Gamers, enterprises saying yes to Windows Vista

The Internet’s chattering classes may have already given up on Windows Vista, but two key segments of the PC population apparently haven’t.More than a third of online gamers are running Windows Vista, according to a January survey (scroll down to “Windows version”) by online gaming company Valve Corp. That’s almost double the 18% of the nearly 2 million online gamers surveyed by Valve last August.

Meanwhile, almost one third of North American and European corporations have started deploying Vista, according to a report released late last week by Forrester Research.

While Vista has been bashed repeatedly, IT managers are actually “slowly warming” to the operating system two years after its release, wrote analyst Ben Gray.

Nearly 10% of enterprise PCs were running Vista in August and September, when Forrester interviewed 962 IT decision makers at North American and European companies.

Despite “considerable interest in Windows 7,” Gray wrote, Windows Vista is finally shaping out to be the operating system that dethrones Windows XP.”

XP still dominates, with a 71% share, but that is down 16% from its 87% share of corporate desktops in Forrester’s survey results in the three months earlier.

XP is a “lame-duck operating system,” Gray wrote.

Similarly, XP is still run by 65% of players at Steam, an online site for PC gaming that requires users to run Windows 2000, XP or Vista. But 34% were running Vista, which offers more advanced graphics-rendering capabilities desired by gamers.

Those running the 32-bit version of Vista outnumbered users of the more advanced 64-bit flavor by a ratio of three to one — an indicator of how representative of the overall consumer population Steam’s sample is.

Besides the 30% of IT managers who told Forrester last fall they were already deploying Vista, another 27% said they planned to deploy Vista this year or in 2010.

In the Forrester report, Gray did not address the impact of the recent economic downturn and reports late last year that corporations would cut back on their 2009 IT spending plans.

Fifteen percent of respondents told Forrester last fall they planned to skip Vista for Windows 7, with another 28% reporting “no plans” or “don’t know.”

Despite increasing hints that Windows 7 may ship by this Christmas, Gray continues to peg its release for early 2010. As such, he advises companies worried about Microsoft cutting mainstream support for XP after April to upgrade to Vista now.

“Windows 7 will not be dramatically different from Windows Vista since it’s built on the same code base to ensure greater application and hardware compatibility – rather it’s an evolutionary update with more user-facing enhancements,” he wrote. “The bottom line is if you are going to skip Windows Vista on some or all of your PCs, you will need to move very quickly to deploy Windows 7, particularly if you wait until Service Pack 1, as most enterprises do.”

Mac OS X had a 3% share of corporate PCs, while Linux had 2%. Gray expects Apple’s operating system to “maintain its niche business status,” though “progressive organizations are flirting with desktop and application virtualization” to enable Mac usage, “and some are even experimenting with ‘bring your own PC to work’ programs” that also allow Macs, he wrote.

Source: computerworld

Browsing behind Windows Vista

Windows Vista has a new security construct called Mandatory Integrity Controls (MIC), which is similar to integrity functionality long available in the Linux and Unix worlds. In Vista, all security principals (users, computers, services, and so on) and objects (files, registry keys, folders, and resources) are given MIC labels.

A subject of lesser integrity cannot modify (write or delete) an object of higher integrity, even if the normal NTFS permissions would otherwise allow it. Perhaps surprisingly, MICs take precedence over traditional file permissions, and it’s critical that they do.

Security principals are assigned MICs in the form of SIDs (security identifiers) that are added to their access tokens during log-on. Objects have MIC labels stored as part of their access controls — specifically within the System Access Control List portion, which is where the auditing attributes are stored as well. When a security principal or a process on behalf of the security principal attempts to access an object, both MICs are checked and their integrity evaluated.

Although many integrity levels exist, Windows regularly uses six label values (from lowest to highest): Untrusted, Low, Medium, High, System, and Trusted Installer. Normal users have Medium integrity. The null/anonymous user is Untrusted. The default built-in Administrator and elevated members of the Administrators group have High integrity. The Windows system kernel and service files rank as System.

Most Web browsers run with Medium integrity by default. Add-on programs normally run as Medium or High. Internet Explorer in its default Protected Mode (enabled for all zones but Trusted Sites) runs with Low integrity for rendering processes, as does Google’s Chrome. Although Internet Explorer was the first browser to support MICs, Chrome actually utilizes them to a greater extent (see the Chrome review). Along with preventing lesser-integrity writes, Chrome prevents lesser-integrity reads as well.

The purpose behind integrity controls, of course, is to give Windows another layer of defense against malicious hackers. For example, if a buffer overflow is able to crash Internet Explorer (and not a third-party add-on or toolbar), the resulting malicious process will often end up with Low integrity and be unable to modify Windows system files. This is the primary reason so many Internet Explorer exploits have resulted in an “important” severity rating for Vista but a higher “critical” rating for Windows XP.

Every Web browser should make use of Vista’s integrity controls to the fullest extent possible. Their implementation significantly improves protection for the end-user. Browsers running in Low integrity, such as Chrome or Internet Explorer, offer additional protections that the others don’t — but should.

Source: infoworld

Vista’s flaws surface again on eve of Windows 7 beta

Attendees of the International Conference on Cyber Security 2009 in New York Tuesday were reminded of the shortcomings of Windows Vista a day before Microsoft is expected to reveal the first beta for its follow-up, Windows 7.Microsoft Investigative Consultant Michael Dunner asked attendees how many of them have used Vista as he gave a presentation on the security differences between that OS and Windows 7.

When people in the audience raised their hands, Dunner then asked, “How many of you like it?” Only about half of those who acknowledged using Vista raised their hands.

Dunner also called Vista’s User Account Control (UAC) feature “annoying” and one of its “biggest problems,” to which one audience member responded, “Yes, it is annoying.”

Problems with UAC have been widely publicized and even spoofed by television commercials from competitor Apple. The feature was meant to improve the security of Vista by preventing users without administrative privileges from making unauthorized changes to a PC. But because of how it was set up, it can prevent even authorized users from being able to access applications and features through a series of screen prompts that interrupt normal user workflow to ask for account privileges.

Microsoft CEO Steve Ballmer is expected to unveil the Windows 7 beta during his keynote Wednesday at the Consumer Electronics Show in Las Vegas.

Microsoft has publicly acknowledged the limitations of UAC. The company has called it one of Vista’s most “controversial” features and has said it will improve the feature in Windows 7 to make it more efficient and to reduce the number of prompts users receive.

Dunner’s comments and the lackluster audience response to Vista Tuesday was evidence of users’ overall disappointment with the OS, which many view as a failure for Microsoft. In addition to problems consumers have reported, many business customers have opted to skip Vista and run Windows XP until Windows 7 is available.

What to do after installing of windows Vista PC in 10 easy steps

While Windows Vista may be Microsoft Corp.’s most secure operating system ever, it’s far from completely secure. In its fresh-from-the-box configuration, Vista still leaves a chance for your personal data to leak out to the Web through Windows Firewall or for some nefarious bot to tweak your browser settings without your knowledge.

But by making a few judicious changes using the security tools within Windows Vista — and in some cases by adding a few pieces of free software — you can lock down your operating system like a pro.

1. Use Windows Security Center as a starting point

For a quick overview of your security settings, the Windows Security Center is where you’ll find the status of your system firewall, auto update, malware protection and other security settings. Click Start, Control Panel, Security Center, or you can simply click the shield icon in the task tray. If you see any red or yellow, you are not fully protected.

For example, if you have not yet installed an antivirus product on your machine, or if your current antivirus product is out of date, the malware section of the Security Center should be yellow. Windows does not offer a built-in antivirus utility, so you’ll want to install your own. For free antivirus, I recommend AVG Anti-Virus 8.

2. Use Windows Defender as a diagnostic tool

The malware section of Windows Vista also protects against spyware using Windows Defender. The antispyware protection in your antivirus program usually trumps the protection Microsoft provides, but there are several good reasons to keep Windows Defender enabled. One is that every antispyware program uses a different definition of what is and is not spyware, so redundant protection can actually offer some benefit.

Another reason to keep Windows Defender enabled: diagnostics. Click Tools, and choose Software Explorer from the resulting pane. You can display lists of applications from several categories such as Currently Running Programs, Network Connected Programs and Winsock Service Providers, but Start-up Programs is perhaps the most useful. Click on any name in the left window, and full details will appear in the right pane. By highlighting, you can remove, disable or enable any of the programs listed.
3. Disable the start-up menu

Windows Vista keeps track of all the documents and programs you launch in the start-up menu. This can be convenient for some users, but it can also compromise your privacy if you share a computer within an office or household. Fortunately, Windows Vista provides an easy way to tweak this setting. To protect your privacy, follow these steps:

* Right-click on the task bar and select “Properties.”
* Click on the Start Menu tab.
* Uncheck “Store and display a list of recently opened files.”
* Uncheck “Store and display a list of recently opened programs.”
* Click “OK.”

4. Get two-way firewall protection

No desktop should be without a personal firewall, but even if the Security Center says you’re protected, you may not be. The Windows Firewall within Vista blocks all incoming traffic that might be malicious or suspicious — and that’s good. But outbound protection is not enabled by default. That’s a dangerous situation if some new malicious software finds its way onto your PC.

Microsoft did include the tools for Windows Vista to have a true two-way firewall, but finding the setting is a little complicated. (Hint: Don’t go looking the Windows Firewall settings dialog box.)

To get two-way firewall protection in Windows Vista, do the following:

* Click on the Start button; in the search space, type “wf.msc” and press Enter.
* Click on the Windows Firewall with Advanced Security icon. This management interface displays the inbound and outbound rules.
* Click on Windows Firewalls Properties. You should now see a dialog box with several tabs.
* For each profile — Domain, Private and Public — change the setting to Block, and then click OK.

Even if you do this tweak, I recommend adding a more robust third-party firewall. I suggest either Comodo Firewall Pro or ZoneAlarm, both of which are free and fare very well in independent firewall testing.

5. Lock out unwanted guests

If you share your computer with others — and even if you don’t — Windows Vista includes a neat way to keep unwanted guests from guessing your systems administrator password. When you set up users and declare one user as administrator with full privileges, Windows Vista allows outsiders unlimited guesses at the password you chose. Here’s how to limit the guesses.

* Click Start, then type “Local Security Policy.”
* Click Account Lockout Policy.
* Choose Account Lockout Threshold.
* At the prompt, enter the number of invalid log-ins you’ll accept (say, three).
* Click OK and close.

6. Now audit your attackers

With the Account Lockout policy in place, you can now enable auditing to see any account attacks. To turn on auditing for failed log-on events, do the following:

* Click the Start button, type “secpol.msc,” and click the secpol icon.
* Click on Local Policies and then Audit Policy.
* Right-click on “Audit account log-on events policy,” and select Properties.
* Check the Failure box, and click OK.
* Right-click on “Audit log-on events policy” and select Properties.
* Check the Failure box and click OK.
* Close the Local Security Policy window.

You can then use the Event Viewer (by running eventvwr.msc) to view the logs under Windows Logs and Security.

7. Secure your Internet Explorer settings

The Windows Security Center will also report whether your Internet Explorer 7 (or IE security settings are at their recommended levels. If the screen shows this section as red, you can adjust the settings within the browser itself.

* Within Internet Explorer, click Tools in the menu bar.
* From the drop-down menu, click Internet Options.
* Choose the Security tab.
* Within the Security tab, click Custom Level.

Here you’ll see a window with all the security options for the browser. If any are below the recommended level (if, say, some malware reconfigured your browser settings), these options will be highlighted in red.

To change an individual setting, click the appropriate radio button. To reset them all, use the button near the bottom of the tab. You can also change the overall security setting for Internet Explorer from the default Medium-High setting to the recommended High or Medium, if you wish. Click OK to save and close.

8. Use OpenDNS

Domain Name System (DNS) servers act as a phone book. When you type “pcworld.com” in the address bar, for instance, your browser sends that common-name request to your Internet service provider’s DNS servers to be converted into a series of numbers, or an IP address.

Lately, DNS servers have come under attack, with criminals seeking to redirect common DNS preferences to servers that they control. One way to stop such abuse is to use OpenDNS.

Go to Start, Control Panel, Network and Internet, and then click Network and Sharing Center. Under the tasks listed on the left, click Manage Network Connections. In the Manage Network Connections window, do the following:

* Right-click on the icon representing your network card.
* Click Properties.
* Click Internet Protocol Version 4.
* Click the Properties button.
* Select the Use the following DNS server addresses radio button.
* Type in a primary address of 208.67.222.222. < br />* Type in a secondary address of 208.67.220.220.
* Click OK.

9. Live with User Account Control

One area where some people might want to see the Windows Security Center turn red is User Account Control (UAC), perhaps the most controversial security feature within Windows Vista. Designed to keep rogue remote software from automatically installing (among other things), UAC has a tendency to thwart legitimate software installations by interrupting the process several times with useless messages.

In Windows 7, you’ll be able to set UAC to the level you want. Until then, you do have some options. One is to disable UAC. I would caution against that, since UAC is meant to warn you of potential danger.

Instead, install TweakUAC, a free utility that enables you to turn UAC on or off as well as provides an intermediate “quiet” mode that keeps UAC on but suppresses administration-elevation prompts. With TweakUAC in quiet mode, UAC will appear to be off to those running as administrator accounts, while people with standard user accounts will still be prompted.

10. Check your work

Now that you’ve tweaked Windows Vista, you can keep tabs on your system’s security with the System Health Report. This diagnostic tool takes input from the Performance and Reliability Monitor and turns it into an information-packed report that can spotlight potential security problems.

* Open Control Panel.
* Click System.
* In the Tasks list, click Performance (near the bottom).
* In the resulting Tasks list, click Advanced tools (near the top).
* Click the last item on the resulting list — “Generate a system health report.”

The report will list any missing drivers that might be causing error codes, tell you whether your antivirus protection is installed and declare whether UAC is turned on. You may want to run this report once a month just to make sure everything’s still good.

Source: computerworld

Vista Now Open Source

The big open source struggle that began with Linux, moved to enterprise applications and then the consumer space, is now pointed directly at the heads of doctors and hospitals.

VistA, the public record EHR and hospital management software created by the Veterans Administration, is once again an open source movement with word that DSS, its biggest commercial licenser, is switching to the Eclipse Public License.

In a press release posted by its PR firm, the company also said it is joining the Open Health Tools Foundation.

In the press release DSS President Mark Byers was frank about the company’s ambitions with the move:

1. Make VistA a standard framework in the coming battles over health IT; and

2. Get greater cooperation with the open source VistA community.

This is huge news, wrote open source health expert Fred Trotter at his blog. It changes the VistA game and gives open source a strong competitor in VistA software alongside Clearhealth and Medsphere.

While he expressed some skepticism about whether DSS “knows how” to be an open source vendor, Trotter’s piece was welcoming and he offered high praise for its code:

The fact that DSS has chosen to release its code through OHT brings a new relevance to OHT. There should be no confusion however; OHT is relevant because it is working to release DSS code, not the other way around. The code that DSS is releasing has the potential to be vastly more valuable than anything OHT has even attempted.

The move to strengthen open source and VistA is well-timed, given the new Administration’s promise to increase health IT spending. Whether it can beat a city filled with lobbyists is anyone’s guess. (full Story)