Geeks With Blogs
HeroPsycho's House of Phun Phun with tech, politics, music, and more

Hello,

Welcome to my blog.  I'll be discussing a lot of various things here, mostly on the technical side of things, but I'll occasionally visit some other topics, such as music, politics, or anything else that might engage my attention and fuel the fire to blog.

Brief background about myself.  I am a Senior Network Engineer at a large Microsoft Solutions Provider, and I specialize in Active Directory, Exchange, and ISA mainly.  My past work experience includes supporting Exchange at Microsoft Premier Product Support within the admin team, so I have some in depth insight into Exchange I hope to share.  I also have done some federal contracting work.  I am an MCSE 2000/2003: Messaging, and I'm looking currently at getting certified in Exchange 2007 and VMWare (VCP).

I'm very passionate about IT Security, and I hope to get a lot more into that as my career goes along.  I'm looking to get an advanced certification such as CISSP at some point in the future.

This brings me to my first post, and surprise surprise, it's technology related: Vista.

Up until recently, I frequented the tech forum www.computing.net, and after years of posting on the forum, I left the community.  Why?  Very simple - I engaged those saying things that weren't true by providing facts that proved this in a civil, well reasoned manner.  Result?  My posts got deleted for being argumentative.  What else are you supposed to do when someone says something that isn't true?!

The community, as well as many others it seems, has taken a very sour, negative bias against Windows Vista.  Sometimes the arguments were factually based and true.  I have no problem with that; no OS is ever perfect, and I can certainly understand those who do not like Vista for various reasons.  If you personally have hardware or software that is incompatible, I can't blame you for not liking Vista, although I hope people could look past their own personal driver or application issues.  Sometimes it doesn't run well on your system, maybe due to older hardware.

But sometimes, people will engage into outright slander.

Take this thread for example.  http://www.computing.net/windowsvista/wwwboard/forum/963.html

Here, you see response 13 claiming the only broadband connections Vista will allow you to create are for ones that require user names and passwords.  Funny - mine doesn't, and here I am on broadband.  I guess I'm a magician.

Sure, these are just forum users, but what about people on websites such as The Register?

Here's a great little nugget of a Vista mini-review: http://www.theregister.com/2007/05/25/vista_upgrade_revisited/

You just got to love some of this guy's points:

"OK, I accept this is a security measure to stop the uninitiated/awkward/crazy from messing up machines, but you do get to the position that even if you "accidentally" find yourself trying to install a program called "MajorTrojan.exe" from a site called www.youdbeverysillytotrustthis.com, you'll probably press OK just because you always have done."

This statement bothers me A LOT.  Just because this guy would do this, it doesn't mean everyone should.  And it also ignores the point that within XP and other previous versions of Windows, it was possible for malware to be installed without your consent.  While UAC could be theoretically bypassed, the idea that you should be prompted anytime a program is installed is absolutely a good thing.  For those of us who actually do pay attention, UAC is a good thing, and all users should be educated to not accept everything that pops a warning.  Here comes a wonderful nugget of wisdom...

"The fact you can't even say that you will trust certain publishers (such as Microsoft itself) seems to be overkill. This also applies when you want to run certain functions within Vista. If it thinks that this could be "dangerous" the screen dims (as if it is just about to fall over), and you have to give the OK to run the function."

This is the most idiotic suggestion I think I've read about how UAC could be improved.  The author clearly does not understand that UAC is not about just granting permission for software to be installed.  It's about dynamically prompting and elevating privilege on an as needed bases for any process.  Any kind of auto-acceptance for a process that usually doesn't need administrative privileges completely defeats the purpose of UAC.  And adding Microsoft to the list of approved publishers if such a list existed would be incredibly stupid.  What is the most attacked web browser on the market?  IE.  Word processor?  Word.  Spreadsheet program?  Excel.  To allow all these apps to run with full administrative credentials when they don't need it is just plain silly and moronic.  You should be prompted everytime they do something that requires admin rights.  Think about other popular apps that are commonly attacked from Microsoft - Outlook, Windows Mail, Microsoft Live Messenger, all of those apps if Microsoft were added to a trusted provider list would immediately lose all benefits of UAC for security.  UAC is intented to prevent application layer attacks!  You might as well turn UAC off at that point!

He then goes on to complain about his horrific experiences with Vista and wireless networking.  He has SSID broadcasting disabled on his WAP and claims that this is a highly recommended procaution due to security reasons.  Funny, I'm exceptionally security conscious, and I do not have SSID broadcasting disabled.  It presents zero gains in security, and causes not just problems within Vista, but also XP if you install the wifi configuration network update and secure your XP wifi config properly to maintain radio silence and not itself broadcast the SSID and connect to any wifi network, ad hoc or infrastructure, encryption or no encryption.  The reality is Vista's wifi configuration utility behaves just like the XP one with the right updates and configuration for good security - without SSID broadcasting enabled on the WAP, it has connection problems.  Yet this person who claims to be security conscious didn't seem to know that.

Anyone who knows much about wifi security knows that disabling SSID broadcasting gains you nothing in effective security because the SSID is contained in normal wifi traffic anyway, so if someone captures said traffic, they have the SSID anyway.  It's even less useful than WEP encryption.

He then ends his post with "Come on Microsoft. It shouldn't be too difficult to get rid of problems like this."  And the answer is no, it's not that easy.  Security is ever evolving.  UAC for the most part is well designed and executed.  And the wifi client within Vista out of the box will not connect to any wifi network with the same SSID if it can't connect to it in the configuration it expects.  It means Vista is in fact more secure in XP, and if you know how to use it, it's superior in these two issues in security without any doubt whatsoever.

Why can't people just tell the truth about Vista and let its weaknesses speak for themselves?  Or, if you don't have any clue what you're talking about, don't write about that topic?!

Just a thought!

Most posts I hope won't be such a vent session I hope.

=================================================================

Future topics I hope to cover soon:

Why I Like ISA

Clustering with Exchange

How To Secure a Windows Server the Right Way

New Microsoft Certifications

ISA Arrays in a Workgroup

Hardware DEP - Why You Should Turn It On and Configure It

=================================================================

Tomorrow, I'm going to DC to catch a band I've been wanting to see live for a long time - SILVERCHAIR, BABY!!!

NP: Silverchair - "If You Keep Losing Sleep"

Posted on Tuesday, July 24, 2007 1:52 AM | Back to top


Comments on this post: Brief intro; rant against Vista rants

# re: Brief intro; rant against Vista rants
Requesting Gravatar...
When UAC asks the user ( my mom ) and she does not know anything about computers, I bet she will press Yes (Ok) every time, because she knows that otherwise it doesn't work.

90% of computer users are not really computer literates.
Your argument is a fallacy and does not even apply to IT educated people.

I bet you have UAC disabled and play the saint...
Left by Liviu on Jul 24, 2007 4:12 AM

# re: Brief intro; rant against Vista rants
Requesting Gravatar...
I feel you pain and I am forever shouting, "no it doesn’t" or "yes it does" and "I never had that problem" at many of the posts around Vista. I fully believe that many of those posting on Vista have never actually used it, and just regurgitate the same old crap that the MAC fanboys have been spouting for ages...
Left by Martin Hinshelwood on Jul 24, 2007 4:17 AM

# re: Brief intro; rant against Vista rants
Requesting Gravatar...
Liviu,

UAC most certainly applies to "IT educated people".

For some reason, people assume that if you're in IT, you're somehow immune to being hacked. You're not. If you use an OS that has security holes in it, you are vulnerable to some degree. If you use any application on that OS that has security holes in it, you are vulnerable. Period. And every application has security holes in it, whether we're aware of them today or not. So does every OS. If you and your mother both use Windows XP, your Windows XP code isn't inherently more secure than hers.

Merely visiting this very site where users can interact and post comments and content is inherently a security risk. There is no guarantee that this site's web engine will sanitize content posted by users 100% effectively, so it is very possible that an attacker could for example post a malicious cross site script that would invoke the installation of malware on your machine through your browser. UAC is another layer of defense that could prevent this from happening. At least you might have the opportunity to stop the script from installing software if you have UAC turned on, since software installation requires admin privileges.

My point was that UAC isn't a bad thing just because uninformed people might click yes without thinking or understanding. Some people are informed, and use UAC to help keep their system secure, as I do. There is no fallacy in that.
Left by HeroPsycho on Jul 27, 2007 2:40 AM

# re: Brief intro; rant against Vista rants
Requesting Gravatar...
Martin,

My intent of this post isn't to dismiss people who genuinely have issues with Vista. There are known issues with the OS, just as there were issues when XP first came out...

Just like Windows 2000...

Just like Windows 98...

Just like Windows 95...

There's nothing new about that. But what's really bothering me are the people who slam the OS and have absolutely no idea what they're talking about, and yet they act as if they do on message boards, and some are even tech writers for major publications and websites like The Register. These people have no business purporting themselves as having any authority on these matters, and they're definitely not helping anyone.

Recently on another forum, someone argued with me about how UAC caused problems with installing Adobe Acrobat. Come to find out, the actual reason it wouldn't install is because he disabled UAC!

http://kb.adobe.com/selfservice/viewContent.do?externalId=333643&sliceId=1

But of course, since so many people were trashing UAC in that community, even though I had the facts on my side, it didn't matter. The pervasive view in that community was UAC sucks and should be promptly disabled.

How does that do anyone any good? Why on earth would these people want to go around saying UAC should be disabled, and for that matter, don't install Vista because it sucks because this stuff happens?

It just makes no sense...
Left by HeroPsycho on Jul 27, 2007 2:49 AM

Your comment:
 (will show your gravatar)


Copyright © HeroPsycho | Powered by: GeeksWithBlogs.net