Vista security
The Register has an excellent summary article about the various security enhancements to Microsoft’s new Windows Vista operating system (including IE7). It’s essential reading for anyone considering upgrading. The basic message is that it’s a lot better but isn’t nearly as good as MS wants people to think, and could easily have been a lot better. For example:
User Account Control (UAC) is another good idea, because it finally, finally, finally allows the machine’s owner to work from a standard user account [i.e. one without permission to install software etc.], and still perform administrative tasks by supplying admin credentials as needed on a per-action basis. You know, the way Linux has been doing it forever.
This is one way of helping protect a multi-user system from being loaded with malware by users, and for ensuring that any malware on the system runs with reduced privileges. When you are in a user account, and you wish to perform an administrative task, you will be prompted for the required credentials…
UAC is all well and good in theory, but here’s the problem: it’s never going to work.
And the reason why it’s never going to work is because MS still encourages the person who installs Vista (the owner presumably) to run their machine with admin privileges by default. I was delighted, when I set up Vista for the first time, to be presented with an opportunity to set up a “user” account. But moments later, when I saw that I was not invited also to create an admin account, I knew that the “user” account I had just set up was indeed an admin account. And so it was.
Until MS gets it through their thick skulls that a multi-user OS needs a separate admin account and a user account for the owner, and that the owner should be encouraged to work from a regular user account as much as possible, UAC will never work as intended…
So, what have we got here? An adequately secure version of Windows, finally? I think not. We have got, instead, a slightly more secure version than XP SP2. There are good features, and there are good ideas, but they’ve been implemented badly. The old problems never go away… But MS has, in a sense, shifted the responsibility onto users…
Data hygiene is still an absolute disaster on Windows. In fact, it’s worse than it ever was in some ways, and that’s very bad indeed. Browser traces still in the registry, heavy and complicated indexing to improve search, new locations where data is being stored. It all adds up to a privacy nightmare. Keeping a Vista box “clean” is going to be impossible for all but the most knowledgeable and fastidious users.
So don’t rush out to buy Vista in hopes of getting much in return security-wise. I do like some of the changes, at least in theory, or as a decent platform on which to build an adequately secure version of Windows one day. But that day, if it ever comes, will be well in the future.
pax et bonum
Follow comments using Co.mments.com
Add to your del.icio.us bookmarks
