Does Vista need extra software for security?

[Guest]

Kerry,

It’s becoming too obvious that you guys have a level of knowledge that far
exceeds mine.

After I separated your paragraph into sentences, I’m getting near
comprehending your response, maybe.

Kinda think you guys are on page three while I remain on page one.

Yes, I’m going to research Vista’s Encryption for better comprehension.

At this writing, do not understand how malware has the ability for self
attaching to a file or folder with 256 cipher... apparently malware must have
the ability for self-attaching to Vista's 256 Encrypted OS.

Thank you for your very courteous and patient response.

 

[David J. Craig]

Read a couple of books about encryption. NO encryption algorithm is or can
be made 100% secure. If you have enough processing power you can decrypt it
with enough time. From what you have said it appears you have read several
articles about security that we written by marketing types - full of lies
and totally useless except for the salesperson's commissions.

EFS is a good encryption algorithm, but being paranoid I wonder how good.
When DES was first introduced the key size was reduced from 64 to 56 bits
because some "No Such Agency" thought it was too strong, or so I have heard
via rumors. Now, 56 bit DES is easy to break with dedicated hardware that
can do tens of thousands of keys per second. When a user that has access to
files encrypted by EFS is running any process can impersonate that person
and access the protected files. Bitlocker is the same that when anyone or
anything (TPM) has access to the drive, then all of the drive is open for an
attacker. It only works if someone steals your computer and you have
configured Bitlocker to require two factor security - the hardware TPM and a
key/password/etc.

The government works with the concept that secrets only need to be protected
for some finite time. Where the D-Day invasion was to occur is not a useful
secret any more. Crypto works the same in that all channels change keys
frequently and the hardware is updated to implement new algorithms on a
regular basis.

 

[Guest]

David,

At this moment, not certain what is fact and what is fiction (perhaps whom).

Remain researching Vista's 256 Encryption algorithm.

Located the below article with URL located at MS Tech Net authored by Tony
Northrup: So, perhaps Tony Northrup is merely lying, but I don't think so.
Likely, there are many folks within this Forum lacking knowledge regarding
Vista's inherent Security. Tony's below article was written during 2005.
Today, Vista has made enormus Security enhancements since the below article
was Posted at Tech Net.

http://technet.microsoft.com/en-us/windowsvista/aa905073.aspx#EUD

Anti-Malware
Feature Description
User Account Control, discussed earlier on this page, and security
improvements to Internet Explorer (including the new protected mode, which
will be discussed later) can reduce the impact of malware on Windows Vista.
In addition to these features, Windows Vista can clean many worms, viruses,
rootkits and spyware, thereby ensuring the integrity of the operating system
and the privacy of users' data. Windows Vista will also include Windows
Defender, a technology that helps protect your computer against pop-ups, slow
performance, and security threats caused by spyware and other unwanted
software. It features Real-Time Protection, a monitoring system that
recommends actions against spyware when it's detected, and a new streamlined
interface that minimizes interruptions and helps you stay productive.

 

[Guest]

Kerry,

At this moment, not certain what is fact and what is fiction (perhaps whom).

Remain researching Vista's 256 Encryption algorithm.

Determined it best for consulting the engineers and designers for Vista's
inherent Security.

Located the below (small portion) article (with URL) located at MS Tech Net
authored by Tony Northrup: So, perhaps Tony Northrup is merely lying, but I
don't think so. Likely, there are many folks within this Forum lacking
knowledge regarding Vista's inherent Security. Tony's below article was
written during 2005. Today, Vista has made enormus Security enhancements
since the below article was Posted at Tech Net.

http://technet.microsoft.com/en-us/windowsvista/aa905073.aspx#EUD

Anti-Malware
Feature Description
User Account Control, discussed earlier on this page, and security
improvements to Internet Explorer (including the new protected mode, which
will be discussed later) can reduce the impact of malware on Windows Vista.
In addition to these features, Windows Vista can clean many worms, viruses,
rootkits and spyware, thereby ensuring the integrity of the operating system
and the privacy of users' data. Windows Vista will also include Windows
Defender, a technology that helps protect your computer against pop-ups, slow
performance, and security threats caused by spyware and other unwanted
software. It features Real-Time Protection, a monitoring system that
recommends actions against spyware when it's detected, and a new streamlined
interface that minimizes interruptions and helps you stay productive.

 

[Guest]

Paul,

May I encourage you and others for reading the below article by Tony
Northrup, from TechNet?

At this moment, not certain what is fact and what is fiction (perhaps whom).

Remain researching Vista's 256 Encryption algorithm.

Determined it best for consulting the engineers and designers for Vista's
inherent Security.

Located the below article (with URL) located at MS Tech Net authored by Tony
Northrup: So, perhaps Tony Northrup is merely lying, but I don't think so.
Likely, there are many folks within this Forum lacking knowledge regarding
Vista's inherent Security. Tony's below article was written during 2005.
Today, Vista has made enormus Security enhancements since the below article
was Posted at Tech Net.

http://technet.microsoft.com/en-us/windowsvista/aa905073.aspx#EUD

Anti-Malware
Feature Description
User Account Control, discussed earlier on this page, and security
improvements to Internet Explorer (including the new protected mode, which
will be discussed later) can reduce the impact of malware on Windows Vista.
In addition to these features, Windows Vista can clean many worms, viruses,
rootkits and spyware, thereby ensuring the integrity of the operating system
and the privacy of users' data. Windows Vista will also include Windows
Defender, a technology that helps protect your computer against pop-ups, slow
performance, and security threats caused by spyware and other unwanted
software. It features Real-Time Protection, a monitoring system that
recommends actions against spyware when it's detected, and a new streamlined
interface that minimizes interruptions and helps you stay productive.

 

[Kerry Brown]

Do you see encryption mentioned anywhere in the quote?

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca

Kerry,

At this moment, not certain what is fact and what is fiction (perhaps
whom).

Remain researching Vista's 256 Encryption algorithm.

Determined it best for consulting the engineers and designers for Vista's
inherent Security.

Located the below (small portion) article (with URL) located at MS Tech
Net
authored by Tony Northrup: So, perhaps Tony Northrup is merely lying, but
I
don't think so. Likely, there are many folks within this Forum lacking
knowledge regarding Vista's inherent Security. Tony's below article was
written during 2005. Today, Vista has made enormus Security enhancements
since the below article was Posted at Tech Net.

http://technet.microsoft.com/en-us/windowsvista/aa905073.aspx#EUD

Anti-Malware
Feature Description
User Account Control, discussed earlier on this page, and security
improvements to Internet Explorer (including the new protected mode, which
will be discussed later) can reduce the impact of malware on Windows
Vista.
In addition to these features, Windows Vista can clean many worms,
viruses,
rootkits and spyware, thereby ensuring the integrity of the operating
system
and the privacy of users' data. Windows Vista will also include Windows
Defender, a technology that helps protect your computer against pop-ups,
slow
performance, and security threats caused by spyware and other unwanted
software. It features Real-Time Protection, a monitoring system that
recommends actions against spyware when it's detected, and a new
streamlined
interface that minimizes interruptions and helps you stay productive.

 

[Kerry Brown]

It's good that you question things. I'm sure with a bit of research you'll
understand how encryption works and what it is used for.

 

[Jeff]

Firewall,
The point is, simply, encryption protects the system from theft-from the
article you yourself posted:

"Theft or loss of corporate intellectual property is an increasing concern
for organizations. Windows Vista has improved support for data protection at
the document, file, directory, and machine level....The Encrypting File
System, which provides user-based file and directory encryption, has been
enhanced to allow storage of encryption keys on smart cards, providing
better protection of encryption keys. In addition, the new BitLocker Drive
Encryption enterprise feature adds machine-level data protection. On a
computer with appropriate enabling hardware, BitLocker Drive Encryption
provides full volume encryption of the system volume, including Windows
system files and the hibernation file, which helps protect data from being
compromised on a lost or stolen machine."

Once you have logged on as a valid user, the o.s. is unlocked,the files,that
the o.s. uses are unlocked,
the files that you use are unlocked,
for you,
for applications,
for services,
for the internet,
for everything that comes in contact with it.


Jeff

 

[Paul Adare]

in the microsoft.public.windows.vista.security news group, =?

David,

At this moment, not certain what is fact and what is fiction (perhaps whom).

Remain researching Vista's 256 Encryption algorithm.

Located the below article with URL located at MS Tech Net authored by Tony
Northrup: So, perhaps Tony Northrup is merely lying, but I don't think so.
Likely, there are many folks within this Forum lacking knowledge regarding
Vista's inherent Security. Tony's below article was written during 2005.
Today, Vista has made enormus Security enhancements since the below article
was Posted at Tech Net.

http://technet.microsoft.com/en-us/windowsvista/aa905073.aspx#EUD

Anti-Malware
Feature Description
User Account Control, discussed earlier on this page, and security
improvements to Internet Explorer (including the new protected mode, which
will be discussed later) can reduce the impact of malware on Windows Vista.
In addition to these features, Windows Vista can clean many worms, viruses,
rootkits and spyware, thereby ensuring the integrity of the operating system
and the privacy of users' data. Windows Vista will also include Windows
Defender, a technology that helps protect your computer against pop-ups, slow
performance, and security threats caused by spyware and other unwanted
software. It features Real-Time Protection, a monitoring system that
recommends actions against spyware when it's detected, and a new streamlined
interface that minimizes interruptions and helps you stay productive.

There is nothing in the above that refers to encryption at all.
You're still not getting this.

 

[Paul Adare]

in the microsoft.public.windows.vista.security news group, =?

Since you and I used the same syntax *â?compromising Vistaâ??s 256 cipherâ?*
quite obviously you and I are talking about *â?compromising Vistaâ??s 256
cipherâ?*

I have not once talked about compromising encryption. I've told
you repeatedly that there is no need for viruses or malware to
compromise either EFS or BDE encryption in order to infect your
computer. You're the one that keeps harping on encryption and
myself and Kerry have told you over and over again that there is
no need for the virus or malware to compromise any encryption
scheme to infect your computer.
I'll say this one more time. If the virus or malware is running
in your security context, EFS encryption is irrelevant as the
process that is running has complete access to your decryption
keys. As far as BDE goes, just the simple fact that the process
is running, regardless of the security context, means that it
has complete access. It will request that a file be opened to
write to, and as long as the process has the correct NTFS
permissions, the file system driver will decrypt the file and
open it.

For the last time, encryption, whether it be EFS or BDE DOES NOT
PROTECT YOU AGAINST MALWARE OR VIRUSES. PERIOD.

 

[Paul Adare]

in the microsoft.public.windows.vista.security news group, =?

Paul,

May I encourage you and others for reading the below article by Tony
Northrup, from TechNet?

At this moment, not certain what is fact and what is fiction (perhaps whom).

Remain researching Vista's 256 Encryption algorithm.

Determined it best for consulting the engineers and designers for Vista's
inherent Security.

Located the below article (with URL) located at MS Tech Net authored by Tony
Northrup: So, perhaps Tony Northrup is merely lying, but I don't think so.
Likely, there are many folks within this Forum lacking knowledge regarding
Vista's inherent Security. Tony's below article was written during 2005.
Today, Vista has made enormus Security enhancements since the below article
was Posted at Tech Net.

http://technet.microsoft.com/en-us/windowsvista/aa905073.aspx#EUD

Anti-Malware
Feature Description
User Account Control, discussed earlier on this page, and security
improvements to Internet Explorer (including the new protected mode, which
will be discussed later) can reduce the impact of malware on Windows Vista.
In addition to these features, Windows Vista can clean many worms, viruses,
rootkits and spyware, thereby ensuring the integrity of the operating system
and the privacy of users' data. Windows Vista will also include Windows
Defender, a technology that helps protect your computer against pop-ups, slow
performance, and security threats caused by spyware and other unwanted
software. It features Real-Time Protection, a monitoring system that
recommends actions against spyware when it's detected, and a new streamlined
interface that minimizes interruptions and helps you stay productive.

Absolutely nothing in that quote refers to encryption.

 

[Mike Hall - MS MVP Windows Shell/User]

Imagine that you are standing outside of a locked room.. extractors linked
to the locking system ensure that the room is completely free of dust,
insects etc by creating a vacuum in there, and as long as the room remains
locked, it will stay that way.. unfortunately, you or anybody else don't get
to use the room in it's totally clean state because it is locked..

So, go get the key to the room, and unlock the door.. you now have access,
but then so does everybody/everything else.. if you lock the door behind
you, the extractors will do their stuff again, and you will be without air..

 

[Kerry Brown]

This is misinformation and needs to be responded to. Google for blue pill
exploit. It's true that uac will prompt you if you try to run the exploit.
If you allow it, it will install and Vista will not self-remove it. I am
sure other exploits will be developed as well. The notion that Vista will
self-remove malware is wrong. Windows Defender a program in Vista can be
used to remove spyware that it knows about but it is by no means all
inclusive in the spyware it knows about.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca

 

[Paul Adare]

in the microsoft.public.windows.vista.security news group, =?

It's possible the below two men lied to me but I don't think so...

Well, the -dead horse- has breathed one last breath regarding malware,
virus, and Vistaâ??s 256 Encryption via BitLocker and EFS.

Today, via telephone, at length I visited with two different â??Vistaâ? Tech
Support persons regarding the above situation.

Both men assured me that it is impossible for malware, virus, and other
threats self attaching to Vistaâ??s OS and EFS; the UAC will identify such
attempts and self-remove the items from Vista.

I don't know how many more ways this can be said. Neither BDE
nor EFS will do anything to protect you from either viruses or
malware. Period.
UAC has nothing at all to do with either EFS or BDE.

 

[Paul Adare]

in the microsoft.public.windows.vista.security news group, =?

Both men assured me that it is impossible for malware, virus, and other
threats self attaching to Vistaâ??s OS and EFS; the UAC will identify such
attempts and self-remove the items from Vista.

You still don't get this. Neither EFS nor BDE will protect you
from malware or viruses and UAC has nothing to do with either
one of them. Just stop making wild claims about subject you know
nothing about.

 

[Paul Adare]

microsoft.public.windows.vista.security news group, Kerry Brown

This is misinformation and needs to be responded to. Google for blue pill
exploit. It's true that uac will prompt you if you try to run the exploit.
If you allow it, it will install and Vista will not self-remove it. I am
sure other exploits will be developed as well. The notion that Vista will
self-remove malware is wrong. Windows Defender a program in Vista can be
used to remove spyware that it knows about but it is by no means all
inclusive in the spyware it knows about.

And none of this has anything to do with encryption, BDE, or
EFS.
Firewall2, you don't have a clue what you're talking about and
you really need to learn more about these topics before you
start making wild claims that you can't back up.

 

[Guest]

Kerry,

Apologize for this additional message regarding the “dead horse†situation.
But, my conscious bothers me from **intentionally** not sharing more of
what I’ve learned in respect to BitLocker and EFS.

The UAC does provide some important functions while *one* of the more
important functions for Vista self-removing malware, virus, and other threats
occurs during the Boot process. The full explanation for BitLockers entire
process protecting the OS and EFS would require too much time and space.
Simply, BitLocker is part of the System Integrity group in Windows Security.

Been pondering your below, two previous statements; slowly it occurred to me
that you are referencing the definition of **historic encryption**, not
Vista’s state of the art 256 mechanism crypto algorithms, provided by
BitLocker. The all-encompassing difference is equal with the difference
between day and night !!!

--Below your previous statement; yet not as bad as the current Post as MVP.--
*“Many of us have answered your question already. You are missing an
understanding of what encrypting files or a file system is designed to do.†*

*“It's hard to put in simpler words than we've already done. Malware doesn't
need to compromise the encryption.â€*

Seriously, BitLocker is near nuclear or Rocket science!


May I suggest for you inquiring for information from Microsoft’s BitLocker
Team, the same folks that designed and developed BitLocker? Logic shouts,
Microsoft’s BitLocker Team is the ultimate authority, not me.

Respectfully,

 

[Guest]

Paul,

Apologize for this additional message regarding the “dead horse†situation.

My conscious bothers me from **intentionally** not sharing more of what I’ve
learned in respect to BitLocker and EFS (thought you might respond).

The UAC does provide some important functions while *one* of the more
important functions for Vista self-removing malware, virus, and other threats
occurs during the Boot process. The full explanation for BitLockers entire
process protecting the OS and EFS would require too much time and space.
Simply, BitLocker is part of the System Integrity group in Windows Security.

Been pondering your previous (now, current Post) statements; slowly it
occurred to me that you guys are referencing the definition of **historic
encryption**, not Vista’s state of the art 256 mechanism crypto algorithms,
provided by BitLocker. The all-encompassing difference is equal with the
difference between day and night !!! BitLocker that is, not Defender.

Seriously, BitLocker is near nuclear or Rocket science, maybe beyond !!

Since you are a MVP representing Microsoft, may I suggest for you inquiring
for information from Microsoft’s BitLocker Team, the same folks that designed
and developed BitLocker? Logic shouts, Microsoft’s BitLocker Team is the
ultimate authority, not me.

The bus has arrived, are you ready for an educational journey?

Respectfully,

 

[Guest]

Paul,

Just read the last part of your current Post - -

*** "Firewall2, you don't have a clue what you're talking about and you
really need to learn more about these topics before you start making wild
claims that you can't back up." ***

Paul, the *** "wild claims" *** are made by Microsoft's BitLocker Team and
Vista's Tech Support, NOT ME !!!

My Back-up Support is Microsoft; Paul, what do you offer as back up support
for your near hostile retorts.

Is it possible that you missed the educational bus?

As a MVP, your dogma and stubbornness greatly astonishes me.

Respectfully,

 

[Kerry Brown]

I'm not going to respond any more. You need to do some more research.
Bitlocker does not stop malware from installing and it doesn't remove it.
You don't grasp the basic concepts involved with encryption and are jumping
to conclusions that are wrong.

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca