Vista or XP

For a few months now, I have been using the Firewall built into my Router, and it has been so good at keeping my system clean, that I I no longer use any kind of software cleaner of ANY kind.

In fact, after about 11 weeks of doing the usual rounds, I decided to put a few apps back on to see if anything had come back...

I installed AdAware SE, SpyBot S&D, NoAdware 4, and Spyware Doctor, and they found.... NOTHING!

I also installed and updated NOD32 again, and it also found bugger all.

Now, that to me says that my setup has been pretty secure, and no matter whether I use Vista, 2K or XP, it will make no difference at all to its security.

My mothers PC is the very same... No firewall, no anti-anything, just the routers built in stuff and she has never had any form of infection since the day I knocked her PC up... ( Win2K )... I have always tried to use Software firewalls, and I have assumed they were the best, but this is simply not true.

Everyone sais that XPs firewall is the best there is, that was soon proven wrong, and all *** security vunerabilities soon came out in the wash... Everyone is saying the same with Vista and yet already there are a few grubbies for Vista also coming out in the wash already.

I dont think that Vista is any more secure than XP is.

As long as you dont trust your PC to Norton / McAffee, you should be ok.
 
Rebelius said:
Some people like change.
Click to expand...

For me, its not the change as such, but rather what the change could mean in the near-future.

MS's ( And many others ) plans seem to be stemming towards the end user only actually having a terminal for accessing data ( Data which will be limited by them ) and we wont have PCs as they are today.

.NET is one stepping stone towards this.
Vista is another.

They are taking control away from the end user, and we will all suffer in the end.
 
Too few people understand the concept of multiple layers of security...

Nobody is saying Vista will not have any security patches - I doubt if we will even see a variation in the frequency of them... possibly even an increase due to the larger code base.

The point that security clued-up people are trying to put across is that Vista has many many layers of security and it would be difficult (not impossible, but very difficult) for some malware to get past them all.

The firewall in Vista (which also now filters outgoing) for example is the first layer of security. This secures all your ports so that they are protected, by default, from the outside world. This firewall will prevent any repeat of epidemic worms like "CodeRed" and "Blaster" from ever occuring again. Even the one in XP can do that in fact it's just that it wasn't turned on by default back in those days.

Protected Mode IE is probably the second layer of security. IE can have as many security holes as it likes now... any malware that exploits them won't be getting far because IE runs in a sandbox (called Protected Mode) which effectively cuts it off from the rest of your system.

Anti-virus and anti-spyware software forms the third layer of defense.

UAC is probably the fourth layer. This prevents malware from making any significant changes to your system (such as making auto-run entries in your Registry or hiding their files in your Windows folder). Many people accuse UAC of being useless because they say infection is only one click away but this isn't the case on a properly administered setup where the user isn't running as an Administrator.

Now we are getting to the lower levels of security... these are what you could call the last line of defense. If these don't catch the exploit then you're doomed.

In this category we have things like DEP, or "Data Execution Prevention", which prevents many common types of buffer overflows.

We also have ASLR... a new feature in Vista that relocates system binaries in memory into 256 random locations. This makes it extremely difficult for a buffer overflow to target a specific module in memory. It would need to try up to 256 times to get the right location and each attempt runs a very high probability (>70%) of crashing the process anyway.

If some malware manages to get past all of that without user intervention then it has done very well for itself indeed.
 
Last edited:
FatRakoon said:
For me, its not the change as such, but rather what the change could mean in the near-future.

MS's ( And many others ) plans seem to be stemming towards the end user only actually having a terminal for accessing data ( Data which will be limited by them ) and we wont have PCs as they are today.

.NET is one stepping stone towards this.
Vista is another.

They are taking control away from the end user, and we will all suffer in the end.
Click to expand...
.NET is programming platform and Vista is an OS - how are either of these pushing people towards using online web services?

Google is the one pushing these types of technologies, not Microsoft. Microsoft's equivilent is their "Windows Live" bunch of services.
 
Last edited:
NathanE said:
In this category we have things like DEP, or "Data Execution Prevention", which prevents many common types of buffer overflows.
Click to expand...

DEP isnt turned on for most processes unless you specificially turn it on.
Not to mention it still results in access violation and causes your program to bomb out anyhow (not a good sign). Return to libc "like" attacks totally negate DEP anyhow its not like you need to put data on the stack...

http://uninformed.org/?v=2&a=4&t=txt

NathanE said:
We also have ASLR... a new feature in Vista that relocates system binaries in memory into 256 random locations. This makes it extremely difficult for a buffer overflow to target a specific module in memory. It would need to try up to 256 times to get the right location and each attempt runs a very high probability (>70%) of crashing the process anyway.
.
Click to expand...

Not heard of NOP sleds? Microsoft's implementation does not protect against partial address overwrites so its still possible to exploit. 64bit ALSR really puts brute force attempts out of the picture but with 32bit its possible.

I don't do windows but I got a feeling user32,kernel32 and ntdll are assumed by the kernel (and user-mode) to be at the same address in every process.
 
Last edited:
I have just read through this thread and thought i would add my 2p

I got Windows Vista as a free upgrade because i bought MCE 2005 in december, and it is still laying on my shelf untouched. One reason is that I don't know if i will be upgrading my hardware in the next 6 months (CPU&Mobo)

But the other reason is, for me it offers absolutly nothing over what i can't do just now, so i am happy to have it sit there till we get SP1. I don't really want to have any issues with games, or any apps i use for various things. It has/had some issues with iTunes and iPods (Yes i like iTunes, have done since it was on the mac) Creative drivers sucks, nVidia drivers suck so downside there.
I have no need for a fancy search facility as i never use search as i keep my folders and drives organized. The only time i use search is at work and that is when looking for a file with a specific ref within the text of the document.

I used Vista business i work as Technet gives you trials of this. And i thought the interface was quite nice, don't know if it is worth the resources though. i liked the sidebar and think it could be handy on my widescreen monitor, but is very much reliant on the comunity atm. The task manager gave me a wee bit more info, that was a novelty tbh. but that 'Do you want to open the control panel/Task manager/[insert any app here] that you went out of your way to DOUBLE CLICK on?' then 'Do you really really? last chance t say no.' just got to me :(

So that is my view, i am not a lover, but not a hater neither. just dont think it is worth my time and energy to put it on my machine.
Sure maybe it can be installed in 25 mins (took longer on my P4 test rig, but ok) But it would also take me hours and hours to reinstall all my games, move MP3's about, lose all my settings, etc which, for me anyway, would put the full install at a few days when all is finished.
 
Una said:
snip
Click to expand...
I like how you pick holes in the two things that I explicitly described as the "last line of defense" :p

PS: Looking down my procexp list there is only a handful of processes with DEP turned off. The rest have it turned on. This is a Vista x64 install and the DEP settings are all at their defaults.

BTW: Hardware DEP has been significantly harderned in Vista over what XP SP2 had.
 
Last edited:
NathanE said:
I like how you pick holes in the two things that I explicitly described as the "last line of defense" :p

PS: Looking down my procexp list there is only a handful of processes with DEP turned off. The rest have it turned on. This is a Vista x64 install and the DEP settings are all at their defaults.
Click to expand...

Nah credit where credit is due, microsoft ripped off all the features from linux (PaX/va randomization/stack canaries) so its about time they improved on security over xp.

Isnt DEP off for ie7 by default?
 
Last edited:
Credit where credit is due... Vista is the only mainstream desktop OS to have ASLR enabled by default.

IE7 runs in a sandbox (technically even non-protected mode instances do, except that the sandbox is opened up) and it is the all crucial "ieuser.exe" process that runs with DEP enabled. "iexplore.exe" is just GUI now with no logic in them and so there is no point in enabling DEP on them.
 
Er all 2.6 linux kernels have virtual address space randomization as default and 2.6 was around much before vista was released. I would class Linux as a mainstream desktop OS.
 
Last edited:
Nope? It all depends on the distro and what the vendor decides to turn on. SuSE and RedHat (the mainstream distro's) last time I checked did not have ASLR turned on by default.
 
Well got to admit I don't know about that, I know Debian and Ubuntu have had it enabled much before vista was ever released and Ubuntu is the most popular linux desktop distro according to distrowatch.
 
Last edited:
Rebelius said:
how can computing ever really advance if we keep hanging on to backwards compatability?

If vista has changed in ways you don't like, then don't buy it, don't use it and stop moaning.

Some people like change.
Click to expand...

well said!!!

remember when xp first came out, people done the same thing as now...
 
NathanE said:
I said "Cool :~)" because it's your opinion and it would be futile to argue with it :)
Click to expand...

ah ok np


I see where you're trying to take this but I ain't biting mate :p:)
Click to expand...

dam :D

Like what happened when XP SP2 came out... it will be interesting to watch the opinions of people here change over the coming years :)
Click to expand...

I hope your right tbh, end of the day it's the only os (apart from reactos) to support dx10 so many of us (mainly gamers) will have to make the change eventually but you can't deny that this is the most reluctant I think cumsumers have been over upgrading to a new os don't you think ? like I said before I've been using windows since 2.0 and I've never seen this much apprehension before, I know many complain'd when XP first came out but even before it was patched it was evident that XP was leaugues ahead stability wise, many people like myself want stablility and compatiliby more than a feature set that we will never use.
 
Rebelius said:
how can computing ever really advance if we keep hanging on to backwards compatability?

If vista has changed in ways you don't like, then don't buy it, don't use it and stop moaning.

Some people like change.
Click to expand...


yeh tell all the innocent people in iraq that have died that change is good :rolleyes: , change is all well and good if it's a step in the right direction, just b-cos something is different it does'nt automaticly mean it's an improvement.
 
With each Windows release the stakes are raised higher and higher so it's understandable that there is so much apprehension over Vista. It didn't help that XP had a very very long lifecycle which has made people think an OS can't get any better for them.

One thing that does nark me about Vista is the multi-monitor support. It hasn't progressed whatsoever over what XP had. Some of the Longhorn beta's had some interesting multi-mon tidbits (like a taskbar on every monitor, Ultramon style) but these never made it past the Longhorn Reset. I really hope they release some Ultimate Extras to plug this functionality back in.
 
I have XP X64 and Vista U X64 in dual boot. I see no improvement in vista over XP sept it is slower and less things work with it and all manufacturers have to play this game called catch up to get the drivers up for us uses.

What I think should have happened is Microsoft should never have made vista (and wasted 5 years making it) they could have used that time a lot better by

Releasing SP3 for XP about now and in the sp3 have direct x 10 and a new look (theme) for XP job done because then the manufacturers don t have to play catch up.
 
NathanE said:
.NET is programming platform and Vista is an OS - how are either of these pushing people towards using online web services?

Google is the one pushing these types of technologies, not Microsoft. Microsoft's equivilent is their "Windows Live" bunch of services.
Click to expand...


Well, .NET is a programming layer, it not only provides extra features for programming, but also provides the ability to run code across networks / internet... Hence the name. That in itself should show what I mean there, and Vista is very much soaked in such similar code. Yes, 2 partially different things, but both using the very same code.

Yes, google are pushing such technologies, as are HP, Dell, Even IBM and yes, MicroSoft too! - over 30 big such companies are involved in this.

I am not 100% where I read about this, but the European Union, and indeed nearly all of asia were up in arms about it because these american companies were trying to control everything through such technologies as .NET and the control they were giving themselves was going way beyond what was justified.

Its that, that is scaring me.
 
For gaming, is it only DX10 that Vista will give us?

Im wondering here, but I feel that OpenGL was superior to DirectX

Still do actually.

Now, I wonder... If they re-developed OpenGL and brought it into the 21st Century, would we even need DX10?

Silly thought perhaps, but a possibly valid one too maybe?

I know nothing, so its purely a kind of wild flailing stab of a dying man.
 
You must log in or register to reply here.
Back
Top Bottom