One year later: Did Vista's focus on security pay off?

Microsoft's emphasis on improvements to security features in Windows Vista may have undermined business adoption of the OS as many business and enterprise customers are still holding off on upgrading to the OS nearly a year after its release to them.

Microsoft spent a good deal of time and money to ensure Vista's security after Windows XP and applications running on it proved susceptible to devastating worms like Blaster, Slammer, and MyDoom. Though Microsoft released Windows XP Service Pack 2 to remedy some vulnerabilities, the company decided that security would be a top priority for the next major Windows release, said George Stathakopoulos, general manager of Microsoft’s Response and Product Centers.

"The security part of Vista was talked about a lot because it was a primary concern all over the world," he said.

But in retrospect, those close to the company and even Microsoft have acknowledged recently that security has not proved to be important enough to encourage businesses to upgrade to Vista.

Robert Hansen, CEO of IT security consultancy SecTheory in Austin, Texas, who has spoken at Microsoft's Blue Hat hacker conference and done contract work for the company, said Microsoft is aware that its laser focus on Vista security may have been a misstep, and that it is trying to remedy that.

He said that Microsoft staffers are pleased in general with Vista's security improvements, but they acknowledge that "the consumer reaction was ho-hum."

"Over the next year, although security is definitely top of mind, some people feel as if the security as a priority is going to shift downwards as opposed to feature enhancements," Hansen said.

Hansen also said that Microsoft traded general OS usability to add some of Vista's security features, such as UAC (User Account Control), and is "feeling pressure from Apple" to provide a more intuitive and user-friendly OS.

UAC gives system administrators more control over what features business users can access. It has become a chief complaint with users because it interrupts a PC user's work with a pop-up window whenever they're about to do something the feature considers an administrative function. UAC can be bypassed by working in administrator mode instead of standard user mode, but this defeats the purpose of the added security the feature was supposed to bring to the OS.

Microsoft has said that it plans to improve UAC in a future update to Windows to address usability and make it more intuitive for users while maintaining OS security.

In an interview last week as part of an update on Vista adoption, Mike Nash, vice president of product management for Windows Client for Microsoft, acknowledged that security "is not a reason in the short term" to buy a new OS. He promoted other features of Vista, such as updates to how it manages and stores multimedia, to encourage end-users to upgrade.

Indeed, Microsoft certainly seems to have misjudged just how important security was with customers prior to Vista's business launch. But to be fair, the company faced complexities in promoting and marketing Vista to customers because with every new version of Windows, the company "is competing with itself," said Tim McAtee, research director for MarketingSherpa, a research firm that provides market intelligence for marketing professionals.