Jump to content

Win 7 Security

Peewee

By Peewee
in Windows 7

 Share

Recommended Posts

Peewee

Peewee

Posted
Posted

As computing moved out of the hands of hobbyists, and computers became commonplace household items, control, via the Operating System, has been increasingly removed from the user. In DOS and DRDOS we had the single, and benign, (Are you sure? Y/N). That was it as far as interference and control went. Useful for capturing accidental keypresses - unless one accidentally then pressed Y, of course..., and completely powerless following its appearance - I seem to recall that sometimes pressing the Esc key would send it away, without either a Y or an N to its name. Poor thing.

Now we're up to 7 (I have never seen 8) and we've got UAC, Permissions, Ownership, Administrator status, and probably more I have yet to encounter. Initially these things sent me into a fury of, "How dare they!" frothing, and much, much worse. But I do understand that they help protect those things that need protecting. However, they do often seem like overkill, and they are far, far too complicated and involved to get around following procedures that Windows allows, and some of the boxes offered for completion speak in meaningless tongues, words of mystery and confusion, and display empty spaces that seek similar words of some kind, but what those words could be, I mostly haven't a clue. When attempting to take ownership, for example, what does, "Enter the object name to select" want from me? (Rhetorical question. I no longer care. Further, if it needs further explanation, then it was badly worded in the first place.) They have here helpfully laid alongside it a link, "examples", which presumably contains examples of what the box wants. Sorry, absolutely none the wiser. Meaningless. Gazed at it all for a while, then a bit longer, thought about making a cup of tea, then clicked on a few Cancels, shuddered, and then wandered off to perform said task. Tea is always an option.

Sometimes, though, there's clearly been a lack of thought.

I tried to use chkdsk in a CMD window, and got this wonderfully OTT snotty, finger-wagging message. Sit back, you're gonna love this.

"Access Denied as you do not have sufficient privileges. You have to invoke this utility running in elevated mode."

Elevated mode? Is this like God mode? How do I get that? This I want. Is this one of those things I have yet to encounter? Sounds like a QuakeII\Half Life cheat, not that I ever used such things.

It is so very snotty that my initial annoyance quickly turned to sniggering amusement, and I wondered what total plantpot at Microsoft came up with such a pompous and condescending message. Wouldn't you hate him for a dad, or a mum. Worse, what if he's a manager - pity his inferiors - for that is truly what they will be made to feel. Or, maybe it's a joke ridiculing other equally lengthy reprimands that Windows is capable of turning up. That'd be nice.

I believe a few of you who visit this forum live in Americania, you know, that little country squashed between Canadia and Mexicania. Anyone know him? Can you ask when you next see him?

Anyway, the lack of thinking bit. Back in Windows. Right-click on a drive, Properties\Tools\Error-checking\Check now, and off pops chkdsk, happy as you like. So, there was no need to either deny me use, nor to insult me. Also, isn't limiting use of what is a non-destructive, useful system tool somewhat excessively overzealous? (I'm being kind) Format, both destructive and dangerous, I can use anytime, anywhere, but chkdsk limits me from a command line. Soz, but this does deserve a Homer - Doh!

Then, if I want to do other things like deleting directories or files, or opening files, which 7 won't let me do, I just boot into XP next time and do it from there - from where I can also use command line chksdsk with switches willy nilly. Then there is the ease with which one can invoke the hidden Administrator account. From where I can do everything. Matter of seconds. So, given that getting around a great deal of the security is not hard by not unknown back doors, Win 7 really should have put the lot in a bunch in Control Panel with tick boxes, and let us just wade in - pick and mix security (perhaps best not to refer to it as PMS).

I do find the attempt at control a little galling though. Never mind the curious morality that requires me to shell out a not insignificant sum of money for the product, which then happily denies me access to much of something I actually own in law, but for we who are sole-users, it's all totally pointless (excluding single-user schizophrenics, that is - boy, those alternate personalities can really mess with my security). Then there is the condescending implied insult of the whole thing; that we obvious thickos would blow everything up if left to our own devices. In Explorer\Tools\Folder Options\View, despite selecting everything that gives me maximum information and control, I always leave "Hide protected operating system files" checked. Stops accidents, always a good idea. I don't need to see them or do anything to them. Not stupid, see? I can see the value of things. Not going to blow things up. Nope, not gonna happen. No explosions here.

I can see how all this security would be extremely valuable in a corporate environment, but should such heaviness not be an opt-in thing rather than a blanket assignment? I mean that we all buy the basic doodah, and those that need this higher level of protection add it as an optional extra? Given the ease of back-door bypassing, this must be the only way to go. Add ons. Basic pick and mix for all of us, but if you want this extra security, you get it as a module. I don't, and so I just install the doodah and boogie on down, and mess everything up if I want to. Choice.

I'm still struggling with some security things, but it only comes up when it comes up, which, in truth isn't terribly often, but it is then important, and by then I've forgotten what I did last time and where I found the right advice, and have to search all over again. Tedious. Must make notes.

I haven't turned UAC off, incidentally, I've just set it the next level up from the bottom, and so I just get a box that is really just the 7 equivalent of the good old, (Are you sure? Y\N). I'm still happy with that. I like that. Makes me feel loved. But... I have invoked the hidden Administrator for when I feel oppressed.

Link to comment
Share on other sites

Schiiwa

Schiiwa

Posted
Posted

Maybe it is not the intension of the creator of this thread, but in my opinion, it would be fitting in here, which services does open ports and accordingly have influence to the security? Or isn't it nessessary in windows 7 to disable services to be on the secure side? I know that there might be problems when disabling services... Sometimes the problems occur much later, for example when installing a new programm; thats why i didn't mess around yet! :whistle: XP disabled a lot of its services with SP2/SP3...

Cheers, Schiiwa

Link to comment
Share on other sites
CoffeeFiend

CoffeeFiend

Posted
Posted

isn't it nessessary in windows 7 to disable services to be on the secure side?

Microsoft did some serious service hardening with Vista and Win7 (XP and before were really lacking there comparatively). They've done a lot of changes like making services run with lesser privileges, using ACLs on services to limit what they can access (by assining SIDs to services), session 0 isolation, much-improved DEP and now ASLR too which are preventing buffer overflows in services, etc. And then on top of that add the better firewall and everything else...

TL;DR: There's no need to disable or tweak services to be secure now.

Link to comment
Share on other sites
  • 2 weeks later...
CoffeeFiend

CoffeeFiend

Posted
Posted

Thanks for wrecking a humorous thread. Not coming back. Mark it as closed. No wonder they call you nerds. Have you no sense of humour or frivolity?

You seemed to me rather serious (borderline angry), and not to be joking in any way, nor was it posted in the humour section, so...

Link to comment
Share on other sites
vinifera

vinifera

Posted
Posted (edited)

I'm annoyed how in both XP and Win 7 (and probably vista is no better)

you or if you make an app, can enter/login as System so easy

security sucks in windows...

heck just look how easy you can terminate PC, just kill crss system (its hilarious how you actually are allowed to do it)

Edited by vinifera
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...