As Microsoft slouches toward its first full operating system release in five years, code-named “Vista,” Microsoft-watchers are beginning to debate the impact of the system’s security enhancements, which could be more pain than gain.
New firewall and anti-spyware features, tighter user role management, and drive encryption technology called “BitLocker” may change the landscape of the lucrative desktop security market forever. But for enterprise IT staff, the stronger security protections could cause headaches in the short run, said Andrew Jaquith, a program manager at Yankee Group Research. Still, a CIO at one organization that tested the new operating system says that Vista security is right on track.
Jaquith based his assessment on a Yankee Group test of a December 2005 CTP (Community Technical Preview) release of Windows Vista. He recorded his findings in a May 8 report called “Microsoft’s Vista Won’t Stop the Windows Security Aftermarket.” The report found that Microsoft “did a lot of things right” with Vista security that would make it difficult for malicious software to propagate using the operating system, Jaquith told InfoWorld.
The Yankee Group, however, took a dimmer view of Microsoft’s implementation of limited-access user accounts, which scale back the actions ordinary users can take on the operating system. Jaquith said Microsoft’s enforcement of the limited permissions in the version that Yankee tested was “invasive,” and would irritate ordinary users with frequent warning messages around simple tasks such as deleting desktop shortcuts.
“You can’t fault Microsoft for wanting to give users choice, but those choices are presented too often,” Jaquith said.
Instead of making users security-conscious, the constant pop-up warnings about actions that could “harm your computer” will have the opposite effect: They will desensitize Windows users to real threats, Jaquith said.
The Yankee Group’s report was not greeted very warmly in Redmond, where Microsoft engineers have had to winnow features from Vista for almost two years to meet a 2006 release date.
Yankee was testing old code, not the latest “Beta 2” release of Windows Vista, which cut out some notifications after testers complained, said Austin Wilson of Microsoft’s Windows Client Group.
The final version of Windows will “polish” the user experience even more, eliminating security warnings for trivial actions, Wilson said.
IT staff for Fulton County, Georgia, a Windows Vista test site, also downplayed the user role changes in Vista. Least privileged user accounts aren’t a significant change from the way the county already manages user access, according to Robert Taylor, Fulton County’s CIO and director of IT.
“Our current policy limits access to the desktop for only domain users, (ensuring) that users do not have the capability to install unauthorized or any software without domain administrator privilege,” Taylor wrote in an e-mail message.
Coupled with Microsoft’s Group Policy features, Vista with User Account Control will actually give Fulton County users more control of their desktop than they have with XP, allowing them to install local printers and Internet plug-ins in limited-access user profiles, Taylor wrote.