Skip to main content

Change in Microsoft Vista security system promises Windows migration headaches

Corporate users with third-party, Windows-based authentication systems such as VPNs could face a difficult transition to Microsoft's Vista because of an overhaul of the core Windows logon architecture, according to independent software vendors and analysts.

The good news for users is that those same observers say Vista, which is being touted for its security features, will eventually deliver a more secure and flexible authentication architecture than exists today in Windows.

But ISVs say rewriting their code for the new architecture will produce headaches that will extend to their customers that have deployed strong authentication such as biometrics or tokens, enterprise single sign-on and a number of other systems integrated with the Windows authentication architecture.

"Not only the vendors, but the customers that have [authentication systems] already deployed are going to go through a lot of pain," says one ISV who asked not to be named. "We knew there were going to be changes, but we didn't know there would be wholesale changes."

Users will have to go through testing periods after vendors deliver new interfaces for their products. During migrations, users will have key security infrastructures that straddle two different authentication environments, one for Vista and one for earlier versions of Windows, until migrations are complete. They also will have to support different client-side code and separate interfaces that will present retraining issues, experts say.

In addition, users with any homegrown authentication mechanisms linked to Windows will have to rewrite their code from the ground up.

ISVs also have to completely rewrite and certify the custom code they write to interface with Winlogon, the Windows process that manages logon and logoff. That task will be painful in part because ISVs say Vista's new authentication architecture is incomplete in the beta released in February. The new architecture, called Winlogon Re-Architecture, includes a model for building modules called Credential Provider. The February CTP also was the first time Microsoft included in the release notes the fact that the GINA architecture had been abandoned even though the company had started talking about it at its Professional Developers Conference last September.

The previous model, called Graphical Identification and Authentication (GINA), is used by ISVs such as Check Point, Cisco, Citrix, Nortel, Novell, RSA Security and Symantec to link their authentication technology into the Windows authentication architecture.

"There are things built into GINA that are not in the existing Winlogon module you get with the Vista beta," says the ISV who requested anonymity. "Other pieces must be coming in later betas. If not, this makes the strategy of waiting for the first Vista service pack even more valid." Historically, many corporate users have waited for Service Pack 1 of a new operating system before adopting it. Continued

Comments

Anonymous said…
Your are Excellent. And so is your site! Keep up the good work. Bookmarked.
»
May 23, 2006 2:34 AM
Anonymous said…
Greets to the webmaster of this wonderful site! Keep up the good work. Thanks.
»
May 23, 2006 2:38 AM
Anonymous said…
Nice idea with this site its better than most of the rubbish I come across.
»
May 23, 2006 2:58 AM
Anonymous said…
What a great site, how do you build such a cool site, its excellent.
»
May 23, 2006 5:27 AM
Anonymous said…
What a great site, how do you build such a cool site, its excellent.
»
May 23, 2006 5:54 AM
Anonymous said…
Really amazing! Useful information. All the best.
»
May 23, 2006 5:54 AM
Anonymous said…
Super color scheme, I like it! Keep up the good work. Thanks for sharing this wonderful site with us.
»
May 23, 2006 9:30 PM
Post a Comment

Popular posts from this blog

US says world safer, despite 11,000 attacks in '05

The U.S. war on terrorism has made the world safer, the State Department's counterterrorism chief said on Friday, despite more than 11,000 terrorist attacks worldwide last year that killed 14,600 people. The U.S. State Department said the numbers, listed in its annual Country Reports on Terrorism released on Friday, were based on a broader definition of terrorism and could not be compared to the 3,129 international attacks listed the previous year. But the new 2005 figures, which showed attacks in Iraq jumped and accounted for about a third of the world's total, may fuel criticism of the Bush administration's assertion that it is winning the fight against terrorism. Asked if the world was safer than the previous year, U.S. State Department Counterterrorism Coordinator Henry Crumpton told a news conference, "I think so. But I think that (if) you look at the ups and downs of this battle, it's going to take us a long time to win this. You can't measure this month ...
Post a Comment
Read more

Al-Qaeda number two in new video

Al-Qaeda's number two Ayman al-Zawahiri has appeared in a video saying that Iraqi insurgents have "broken the back" of the US military. He praised "martyrdom operations" carried out by al-Qaeda in Iraq in the video, posted on an Islamist website. And he called on the people and army of Pakistan to fight against President Musharraf's administration. This is the third message from prominent al-Qaeda leaders to emerge within a week. A tape from Osama Bin Laden was broadcast on 23 April, followed two days later by a message from Iraqi insurgent Abu Musab al-Zarqawi. Pakistan focus Zawahiri, who wore a black turban and a white robe in the video, described the leaders of Egypt, Jordan, Saudi Arabia and Iraq as traitors, and urged Muslims to "confront them". He praised Iraqi militants, saying that the US, Britain and allies had "achieved nothing but losses, disasters and misfortunes" in Iraq. "Al-Qaeda in Iraq alone has carried out 800 ma...
Post a Comment
Read more

Does light have mass?

The short answer is "no", but it is a qualified "no" because there are odd ways of interpreting the question which could justify the answer "yes". Light is composed of photons so we could ask if the photon has mass. The answer is then definitely "no": The photon is a massless particle. According to theory it has energy and momentum but no mass and this is confirmed by experiment to within strict limits. Even before it was known that light is composed of photons it was known that light carries momentum and will exert a pressure on a surface. This is not evidence that it has mass since momentum can exist without mass. [ For details see the Physics FAQ article What is the mass of the photon? ]. Sometimes people like to say that the photon does have mass because a photon has energy E = hf where h is Planck's constant and f is the frequency of the photon. Energy, they say, is equivalent to mass according to Einstein's famous formula E = m...
6 comments
Read more