Vista Improves Microsoft's Security Image

Carl Weinschenk

This eWeek story, which focuses on a survey performed by Amplitude Research for VanDyke Software, suggests that Microsoft is convincing folks that the Vista operating system is secure. In doing so, the company is going a long way toward shedding its image as a security laggard.


According to the survey, the dominant reason people give for choosing Vista is to upgrade their security. Of these security-conscious folks, 52.3 percent point to Vista's improved firewall and anti-spyware functionality as the main attractions.


It makes sense that firewalls and anti-spyware provisions appeal the most, since these protect against what are perceived to be the main threats to enterprises. What is a bit more interesting is that about 14 percent tabbed User Account Control (UAC) as the reason they moved to Vista. UAC is a function that asks for permission to run code that it judges could be a security risk.


UAC is considered by many to be overly intrusive. That has a rock-and-a-hard place element to it, however, since disabling it makes the environment less secure.


Much of the coverage of the survey and UAC points to the key difference between a security function and a boundary. A function is something that tends to improve security without being an impervious barrier, such as a firewall. As such, UAC can be beaten or circumvented by social engineering attacks. Regardless of this drawback, UAC scored well in the survey.


It seems that, a few months into the Vista era, much of the edge is off the anti-Microsoft bluster in the security community. We don't seem to read as many shrill articles and blog posts connecting Microsoft with the fall of Western civilization.


While it still is possible for people to debate the relative security merits of Vista and other operating systems, it is becoming increasingly difficult to say that Microsoft doesn't get it.


Whether it suddenly became engaged due to a desire to do the right thing or a good old-fashioned threat to its profitability seems immaterial to us. While it's fun to have a company to kick around, even Microsoft's biggest detractors must recognize that better security from Redmond is a good thing for everybody.

Add Comment      Leave a comment on this blog post
May 30, 2007 1:12 AM SM SM  says:
Yes, security is the most critical factor which is forcing us to upgrade at vista. Another reason is to use Bit Locker for Laptops security Reply
May 31, 2007 4:26 AM Joehn Joehn  says:
Maybe we gained Security.....But what did we lose in parallel ?I did not have time to discover it all.As a user, I find Vista very attractive, and secure.But as an IT expert, I find it HEAVY on my machine...And lot of my old applications are not backward compatible!!! Reply
Jun 13, 2007 3:38 AM Len Inkster Len Inkster  says:
So Vista is secure is it? Less than 6 months into the new life of Vista and we are starting to see patches from Microsoft. This latest one (MS07-032 ) is classified as moderate by Microsoft. In it they say "This moderate security update resolves a privately reported vulnerability. This vulnerability could allow non-privileged users to access local user information data stores including administrative passwords contained within the registry and local file system." So Microsoft now think that a vulnerability that can release administrative passwords contained in either the registry OR the file system is only moderate. That's a new way to ensure people think the operating system is secure. So after all the hype, and all the expense of buying new equipment to run the software, and paying Microsoft extra money for new licenses and finding your old software doesn't run properly, you are still left with a system that can allow people to interrogate your most private information, your passwords for the administrative accounts to your machine. In case anyone is missing the point on this, these accounts give you access to do ANYTHING on Vista, including lowering all the security barriers that are in place. Moderate risk? I don't think so. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.