Anti-malware features key to Vista's value

Vista’s security upgrades and strong administrative tools are vital stepping stones in Microsoft's evolution

All jokes about Microsoft’s security initiatives aside, the vast improvement in Vista, from the kernel up, comes on the heels of years of steady progress (and a string of technology acquisitions). No surprise, then, that Jim Allchin, co-president of Microsoft’s platforms and services division, listed Vista’s security features as one of the main reasons customers should upgrade.

“Microsoft, by and large, did a lot of things right. Vista will make a dramatic difference in the ability of malware to infect and get through, and they’ve taken measures to profoundly limit the damages of those that do,” says Andy Jacquith, an analyst at Yankee Group.

The most significant security change concerns user account privileges. Vista will introduce UAC (User Account Control).This makes limited-access user accounts more functional than in prior editions of Windows, which often required administrative access for even simple, risk-free tasks. UAC will make it much more difficult for viruses and worms to take control of Windows systems by limiting the areas of the operating system they can access. However, there’s a potential downside. Reviewers of early beta releases blasted Microsoft for incessant prompts to enter administrator permissions or “OK” their way past security warnings on even simple changes, such as deleting a desktop icon.

Enterprises and consumers alike can benefit from Vista’s default firewall, which blocks both inbound and outbound traffic. But its impact may be small, as most enterprises already use a firewall with similar capabilities. More tangible benefits will emerge from an anti-spyware capability embedded in Vista, known as Windows Defender. That product, based on technology Microsoft purchased with Giant Company Software, has already been well-received in beta releases on the XP platform.

Enterprises will receive anti-spyware updates via Windows Server Update Services and Windows Update in the same stream as operating system updates. That will surely mean big trouble for stand-alone anti-spyware companies such as Webroot Software, which pioneered consumer and enterprise anti-spyware.

As desktop anti-spyware, anti-virus, and firewall capabilities spread across Microsoft’s huge install base, they will increase in power when combined with the company’s other security products, such as the Antigen e-mail security product or ISA (Internet Security and Acceleration) security gateway. Although details have not yet been announced, Microsoft is working on integrating data feeds from SpyNet -- the network of Windows Defender computers that reports new threats -- as well as Microsoft’s Client Protection program, OneCare consumer anti-virus service, and other sources. These will be combined with other key pieces of infrastructure, such as Exchange, Active Directory, and Group Policy, according to Joe Licari, director of product management at Antigen.

The company’s recent purchase of SSL VPN vendor Whale Communications will only strengthen Microsoft’s hand as a provider of secure remote access services, says Neil McDonald, an analyst at Gartner.

But in other areas there are disappointments. BitLocker Drive Encryption is a welcome addition in an era when stolen laptops are making national headlines. But BitLocker, which can work with the Trusted Computing Group’s Trusted Platform Module silicon, is just one piece of Microsoft’s envisioned “Palladium” platform, which promised a secure computing base running parallel to Windows and features such as strong process isolation, secure channels to and from Windows users, and application attestation.

Nonetheless, Vista will be a major step in Microsoft’s evolution as a vendor of secure software, and as a software security vendor with a hand in anti-malware, identity and access management, messaging security, network access control, as well as group policy and management software.

Copyright © 2006 IDG Communications, Inc.