{"id":2387,"date":"2006-05-08T00:00:00","date_gmt":"2006-05-08T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/05\/08\/change-in-microsoft-vista-security-system-promises-windows-migration-headaches\/"},"modified":"2021-12-30T11:41:14","modified_gmt":"2021-12-30T11:41:14","slug":"change-in-microsoft-vista-security-system-promises-windows-migration-headaches","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2006\/05\/08\/change-in-microsoft-vista-security-system-promises-windows-migration-headaches\/","title":{"rendered":"Change in Microsoft Vista security system promises Windows migration headaches"},"content":{"rendered":"<p>Corporate users with third-party, Windows-based authentication systems such as VPNs could face a difficult transition to Microsoft&#8217;s Vista because of an overhaul of the core Windows logon architecture, according to independent software vendors and analysts.  The good news for users is that those same observers say Vista, which is being touted for its security features, will eventually deliver a more secure and flexible authentication architecture than exists today in Windows.  But ISVs say rewriting their code for the new architecture will produce headaches that will extend to their customers that have deployed strong authentication such as biometrics or tokens, enterprise single sign-on and a number of other systems integrated with the Windows authentication architecture.  During migrations, users will have key security infrastructures that straddle two different authentication environments, one for Vista and one for earlier versions of Windows, until migrations are complete.  They also will have to support different client-side code and separate interfaces that will present retraining issues, experts say.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In addition, users with any homegrown authentication mechanisms linked to Windows will have to rewrite their code from the ground up.<\/p>\n<p>ISVs also have to completely rewrite and certify the custom code they write to interface with Winlogon, the Windows process that manages logon and logoff.<\/p>\n<p>The new architecture, called Winlogon Re-Architecture, includes a model for building modules called Credential Provider.  The February CTP also was the first time Microsoft included in the release notes the fact that the GINA architecture had been abandoned even though the company had started talking about it at its Professional Developers Conference last September.  &#8220;There are things built into GINA that are not in the existing Winlogon module you get with the Vista beta,&#8221; says the ISV who requested anonymity.<\/p>\n<p>Historically, many corporate users have waited for Service Pack 1 of a new operating system before adopting it.<\/p>\n<p>The ISV says customers with multiple products that hook into GINA will have the most difficult support and migration issues.  Another systems integrator says users always have faced this danger with custom code added to Windows.  &#8220;To extend authentication we need to move away from GINA,&#8221; says Austin Wilson, director of product management for Windows client at Microsoft.<\/p>\n<p>http:\/\/www.networkworld.com\/news\/2006\/050806-microsoft-vista.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-2387","post","type-post","status-publish","format-standard","hentry","category-warnings"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2387","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=2387"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2387\/revisions"}],"predecessor-version":[{"id":4874,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/2387\/revisions\/4874"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=2387"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=2387"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=2387"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}