Vista security system promises Windows migration headaches

Discussion in 'NZ Computing' started by Have A Nice Cup of Tea, May 9, 2006.

  1. http://www.networkworld.com/news/2006/050806-microsoft-vista.html

    "" ISVs say rewriting their code for the new architecture will produce
    headaches that will extend to their customers that have deployed strong
    authentication such as biometrics or tokens, enterprise single sign-on and
    a number of other systems integrated with the Windows authentication
    architecture. ...... Not only the vendors, but the customers that have
    [authentication systems] already deployed are going to go through a lot of
    pain ""


    Have A Nice Cup of Tea

    --
    1/ Migration to Linux only costs money once. Higher Windows TCO is forever.
    2/ "Shared source" is a poison pill. Open Source is freedom.
    3/ Only the Windows boxes get the worms.
    Have A Nice Cup of Tea, May 9, 2006
    #1
    1. Advertising

  2. Have A Nice Cup of Tea wrote:
    > http://www.networkworld.com/news/2006/050806-microsoft-vista.html


    Do you have a question or a comment to make about this?

    > "" ISVs say rewriting their code for the new architecture will produce
    > headaches that will extend to their customers that have deployed strong
    > authentication such as biometrics or tokens, enterprise single sign-on and
    > a number of other systems integrated with the Windows authentication
    > architecture. ...... Not only the vendors, but the customers that have
    > [authentication systems] already deployed are going to go through a lot of
    > pain ""


    The article is perhaps a little dramatic IMHO, let me inject some
    reality from the coalface:

    Frankly the vendors have known about this change for for a very LONG
    time, Microsoft has been directly working with these developers, as it
    has been known the GINA is being deprecated in Windows Vista

    Things like VPN are usually connected at a very low level with the OS.
    This would not be a surprise to any vpn vendor. In this case, it is
    because we changed away from the gina system & have rewritten the logon
    sections of the os to handle plug-ablity of these sorts of things -
    funnily enough, one of the VPN vendors mentioned in that article
    complained bitterly about the gina when we were doing Windows XP

    The VPN vendors engineers have been working this issue since December
    and are in regular contact with the Microsoft networking feature team
    engineers.

    They are on schedule to release a compatible client in 2Q of CY06.

    Regards
    Nathan
    Nathan Mercer, May 9, 2006
    #2
    1. Advertising

  3. Have A Nice Cup of Tea

    Don Hills Guest

    In article <>,
    "Nathan Mercer" <> wrote:
    |
    |The article is perhaps a little dramatic IMHO, let me inject some
    |reality from the coalface:

    (Nathan's reality snipped)

    None of your "reality from the coalface" made any mention of the pain (cost)
    of having to do this rework, which was the point of the original article.
    They are doing the work as a result of your change of the design, but I
    doubt that you are paying for any of that work. The cost is therefore going
    to come out of their profits, and they'll have a hard job justifying price
    increases because it doesn't add significant value for customers. I'm not at
    all surprised that they're unhappy.

    --
    Don Hills (dmhills at attglobaldotnet) Wellington, New Zealand
    "New interface closely resembles Presentation Manager,
    preparing you for the wonders of OS/2!"
    -- Advertisement on the box for Microsoft Windows 2.11 for 286
    Don Hills, May 9, 2006
    #3
  4. Don Hills wrote:
    > In article <>,
    > "Nathan Mercer" <> wrote:
    > |
    > |The article is perhaps a little dramatic IMHO, let me inject some
    > |reality from the coalface:
    >
    > (Nathan's reality snipped)
    >
    > None of your "reality from the coalface" made any mention of the pain (cost)
    > of having to do this rework, which was the point of the original article.
    > They are doing the work as a result of your change of the design, but I
    > doubt that you are paying for any of that work. The cost is therefore going
    > to come out of their profits, and they'll have a hard job justifying price
    > increases because it doesn't add significant value for customers. I'm not at
    > all surprised that they're unhappy.


    Agreed, and the article doesn't really mention any of the benefits of
    the redesigned security model either, both from the customers or the
    vendors point of view. Some of the GINA extensions that I have seen
    done to NT implementations are kludgy at best, unstable and sometimes
    insecure. The new model will go a long way to fixing all those
    problems. Short term pain for some of these vendors, long term much
    cheaper servicing costs to update their products going forward, and
    hopefully happier customers.

    Great to see an opinion rather than just a URL with no POV

    Cheers
    Nathan
    Nathan Mercer, May 9, 2006
    #4
  5. Have A Nice Cup of Tea

    thingy Guest

    Nathan Mercer wrote:
    > Don Hills wrote:
    >
    >>In article <>,
    >>"Nathan Mercer" <> wrote:
    >>|
    >>|The article is perhaps a little dramatic IMHO, let me inject some
    >>|reality from the coalface:
    >>
    >>(Nathan's reality snipped)
    >>
    >>None of your "reality from the coalface" made any mention of the pain (cost)
    >>of having to do this rework, which was the point of the original article.
    >>They are doing the work as a result of your change of the design, but I
    >>doubt that you are paying for any of that work. The cost is therefore going
    >>to come out of their profits, and they'll have a hard job justifying price
    >>increases because it doesn't add significant value for customers. I'm not at
    >>all surprised that they're unhappy.

    >
    >
    > Agreed, and the article doesn't really mention any of the benefits of
    > the redesigned security model either, both from the customers or the
    > vendors point of view. Some of the GINA extensions that I have seen
    > done to NT implementations are kludgy at best, unstable and sometimes
    > insecure. The new model will go a long way to fixing all those
    > problems. Short term pain for some of these vendors, long term much
    > cheaper servicing costs to update their products going forward, and
    > hopefully happier customers.
    >
    > Great to see an opinion rather than just a URL with no POV
    >
    > Cheers
    > Nathan
    >


    "Some of the GINA extensions that I have seen done to NT implementations
    are kludgy at best, unstable and sometimes insecure."

    Some? so have they all been replaced? what nice new kludges will we get
    in Vista I wonder.......what kludges have been carried over......

    Of course XP was supposed to be sooooo stable......security well think
    that has been covered enough....

    The overall view is always more interesting......

    With Open source model such kludges would not have got in......

    If they had we'd be able to see them and make a judgement call on
    whether it was usable or not.....

    regards

    Thing
    thingy, May 9, 2006
    #5
  6. Have A Nice Cup of Tea

    Who Am I Guest

    In article <>,
    thingy <> wrote:


    >
    > With Open source model such kludges would not have got in......
    >
    > If they had we'd be able to see them and make a judgement call on
    > whether it was usable or not.....



    LOL, what a laugh.

    http://linux.slashdot.org/article.pl?sid=06/05/06/079209&tid=156
    "ZDNet UK reports that Andrew Morton, the head maintainer of the Linux
    production kernel, is concerned about the amount of bugs in the 2.6
    kernel. He is considering the possibility of dedicating an entire
    release cycle to fixing long standing bugs." From the article: "One
    problem is that few developers are motivated to work on bugs, according
    to Morton. This is particularly a problem for bugs that affect old
    computers or peripherals, as kernel developers working for corporations
    don't tend to care about out-of-date hardware, he said. Nowadays, many
    kernel developers are employed by IT companies, such as hardware
    manufacturers, which can cause problems as they can mainly be motivated
    by self-interest."


    Why don't you change everything you say to "I hate Microsoft...linux is
    good"

    And NO, I do NOT run windows or any Microsoft Apps, and I dislike their
    business model, and I do think Windows has serious issues, but I am
    pleased to see that they are doing something about security so that in
    the end I will have less spam, fewer viruses, and more secure networks
    (and I STILL wont be running their products!)
    Who Am I, May 9, 2006
    #6
  7. thingy wrote:
    > >>In article <>,
    > >>"Nathan Mercer" <> wrote:
    > >>|
    > >>|The article is perhaps a little dramatic IMHO, let me inject some
    > >>|reality from the coalface:
    > >>
    > >>(Nathan's reality snipped)
    > >>
    > >>None of your "reality from the coalface" made any mention of the pain (cost)
    > >>of having to do this rework, which was the point of the original article.
    > >>They are doing the work as a result of your change of the design, but I
    > >>doubt that you are paying for any of that work. The cost is therefore going
    > >>to come out of their profits, and they'll have a hard job justifying price
    > >>increases because it doesn't add significant value for customers. I'm not at
    > >>all surprised that they're unhappy.

    > >
    > > Agreed, and the article doesn't really mention any of the benefits of
    > > the redesigned security model either, both from the customers or the
    > > vendors point of view. Some of the GINA extensions that I have seen
    > > done to NT implementations are kludgy at best, unstable and sometimes
    > > insecure. The new model will go a long way to fixing all those
    > > problems. Short term pain for some of these vendors, long term much
    > > cheaper servicing costs to update their products going forward, and
    > > hopefully happier customers.
    > >
    > > Great to see an opinion rather than just a URL with no POV
    > >

    >
    > "Some of the GINA extensions that I have seen done to NT implementations
    > are kludgy at best, unstable and sometimes insecure."
    >
    > Some? so have they all been replaced? what nice new kludges will we get


    I think you are jumping to incorrect conclusions

    Windows NT/2000/XP etc ships with 1 GINA by default, the MSGINA. This
    is stable, secure, reliable yadda yadda

    > in Vista I wonder.......what kludges have been carried over......


    No

    > Of course XP was supposed to be sooooo stable......security well think
    > that has been covered enough....


    See above, MSGINA is secure and stable

    > The overall view is always more interesting......
    >
    > With Open source model such kludges would not have got in......


    Well actually they would, GINAs are extensible. Anyone can write their
    own GINA, I'm not sure how an Open Source model would stop said kludge
    getting in.

    > If they had we'd be able to see them and make a judgement call on
    > whether it was usable or not.....


    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnlong/html/AppComp.asp

    (The Windows Vista Developer Story: Application Compatibility,
    Migration, and Interoperability)
    Microsoft Graphical Identification and Authentication (GINA)
    Feature Impact
    High (frequency: low)

    Brief Description
    Prior to Windows Vista, to log on to a third-party server or with a
    third-party device, ISVs had to replace the Graphical Identification
    and Authentication (GINA) dynamic-link library in Windows XP. Such
    applications also had to replace the existing UI and implement smart
    card and remote desktop features on Windows XP.

    Note If an application did not function this way in Windows XP, then
    this information does not apply.

    Windows Vista introduces a new authentication model where LogonUI and
    WinLogon communicate directly with each other. This model provides
    simplicity, scalability, and flexibility that did not exist with GINA.
    Unlike the GINA module, ISVs no longer need to replace the UI for the
    logon screen, thus relieving the ISV of the burden of re-authoring the
    user interface for the user. An ISV can author a credential provider,
    which is a module that plugs into the LogonUI, to describe the UI and
    to gather the credential and pass it on to WinLogon. Credential
    providers are completely transparent to WinLogon.

    Credential providers are also additive, meaning that users can install
    multiple credential providers and pick the one they want to use.
    Credential providers can be user selected and/or event driven. Multiple
    credential providers can coexist on Windows Vista and are not only for
    third parties. In fact, Windows will ship two credential providers in
    the box: a user name and password credential provider and a smart card
    credential provider.

    Additionally, credential providers can be reused within CredUI. That
    is, the same object that describes and collects credential information
    on LogonUI can be used to gather the very same credentials in CredUI
    scenarios.

    The GINA functionality from Windows XP and Windows Server 2003 has been
    deprecated and removed from Windows Vista. The GINA modules of
    applications will not function and will have to be re-authored using
    the new authentication model for Windows Vista.

    Manifestation
    User will not be able to successfully install custom logon
    applications.
    User will not be able to log on using custom logon applications (using
    the Windows XP technology) in Windows Vista. These may include:
    Biometric devices.
    Custom UI for logon.
    Virtual private network (VPN) solutions for remote users with custom
    logon UI.
    Remedies
    Leverage Windows Vista capability solution:

    The applications or components that use the GINA technology will need
    to be re-authored to use the new logon authentication model for Windows
    Vista.
    Nathan Mercer, May 9, 2006
    #7
  8. One of the things that Vista security will do is to to make YOU the
    untrusted person on YOUR computer

    Patrick
    Patrick FitzGerald, May 9, 2006
    #8
  9. Have A Nice Cup of Tea

    Shane Guest

    Patrick FitzGerald wrote:

    >
    >
    >
    > One of the things that Vista security will do is to to make YOU the
    > untrusted person on YOUR computer
    >
    > Patrick



    Thats not necessarily a bad thing :)

    I do however find the DRM implementation a bit on the nose (from what little
    Ive heard about it)
    It borders on privacy invasion


    --
    Rule 6: There is no rule 6
    Shane, May 9, 2006
    #9
  10. Shane wrote:
    > Patrick FitzGerald wrote:
    > > One of the things that Vista security will do is to to make YOU the
    > > untrusted person on YOUR computer
    > >
    > > Patrick

    >
    >
    > Thats not necessarily a bad thing :)
    >
    > I do however find the DRM implementation a bit on the nose (from what little
    > Ive heard about it)
    > It borders on privacy invasion


    What DRM is that then?

    Are you talking about High Def content?

    Cheers
    Nathan
    Nathan Mercer, May 9, 2006
    #10
  11. On Wed, 10 May 2006 09:24:03 +1200, Shane <-a-geek.net>
    wrote:


    >
    >It borders on privacy invasion




    Privacy invasion will be rampant as soon as governments realize
    find out that they too can use the very nasty features M$oft will
    impose on you to via the so called Trusted Computing thingie , aka
    Palladium, to snoop on you and control your use of YOUR computer.



    Patrick
    Patrick FitzGerald, May 9, 2006
    #11
  12. Have A Nice Cup of Tea

    shannon Guest

    Patrick FitzGerald wrote:
    > On Wed, 10 May 2006 09:24:03 +1200, Shane <-a-geek.net>
    > wrote:
    >
    >
    >> It borders on privacy invasion

    >
    >
    >
    > Privacy invasion will be rampant as soon as governments realize
    > find out that they too can use the very nasty features M$oft will
    > impose on you to via the so called Trusted Computing thingie , aka
    > Palladium, to snoop on you and control your use of YOUR computer.
    >
    >
    >
    > Patrick
    >


    They abandoned the name long ago.
    They have no plans to put it in Vista
    shannon, May 10, 2006
    #12
  13. On Wed, 10 May 2006 11:19:37 +1200, shannon <> wrote:


    >
    >They abandoned the name long ago.
    >They have no plans to put it in Vista



    Not so don't you keep up with the News?


    Under the name Trusted Computing Alliance M$oft and hardware
    co-conspirators are going to unleash an updated version of Palladium
    to make YOU the person who is not trusted to use YOUR computer as you
    wish.




    Patrick
    Patrick FitzGerald, May 10, 2006
    #13
  14. Have A Nice Cup of Tea

    shannon Guest

    Patrick FitzGerald wrote:
    > On Wed, 10 May 2006 11:19:37 +1200, shannon <> wrote:
    >
    >
    >> They abandoned the name long ago.
    >> They have no plans to put it in Vista

    >
    >
    > Not so don't you keep up with the News?
    >
    >
    > Under the name Trusted Computing Alliance M$oft and hardware
    > co-conspirators are going to unleash an updated version of Palladium
    > to make YOU the person who is not trusted to use YOUR computer as you
    > wish.
    >
    >
    >
    >
    > Patrick


    You are way behind, look it up
    shannon, May 10, 2006
    #14
  15. On Wed, 10 May 2006 12:34:45 +1200, shannon <> wrote:


    >
    >You are way behind, look it up




    Not so Shannon you are way behind as a cursory glance at many recent
    computer magazines will reveal. For example

    ***********************************************************
    Digital Rights management gone mad.

    Juha Saarinhen

    NZ PC World , April 2006, page 13
    *******************************************************


    M$oft may have dropped the name palladium , but the plot to make you
    the untrusted person in your own computer.

    Patrick
    Patrick FitzGerald, May 10, 2006
    #15
  16. On Wed, 10 May 2006 12:34:45 +1200, shannon <> wrote:


    >
    >You are way behind, look it up




    Not so Shannon you are way behind as a cursory glance at many recent
    computer magazines will reveal. For example

    ***********************************************************
    Digital Rights management gone mad.

    Juha Saarinhen

    NZ PC World , April 2006, page 13
    *******************************************************


    M$oft may have dropped the name palladium , but NOT the plot to
    make you the untrusted person in your own computer.

    Patrick
    Patrick FitzGerald, May 10, 2006
    #16
  17. Have A Nice Cup of Tea

    Guest

    , May 10, 2006
    #17
  18. Have A Nice Cup of Tea

    thingy Guest

    Who Am I wrote:
    > In article <>,
    > thingy <> wrote:
    >
    >
    >
    >>With Open source model such kludges would not have got in......
    >>
    >>If they had we'd be able to see them and make a judgement call on
    >>whether it was usable or not.....

    >
    >
    >
    > LOL, what a laugh.
    >
    > http://linux.slashdot.org/article.pl?sid=06/05/06/079209&tid=156
    > "ZDNet UK reports that Andrew Morton, the head maintainer of the Linux
    > production kernel, is concerned about the amount of bugs in the 2.6
    > kernel. He is considering the possibility of dedicating an entire
    > release cycle to fixing long standing bugs." From the article: "One
    > problem is that few developers are motivated to work on bugs, according
    > to Morton. This is particularly a problem for bugs that affect old
    > computers or peripherals, as kernel developers working for corporations
    > don't tend to care about out-of-date hardware, he said. Nowadays, many
    > kernel developers are employed by IT companies, such as hardware
    > manufacturers, which can cause problems as they can mainly be motivated
    > by self-interest."
    >
    >
    > Why don't you change everything you say to "I hate Microsoft...linux is
    > good"


    No, what I want to see is MS being honest, I think too much gets hidden
    behind marketing and the PR department. This does not just rest on MS
    though, many vendors seem to be good at the slight of hand ie this bit
    is great (though really meaningless, say the "value add" crud), while
    hiding the not so good but very important parts behind the front.

    > And NO, I do NOT run windows or any Microsoft Apps, and I dislike their
    > business model, and I do think Windows has serious issues, but I am
    > pleased to see that they are doing something about security so that in
    > the end I will have less spam, fewer viruses, and more secure networks
    > (and I STILL wont be running their products!)


    There is a difference between a software kludge and a bug on hardware.

    My comment was more aimed at, with OSS you get to see the "kludges" and
    bugs up front, with XP now it is being replaced we get to hear how its
    kludges etc are being replaced in this "better" model, does this not
    sound familiar?.

    The improvement on the VPN stuff and security is good. Nathan admitting
    the old one was a kludge and un-stable and possibly insecure has been
    repeated from win2k to XP. Lets not forget how good/secure MS promised
    XP was going to be.....about the only "decent" improvements I can see of
    XP over win2k in security terms was the lock down on the install
    keys/method/system etc etc, ie the biggest benifactor of XP was MS....if
    MS paid as much attention to user needs as its own, then the OS might
    really improve between releases.

    NB my attitude to MS is like my attitude to Telecom and indeed any
    business that takes or tries to take away my choices and/or an unfair
    amount of my money, ie I have more of a moral & trust issue with MS than
    a technical one....

    regards

    Thing
    thingy, May 10, 2006
    #18
  19. Have A Nice Cup of Tea

    thingy Guest

    wrote:
    > Have A Nice Cup of Tea wrote:
    >
    >>http://www.networkworld.com/news/2006/050806-microsoft-vista.html

    >
    > <snip>
    >
    > Geez what are you? A one man crusade against Microsoft? Did Bill Gates
    > sleep with your wife or something? Or did someone abuse you with a copy
    > of Microsoft DOS when you were a child? Therapy might help, you know.
    >
    > Kris
    >



    Maybe if we lock him in a room with a PC and a copy of XP for six months
    and tell him he has to order all his food on line.........

    ;]

    regards

    Thing
    thingy, May 10, 2006
    #19
  20. Have A Nice Cup of Tea

    Guest

    thingy wrote:
    > Maybe if we lock him in a room with a PC and a copy of XP for six months
    > and tell him he has to order all his food on line.........


    I'm sure he would rather starve to death! I think he needs to be
    physically forced to use XP somehow to overcome his fear/issues. Maybe
    we lock him in a room, rig a Linux box with a bunch of explosives on a
    timer, and give him an XP box contain the programs needed to stop the
    timer! No way he would let his beloved Linux box explode....

    (yes I just watched Saw II recently....)
    , May 10, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. db

    Codec Headaches

    db, Sep 27, 2003, in forum: Computer Support
    Replies:
    6
    Views:
    1,510
    Greg M
    Oct 1, 2003
  2. Cats Meow

    Can't Locate the Outbox and other OE headaches

    Cats Meow, Sep 5, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    516
    WormWood
    Sep 6, 2004
  3. Replies:
    10
    Views:
    637
  4. Woger
    Replies:
    0
    Views:
    334
    Woger
    Sep 2, 2009
  5. Woger
    Replies:
    5
    Views:
    431
    Sailor Sam
    Sep 4, 2009
Loading...

Share This Page