Josh's Windows Weblog » Windows 7 – What Is The Price Of Silence?

Windows 7 – What Is The Price Of Silence?

windows-7-logo

We are starting to learn a lot more about Windows 7 and what we can look forward to, but until people play with the build they got from PDC and WinHEC for a while we won't really know how well the folks working on Windows 7 have really done.  Microsoft kindly gave me access to the M3 build as a Feature Community last week and I will be playing with the build extensively.

My major concern about Windows 7 has always been the lock down of information that was implemented. Not only has information been prevented from being shared, but as a result we are  unable to provide direction and feedback on the many new features we have learned about this week and last.  Any feedback we give now on the M3 I fear is much too late to make any meaningful changes since we were just told at the WinHEC keynote that a beta will be here early next year.  Has Microsoft designed Windows 7 features in a vacuum and will that hurt Windows 7 as a result?

Lets take look at one example, Bitlocker To Go, Bitlocker To Go is a new feature that enables users on Windows 7 to encrypt  USB storage devices and assign them a passphrase. A very useful feature for securing data. In my quick playing with this feature it works great, but currently has a big glaring design hole.  In the current builds it appears is susceptible to brute force type attacks.  When you try to mount the device you get the prompt to put in a passphrase and you can continue to put in bad passphrases with no apparent ramifications for as long as you want. 

Now, If you were to do this same thing on a Kensington Data Traveler Secure you would get several attempts and the device would wipe. A bit extreme for some, but a very useful security feature when you are talking about transporting sensitive data.  Why does Bitlocker not have a “Lock out” feature?…my guess is that Microsoft simply didn’t think of it or the design of Bitlocker To Go means that this isn’t possible.  This to me is just one example of designing a feature in a vacuum where it may not end up meeting most peoples needs.

I do think Windows 7 will be a success, but given they now have a very stable base in Windows Vista and an established driver model it would be really hard not to be a success.  The real test of Windows 7 should be how well these new feature are designed and if we find more glaring holes like this one will be able to convince those in power that the cone of silence must be lifted much earlier on the next major release.

 

What do you think?

Posted Nov 06 2008, 08:50 AM by Josh Phillips
Filed under:

Follow Me on Twitter

Did you enjoy this article? If yes, then subscribe to our RSS 2.0 feed or

Comments

Long Zheng wrote re: Windows 7 – What Is The Price Of Silence?
on 11-06-2008 8:04 AM

Microsoft has definitely been on a roll lately with Windows 7 M3, which is a pretty solid pre-beta release, but there's no denying anything can be improved with feedback.

Rex Dee wrote re: Windows 7 – What Is The Price Of Silence?
on 11-06-2008 8:56 AM

It may be that there is some elements of Windows 7 that might be improved with feedback. And I would say that the Windows 7 team would probably be really excited to get as much as they could.

Frankly though, from what I have seen, they have done a pretty good job in the usability realm. Of course, I think this is the expertise as they came from Office and look at the improvements to Office 2007. So to me that really is expected.

The unexpected improvesments to the undercarriage is what really impresses me, while maintaining compatibility with all current applications.

I can tell you that I for one will be in line the night this stuff roles out to pick up a copy and put it on at least two of my main machines at home. Then again, I may also just opt to puchase new machines as mine are now about 2 years old.

Bill Bacoyiannis wrote re: Windows 7 – What Is The Price Of Silence?
on 11-06-2008 3:19 PM

I think your suggestion is a good one, but it should be a GPO that allows us to controll those options.

Why mot post the information the Engineering 7 Blog site, they look at the feedback everyday.

Josh Phillips wrote re: Windows 7 – What Is The Price Of Silence?
on 11-06-2008 4:02 PM

Hi Bill,

Thanks for stopping by. Glad you like the sugguestion but the larger point is feedback like this simply can't make it into Windows 7.  If they are really talking about shipping a beta in the next few months then they are in feature lock down and this would be a significant enough change that they would not be able to get it.  

This post is simply meant to highlight the ramifications of designing in a vacuum and assuming you are meeting a need without actually getting some feedback from the community and leaving enough time to change things before shipping.

Joop wrote re: Windows 7 – What Is The Price Of Silence?
on 11-06-2008 4:47 PM

I think it's *very* unlikely that Microsoft "forgot" about brute-force attacks.

Josh Phillips wrote re: Windows 7 – What Is The Price Of Silence?
on 11-06-2008 4:59 PM

You think the current design was intended?

Fowl wrote re: Windows 7 – What Is The Price Of Silence?
on 11-07-2008 2:08 AM

Well since it's not in hardware they can't really do anything about offline attacks.

Bruteforce attacks aren't relevant unless you have a weak algorithm or passphrase.

Josh Phillips wrote re: Windows 7 – What Is The Price Of Silence?
on 11-07-2008 5:22 AM

Fowl,

I diagree...

Bruteforce is very much relevant since most consumer will use a weak password so it is easy to remember. Enterprises will enforce complexity, but most will keep the length short enough that usability isn't hampered....which means someone with enough time and resources could certainly eventually crack a passphrase. So it is very much relevant.

Your comment that they really can't do anything just serves to highlight poor design....I am sure they CAN do something it is just a matter of are they willing to make the required changes to make it more secure before shipping.

Josh

Windows 7 ?? Windows Server 2008 R2 ???????? ???????? ?? ???????? | ???????? ?? Windows 7 wrote Windows 7 ?? Windows Server 2008 R2 ???????? ???????? ?? ???????? | ???????? ?? Windows 7
on 12-09-2008 10:42 AM

Pingback from  Windows 7 ?? Windows Server 2008 R2 ???????? ???????? ?? ???????? | ???????? ?? Windows 7

Vista Home | Windows Vista Themes | Windows Vista Wallpapers | Vista News | » Blog Archive » Win Server 2008 R2 and Windows 7 move ahead in lockstep wrote Vista Home | Windows Vista Themes | Windows Vista Wallpapers | Vista News | » Blog Archive » Win Server 2008 R2 and Windows 7 move ahead in lockstep
on 03-20-2009 7:39 PM

Pingback from  Vista Home | Windows Vista Themes | Windows Vista Wallpapers | Vista News |  » Blog Archive   » Win Server 2008 R2 and Windows 7 move ahead in lockstep

Windows is a registered trademark of Microsoft Corporation.
Powered by Community Server (Non-Commercial Edition), by Telligent Systems Themed By nb development