November 14, 2006
Is Vista ready for UF?
Update: This has been completely rewritten after getting feedback from a much larger group of readers than I expected. The points
raised in the comments following this post and in Erik’s reply to the original may therefore not seem make much sense.
Earlier this week I went to Peer 2 Peer to hear Erik Schmidt of the UFAD team talk about “Windows Vista at UF”. I left with the feeling that the costs of upgrading to Vista do not make up for what benefits it provides. I’ll outline some of the more interesting things that I heard.
- “Sleep” mode - Vista will use a low-power sleep mode as the default “power-off” function. Apparently this is a hybrid between suspend-to-ram and suspend-to-disk - if the computer is unplugged while sleeping, it loses what it stored in ram but is able to boot from the image written to disk without data loss. That’s pretty neat.
What caught me off guard was that the computer can be patched while “asleep”. I’m still not completely clear on how it pulls this off. Erik said that it isn’t able to be woken up remotely, so does it wake up periodically by itself to check for new patches? UF and other large enterprise users use local patch/update distribution servers, so are these machines specially privileged to be able to push patches out? I’m also wondering how this applies to home users who don’t run local patch servers.
But those details are really tangential to the primary concern I have. A member of the audience asked if a sleeping machine can be hacked - the answer is yes. However this isn’t actually a step backwards because computers running Windows XP on campus are apparently powered on 24/7 to get patches anyway. So in both cases the machine can be hacked, but with Vista, you can save substantial amounts of energy. While enterprise users break even, home users who never used to leave their computer powered on constantly are now potentially more exposed. Erik has pointed out that he’s primarily concerned with Vista on campus, but I’m still wondering how this will play out for both campus and home users as employees bring their new personal Vista laptops to work.
- 7 clicks vs. 2 - Vista has been much maligned for their new User Access Control system that is supposed to help make Vista the most secure Windows ever. If it takes the users just two clicks to install a piece of malware, then of course it’ll happen! But if it takes the users seven clicks, they will carefully read and evaluate each pop-up.. right?
Bruce Schneier of Applied Cryptography fame calls it “Cover Your Ass” security and Paul Thurrott from the Windows Super Site says it’s “a sad, sad joke” and “the most annoying feature that Microsoft has ever added to any software product”.
This was obviously designed for less knowledgeable users. However, I have the feeling that those users will simply get used to clicking through 7 pop-ups instead of 2. And for experienced users, this feature will mostly be an annoyance that gets turned off quickly.
I’m glad Microsoft is working on improving the security of Windows, but I don’t think they fully understand the “human” side of security. Asking users to click “OK” to verify that they’re fine with viruses being installed isn’t useful security.
- Licensing - UF has a site license with Microsoft for Vista as it did with XP, so there is one license key that all computers can use. Along with “answer files” that contain configuration options, this simplifies the deployment of Vista because users don’t have to manually configure anything or enter in a license key by hand. However, unlike XP, Vista computers licensed with the campus-wide key will need to be reauthenticated every 6 months. UF is running its own Key Management Server that will handle the authentication.
Computers that roam about or which aren’t intended for on-campus will need to be licensed with a Manual Activation Key that doesn’t require reauthentication every six months. Computers that are prohibited from having a network connection (because they process secure data) presumably can also be installed with a MAK.
The point is not that Vista phones home to Microsoft every six months (the desktops talk to the local KMS; I would assume only the KMS needs to talk to Microsoft). The point isn’t that it’s impossible to run Vista without an Internet connection (you just need to use a MAK to install). The point is that every copy of Vista doesn’t trust its user to be honest. This is a business decision by Microsoft and, one can argue, a necessity for all proprietary software. But specifically in Vista, more infrastructure and complications will be involved in an already complex authentication system.
I was unimpressed with the presentation of Vista. The benefits listed in the presentation included better security (which I find questionable), enhanced productivity (I don’t know enough to evaluate this claim), and sexiness - it’s so shiny!
Now, I like shininess as much as anyone (I’ve been playing with Sun’s 3D desktop environment and Compiz/Beryl for the past few days). However, I personally don’t believe these claimed benefits outweigh the costs which include licensing complications, increased hardware requirements, possible application breakage, end-user training, and, of course, the site license that UF has paid for. I don’t presume to be wise enough to make policy decisions for UF (managing IT for myself and my family is taxing enough), I just have some concerns about the upcoming Vista roll out.
Oh, and the EULA. And the DRM. And the non-freedom.
Is Vista ready for the UF? Hell no.
The sleep feature is a combination of Suspend to RAM and Hibernate. The data is written to disk too. If power is lost to a suspended PC all data is lost, not so with hibernate. The new sleep feature combines the two. Nothing more than that to my knowledge. Wake On LAN and Intel vPro http://www.intel.com/vpro/ technology enable the rest if desired. The security information is available from Intel.
There will also be support for instant on capabilities rolled out in the Intel Viv technology. OS state will potentially be in Flash memory.
UNLESS SOMETHING CHANGED
With Key Management Server activation the OS verifies against a local key server, not MS. It must do so every 180 days. The workstation never needs Internet access.
The MAK option connection to Microsoft.
I’m not educated on Microsoft’s agreements with UF so I will not comment.
“With Key Management Server activation the OS verifies against a local key server, not MS. It must do so every 180 days. The workstation never needs Internet access.”
That *would* still require the workstation with “no exposure to the internet ever” data security requirements to have a network connection so that it can talk to the local km server, with the additional headache of making sure that firewalling or router access-list entries are set up to allow it to see the key management server but not the internet. That would, of course, mean that it was only as secure as the LEAST secure system on its local subnet, and hence potentially exposed to indirect compromise via an attack vector on the local subnet.
Vista certainly has some issues associated with it, but many of these comments (and Gavin’s) are not tempered with good judgment and show bias. There’s plenty to complain about in Vista without attacking phantoms due to lack of understanding. As to John’s complaints:
“Sleep Mode” - Being patched does not equal calling home to Microsoft. Most patching systems used in larger deployments do *not* involve Microsoft directly, but involve an intermediary mechanism. Many use WSUS (windows system update services) or Shavlik which can completely control what patches are released and approved for install. Clients never talk directly to MS, only the patching server. Being able to have the machines “sleep” but still receive patches from a central server is a win-win. As to being hacked while asleep, at this point most UF machines are probably always on right now, so *any* sleep mode is a plus. I agree that it’s more of a concern for home users.
“7 clicks vs 2″ - I actually agree with John here, any security measure that’s repeated too often will quickly become ignored. Others have made similar comments about UAC.
“Activation” - The 6 month VLK activation requirement isn’t *required* it’s an option as the KLM servers used make large deployments much easier (no product key required, activation is automatic). As far as I’ve seen there are no plans to limit MAK’s if you want to use them exclusively, and UF’s profile on MS’ licensing site shows no limit even though there is a place for one (it says N/A). Computers that can’t connect to the KLM servers once every 6 months can simply be installed with a MAK.
“TAP Program” - the TAP program can’t test everything, so perhaps upgrade installs weren’t able to be tested. However that isn’t a good reason to attack them about it. Historically upgrade installs of Windows have been a poor idea, they just didn’t work that well. Independent reports (for example, see Scott Finnie’s website) show that Vista upgrades are actually better then in the past, and are image based.
I’d agree with the comments that Vista doesn’t really seem to be “all that” for the average user. Most of the benefits (other then the new “shiny” interface) seem to be in the areas of security (which usually doesn’t translate to “neat” or “fun” very well) and enterprise manageability (see previous comment), both of which are big gains for the UF IT administrative community more than individual users. There are some more subtle improvements for users, but none of them seem to be earth-shattering.
And yes, Gavin, MS’s EULA’s (though it was modified for Florida to meet HIPAA requirements) are pretty bad, and current DRM is basically pure evil (WMP 11’s is particularly bad). But all in all Vista is an improvement over Windows XP, and should be phased in over XP for the benefits in security and manageability. Note that I’m saying Vista is better then XP, not better than any other available “free” OS
.
Everybody has their own two cents. Bottom line, if you don’t like it don’t use it. You are not being forced to.
Wow, Poor Erik. I felt for him being a little unprepared for specific questions that his slides brought up, but mostly I felt bad for him because his session should have been titled “Let me field the same question 500 times from people only interested in getting this operating system that they hate for home use”
Example:
Erik: “Vista installed at the university will require reactivation every 6 months from a UF run server to verify that our Vista license has not been exploited by hackers, other organizations, etc. Our licensing agreement allows our staff / faculty to have a free copy of Vista for home use that will require a one time activation, and then it will be licensed forever”
Someone in the audience that just woke up: “So what happens six months after I install Vista at home”.
Over and over ad nausum. Kid in linux t-shirt asking about how the license key is encrypted. paranoid guy with beard suspecting that Microsoft with melt down vista in 10 years when it reaches it’s end of life cycle.
Trolling on the CCC list by posting this paranoia doesn’t surprise me based on the “children” that were at the Peer2Peer presentation. Way to hijack the presentation with all those repetative questions.
“Did they fix Windows Defender” HAHAHAHA. no not really.
I’m at once pleased and uncomfortable about this silly little post getting so much attention; pleased because communication is, in general, a good thing and uncomfortable because I think the majority of people who stumbled onto this page are lacking a lot of context.
I wasn’t expecting this sloppily-written post to get much attention. It was intended to simply give members of Florida Free Culture something to talk about, so I didn’t expend much effort into being objective and unbiased and there are admittedly a myriad of errors.
Now that the cat’s out, I’ll try to reply to everyone’s concerns about my carelessness.
Sleep: Thanks to Keith and Racer for explaining some of the details of the sleep feature. Upon learning more about enterprise IT environments, I understand the desire for and usefulness of the patching. It wouldn’t have occured to me that an IT environment of *thousands* of computers would have those computers run 24/7, but apparently that’s quite common. Chalk this up to me being a naive student unschooled in large-scale IT.
KMS: Thanks go again to Keith and Racer for pointing out a HUGE detail I missed: the KMS. The factual inaccuracies in the original post are being eliminated one by one.
TAP: I didn’t mean to attack the TAP program - merely to wonder about their priorities. Again, this trifle of a post wasn’t really meant to be presented to the entire UF IT community. I’m sincerely sorry if anyone took offense here.
Racer, hi. I’m Nile! I occasionally wear a Linux shirt and try to show up to IT events (I was at the Faculty Tech showcase and ITSA day) because I find this stuff interesting. I’m also a crypto geek and Erik’s comment about the license key being encrypted piqued my interest. I didn’t ask that question in order to confront, embarass, or attack him - I asked it because I’m a curious person.
Oh, I thought the guy with the beard was just making a joke (I think Erik laughed, too), not being a paranoiac.
Once again, sincere apologies to anyone who showed up wanting to read a real, objective review of Windows Vista and instead found this amateurish post meant for Florida Free Culture students.
Nile,
I don’t think anyone came here expecting to find a professional review or anything but your personal views. *But* I think some IT staff get a bit perturbed because some Open Source boosters will attack Microsoft products for flaws that are perceived only through their own misconceptions. There are *plenty* of problems to discuss without having misconceptions being spread around as “fact”. If much of what you posted were posed as questions or requests for clarification, I think the reception would have been much warmer. But I think that much of the time, this type of discussion takes place within a limited community, i.e. there wouldn’t have been IT folks knowledgeable enough to respond to your observations, and many of the assertions would have been accepted as fact, rather than misconceptions.
I’ll jump in where John left off…
This is a reply to Erik C Schmidt’s reply on CCC…but I think this discussion should be continued “off-list”…so…
Sleep Mode: (or “Its a feature…just trust us…”)
Wake on LAN has been available for some time, but I think this is the first time its been mass deployed to _home_ users for updates. Lovely that all those Windows machines directly connected to the Internet (and there are *many*) can be awoken and have software applied to them without “interference” from the PC owner. Does anyone really think this “feature” won’t be attacked by hackers? Vista _may_ be more secure, but I think that remains to be determined. We’re what, 4 or 5 years out from when Microsoft finally decided that yes, security is important, and we’ve really seen no improvement. So do you trust Microsoft enough to leave this obvious attack vector wide open?
For my work machine, ok, that’s a policy decision I don’t get to make, so whatever, but seems to me someone should be asking these questions.
For local admins, why should they trust a campus central server anymore that Microsoft? Are YOU going to test their local apps before applying updates? To just assume that everything will always work is probably not a good idea.
7 Clicks vs. 2: (”welcome to the 20th century”)
Um…while I agree that running with least privilege is preferred (welcome to 1980), dialog boxes are not a “valuable security feature”. This is gonna be especially annoying for users who have to run older applications.
Operating System Will Self-Destruct In 6 Months: (”pc phone home”)
Ok fine. Only one nit. As John pointed out already, a network is a network. And to presume that an Intranet is any more secure than the Internet is folly.
Vista TAP:
/me applauds the TAP team. It’s important work, definitely. And the enthusiasm for vista is refreshing to hear from a Windows admin. I’ve not seen that a whole lot in other places.
Let’s at least agree to make the community aware that upgrading from XP (90% of UF desktops???? my guess) hasn’t been thoroughly tested before we start touting Vistas availability blindly. I’m sure 99% of people won’t have a problem, but if you’re in that 1%, it’ll suck.
Regarding IE7, I’d like to point out Dr. Hoit’s email from October:
http://lists.ufl.edu/cgi-bin/wa?A2=ind0610&L=ccc&T=0&F=&S=&P=6413
AFAIK, this still applies.
dan
People. Please take the time to research your facts and understand what it is you are writing about. When you post online people will read what you say and they will often believe it without having any idea of who you even are. The internet has a strange way of bestowing credibility to many who simply do not have all of the facts. If you have questions, ask them. There are no dumb questions. Just don’t take what you *think* you know and proclaim it as fact.
Sleep Mode:
When a Vista client is asleep it does not accept incoming connections. It ‘wakes up’, establishes an *outbound* connection and installs patches based on the schedule that is set on the Vista client itself by the PC owner. This does not open any additional attack vectors.
Trust a Campus Server:
Patch management servers are run by individual departments around campus, NOT centrally, and were only a sidebar to the main discussion here. The only central server that has been a part of the Vista discussion is the KMS. The KMS has only one job; to activate Vista clients and issue the campus license key to them. This has nothing to do with local apps or updates.
7 Clicks vs. 2:
Once again, UAC can be disabled for those that have a need to disable it. However, for the majority of ‘average’ users (think answering phones and almost exclusively using Outlook, Word and the web) around campus, UAC is of value.
Operating System Will Self-Destruct:
Once again, systems that cannot or will not connect to a network should be activated with a MAK. When a MAK is used, the system will *not* need to ‘phone home’ to re-activate every 6 months.
Vista TAP:
Thank you for the kudos, but let’s be clear that what has not been well tested is the actual ‘upgrade’ process from XP to Vista, since it was only available as of this week. However, it is known as best practice in the Windows community to do a reinstall when an OS upgrade is being performed. So it should be safe to say that the majority on campus will not actually be performing an ‘upgrade’.
IE7:
The UF help desk has a page up about IE7 compatibility. At this time the majority (maybe all) of major campus sites have been tested.
http://helpdesk.ufl.edu/ie7.php