless. They provide a better user experience and increased security over credential prompts like those in OSX (that ask you to verify the current users's password).

If you want me to give "one conceivable way in which credential prompting is more secure than consent prompting", then let me do so just to stop this silly line of reasoning.

I, as an admin user on a secure Vista box, leave my PC for a second. My 7 year old comes in and tries to delete a system file. He gets a UAC prompt asking to continue. He does. It is gone. Buh-bye.

If prompted for a password credential, the little snot-nosed brat would have been stopped, and saved himself an hour in time-out. :p

There. Does that show you "one conceivable way"?

That's a multi-user scenario, I was referring to the common single-user admin scenario. In your case, you should lock your machine.

[markwolfe Veteran]

So it *is* a "conceivable way, then?

Unless you are adding in constraints? I thought that the situation I described is realistic, and I bet it happens an awful lot.