Windows IT Pro UPDATE--Biting the Security Bullet--May 16, 2006

Subscribe to Windows IT Pro:


Make sure your copy of Windows IT Pro UPDATE doesn't get mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertiser's Web sites and show your support for Windows IT Pro UPDATE.


Argent Software



1. Commentary
- Biting the Security Bullet

2. Hot Off the Press
- DOJ: IE 7 No Threat to Google

3. Peer to Peer
- Featured Blog: The Vacation Problem
- Tip: Where do I store images I want to use as part of my Windows SharePoint Services site?

4. New and Improved
- KVM Switch Provides Easy Cable Management

==== Sponsor: Hewlett-Packard ====

Many things can affect your messaging system's availability, including component failure, power outages, operator errors, and natural disasters. Plan and implement reliable strategies to maintain highly available Exchange Server 2003 messaging systems.


==== 1. Commentary: Biting the Security Bullet ====
by Paul Thurrott, News Editor, [email protected]

If you're familiar with my reviews on the SuperSite for Windows, you know that they follow a fairly standard structure: Toward the end of the review, I highlight the issues and problems I feel the product has, and I wrap it up with availability and licensing information and a conclusion. If the review is long enough to warrant multiple parts, I generally handle the "problems" section as the last part of the review, which is what I did recently with my review of the February Community Technical Preview (CTP)/Builds 5308/5342 versions of Windows Vista. Part 5 of that overly long review was called "Where Vista Fails," and it highlighted some problems in those builds as well as some general thoughts about where Microsoft was reneging on promises it had made for the next Windows client.

I didn't think much about it. After all, this was part 5 of a lengthy review, nothing more. But as soon as "Where Vista Fails" was published, my life got very complicated. I received email messages from a few senior Microsoft executives, from numerous Microsoft employees, and even several requests from the press. Part 5 of the review was linked to and scrutinized all over the Web, presumably because I'm a Windows Guy and here I was criticizing Microsoft. The Mac Web loved it, obviously. On and on it went. I was surprised by this reaction because I didn't feel like I'd deviated from my standard review pattern. If anything, I had omitted many valid examples of Vista problems for space reasons and because I figured they'd be more appropriate for future articles. After all, it's just an interim Vista beta build.

My most pointed concerns were about User Account Control (UAC, previously called User Account Protection--UAP--and before that known as Limited User Account--LUA). UAC is a major component of Microsoft's plan to keep Windows users safe from themselves. In earlier Windows versions, most nonmanaged users (i.e., Windows users who aren't part of a correctly designed Active Directory--AD--infrastructure) run with full administrator privileges and not with safer standard user accounts. Running with administrator privileges makes things easier: You can delete files and icons, move data from drive to drive, launch and run any application, and perform any other task your system is capable of. It's also more dangerous. If a bit of malicious code infiltrates your system--all too easy in the Windows world--then it, too, runs with administrative privileges.

UAC emulates the security model that Linux and Mac OS X users have known for years. On those systems, administrator-level tasks--typically actions that could potentially harm the system or change its configuration--require in-place authentication, usually in the form of a dialog box. You might think of this as a graphical form of "superuser do" (SUDO), or "do something as super user," a command-line-based way of escalating your privileges in the UNIX and Linux worlds so you can perform an administrative-level task, even if you usually run as a standard user.

In the various Vista interim builds I've seen, UAC has been a nightmare. That is, the UAC dialog boxes pop-up early and often. Combined with some related permissions issues, you'll even find yourself getting into endless loop situations in which you try to delete a combination of files and desktops icons and find yourself unable to do so, though you're welcome to keep pressing "Try Again" until you're blue in the face.

My issue with UAC is that this type of thing has been done correctly in the past. On both Mac OS X and most Linux distributions, when users are forced to provide authentication for administrator-level tasks, it's not annoying. In fact, it even contributes to a feeling of security, if you can believe that.

There are reasons why UAC is so badly implemented, and I'm sure that Microsoft will figure this out before Vista is finalized in late 2006. But I'm already hearing that the feature might be improved before then. Apparently, Vista Beta 2--due next week--already includes a slightly less annoying UAC implementation. I hope developers find the right balance between security and usability.

UAC isn't the only form of user account improvement in Vista, of course. Although the first user you create on a Vista box is always an administrator-level account, subsequent accounts are created as standard users by default. And Microsoft Internet Explorer (IE) 7, which I discussed last week, runs at an even lower privilege level than a standard user. That says a lot about IE, but it also shows that Microsoft is serious about security. With Vista, most users are going to be forced to bite the security bullet for the first time ever. My only question is whether Windows users are ready for the tradeoffs that occur when you can't easily do the things you could do before.


==== Sponsor: Argent Software ====

Network Testing Labs, one of the world's leading independent research companies, concluded that "Argent's suite had a smaller footprint, was more scalable, supported more platforms, had a more responsive and intuitive user interface and gave us more useful reports," the report says. "Argent's suite of monitoring products emerged from our testing with flying colors."

Download this FREE Comparison Paper now:


==== 2. Hot Off the Press ====
by Paul Thurrott, [email protected]

DOJ: IE 7 No Threat to Google
In a stunning development, the US Department of Justice (DOJ) said late Friday that Microsoft's decision to use an integrated search box in Microsoft Internet Explorer (IE) 7 that defaults to MSN Search does not pose a competitive threat. Internet search giant Google had previously complained to both the DOJ and antitrust officials at the European Union (EU) that Microsoft's decision to add the feature was an antitrust violation. Read the rest of the story at the following URL:

==== Events and Resources ====
(A complete Web and live events directory brought to you by Windows IT Pro: )

==== Events and Resources ====
( A complete Web and live events directory brought to you by Windows IT Pro: )

Exchange and Office 2007 Roadshow
Get the facts about deploying Exchange & Office 2007! You'll come away with a clear understanding of how to implement a best-practices migration to Exchange Server 2007, how to use Exchange Server 2007's new capabilities to improve your messaging environment, and how you and your end users can get the most out of Office 2007.

Use virtual lab automation solutions to address special challenges presented in pre-production and staging environments, including virtual server file library management, provisioning, configuration and remote access issues. Live Event: Thursday, May 18

Mark Joseph Edwards discusses emerging spyware threats, including rootkits, keyloggers, and distribution methods. Live Event: Tuesday, May 30

Maximize your VoIP environment by integrating FoIP technology to increase ROI, and streamline processes.

Network Professional Association (NPA): Limited time offer, join/renew now at a special rate; Receive the only elite professional designation for the industry, Certified Network Professional, Enter the Global Hall of Fame in our Distinguished Fellows Program; Receive recognition with the "Awards for Professionalism." Additional benefits? Questions? Call Lori 888-NPA-NPAo.

==== Featured White Papers ====

Finding a faster and easier way to determine effective permissions on Windows can be incredibly challenging. In this free white paper you'll discover why it's essential to determine effective permissions, how to determine who has access to critical information in Windows, to determine where each individual has access in Windows and more! This is the must have white paper to resolve overlapping permission grants for local and network access, shared hierarchies, local machine rights and more!

~~~~ Hot Spot: ~~~~

Test the Starter PKI Program to benefit your company with timesaving convenience and secure multiple domains and host names.

==== Instant Poll ====

What Do You Think?
Don't forget to sound off in our Instant Poll. This month's question is "Have you tested IE 7 Beta 2?"

==== 4. Peer to Peer ====

Featured Blog: The Vacation Problem
Read Orin Thomas' s most recent posting to the Hyperbole, Embellishment, and Systems Administration blog at the following URL:

Tip: Where do I store images I want to use as part of my Windows SharePoint Services site?
by John Savill,

Find the answer at the following URL:

==== Announcements ====
(A complete Web and live events directory brought to you by Windows IT Pro: )

Windows IT Pro Master CD--SAVE 50%!
Subscribe today and get portable, high-speed access to the entire Windows IT Pro article database on CD: a searchable library that includes every Windows IT Pro issue ever published. The newest issue also includes BONUS Windows IT Tips. Order now and save:

May Exclusive - Save $100 off the Windows Scripting Solutions Newsletter
For a limited-time, order the Windows Scripting Solutions newsletter and SAVE up to $100 off! You will get 12 helpful issues loaded with expert-reviewed code and scripting techniques, as well as hundreds of tips on automating repetitive tasks. You will also get FREE, unlimited access to the full online scripting article library (over 500 articles). Subscribe now:

==== 5. New and Improved ====
by Blake Eno, [email protected]

KVM Switch Provides Easy Cable Management
ATEN Technology announced its new enterprise-class KVM solution, the KM0832 CAT5 Matrix. The switch allows eight users to directly access and control up to 32 computers simultaneously and independently. The product features a detachable front panel, which allows users to mount the body of the KVM switch toward the back of the rack for easy cable management. Additional features include server control up to 500' away and three-level password security. For more information, contact ATEN Technology at 949-428-1111 or 888-999-2836.

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to mailto:[email protected]

==== Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today!

Manage Your Account You are subscribed as %%$email%%

You are receiving this email message because you subscribed to this newsletter on our Web site. To unsubscribe, click the unsubscribe link:

View the Windows IT Pro Privacy policy at Windows IT Pro is a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department Copyright 2006, Penton Media, Inc. All Rights Reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.