Analyst: Vista's Security Will Be Pain In The Neck
5:55 PM EDT Mon. May. 08, 2006
Page 1 of 2
Although Microsoft touts Vista as its most secure operating system ever and is relying on security as a prime marketing message to corporations, the Yankee Group's Andrew Jaquith sees it as somewhat of an albatross.
"Microsoft's predicated its 400 million desktops within 24 months on three things," said Jaquith, a senior analyst with the Boston-based firm. "One is that corporate and consumers will buy a lot of PCs, two that they'll be interested enough in Vista to run it on those machines, and three, once they run it, they won't have a negative reaction.
"Numbers one and three, I think, are trouble spots."
But while Jaquith sees the first of the three as a stumbling block -- "Vista just won't run acceptably on a machine that's more than a year old, so Microsoft's saying you can't get the extra security unless you buy a new PC" -- it's the third that could be the deal breaker.
"Anytime you put in a new security system, you're asking users to make changes," he said. But the shift in Vista, which Jaquith characterized as the first major security modifications since Windows NT, will require a huge alteration in how people interact with Windows.
"In the Windows world, there are few limits on what a user can do."
That's part of the problem, says Microsoft, which has instituted a feature in Vista dubbed "User Account Control" which takes a least-privilege approach to changes made to the OS. Many current Windows users run the operating system in administrator mode, which although convenient, leaves the system open to attack by hackers and spyware creators, who can easily install their malicious software. User Account Control (UAC) figures to lock this down, and will require a user password for many common chores, including software installation.
Trouble is, said Jaquith, Microsoft's gone off the deep end with its implementation of UAC.
"It's a real Chatty Cathy. The alerts are non-stop. Even simple tasks such as opening Control Panel applets require administration credentials or consent."
