- Related Stories
-
Gates on Vista, Linux and more
November 17, 2006 -
Study: No Vista for majority of European businesses
November 14, 2006 -
IE 7 comes a-knocking--eventually
November 13, 2006 -
How quickly will businesses adopt Vista?
November 13, 2006 -
Vista views: Final version's cool features
November 10, 2006 -
Microsoft: Vista is ready to roll
November 8, 2006
Among more than a dozen security features within Vista are improvements such as the malicious software removal tool, smart card and log-on authentication changes, user access controls, USB device controls, Windows defender and Windows firewall.
But none of these, even in combination, should be seen as a panacea, security professionals say, and the need for a layered approach to security remains as critical as ever.
Stuart Okin, security partner at Accenture and former U.K. head of security at Microsoft, told Silicon.com: "As I see it, there are 15 security features in Vista and none of them are this great panacea where if you install them the world will be OK.
"Security is about layers and you need to take a layered approach to security."
While Okin's admonition is not new--or unexpected--it is worth repeating, especially to protect consumers from an overreliance on Vista's security features.
The net effect for consumers, however, will undoubtedly be improvement, Okin said. "From a consumer point of view, I think the biggest improvements are going to be around user access controls and Internet Explorer.
"The downside is they are going to be prompted a lot more. But if people and the wider industry get a sense that this is a more secure environment, then I think that will have the biggest impact from a positive point of view."
Video: Security Bites Podcast: Worm watch for Windows 2000
Will Thanksgiving be celebrated with a Windows worm? Join CNET News.com's Joris Evers and CNET.com's Robert Vamosi in the studio to find out.
It's those prompts that raise some questions among security experts about a perennial trade-off between security and usability. To what degree would Microsoft ever risk making an operating system less user-friendly to make it more secure?
Peter Wood, a penetration tester--or "ethical hacker"--from First Base Technologies, suggests the Redmond, Wash., giant has made promising strides in answering this question.
"If Microsoft wants to make a more secure (operating system) then they need to weight the balance between usability and security more in favor of security," Wood said. "I believe they have done that by making more things turned on as default than turned off."
And the early impressions of Vista is that consumers will indeed be safer if they're willing to leave features disabled and work with increased prompts and pop-up warnings.
"For the end user, Vista is definitely a net benefit," said Jay Heiser, research vice president at Gartner. "Although Vista apparently exceeds expectations for robustness, which is a welcome surprise for everyone, my personal feeling is that Vista represents a much higher relative improvement for end users and small business than it does for the enterprise.
"Vista should be a much more robust environment for safe use by inexperienced, unsupported people on the Internet."
But while Vista was always expected to sell well to consumers, there's no doubt Microsoft hopes that its greater emphasis on security will also help boost enterprise sales.
Gartner's Heiser isn't convinced that will be the case. "Many enterprises are experiencing a very acceptable level of security failure today, without Vista," he said of the fact businesses have been raised on an expectation to need to secure past Microsoft operating systems and are seeing a growing trend toward risk-based security.
Identity and access management
However, Accenture's Okin said being able to simplify those very expensive security architectures--while maintaining strong layers of protection--will appeal to many enterprises. And he adds there are a number of features in Vista that businesses likely will add to their regular inventory of security tools.
"From a business perspective, I think the one feature which will have the biggest social change will be the new architecture around log-ons and smart-card authentication," Okin said. "For the first time ever it will be really very simple for applications to call upon smart-card or biometric authentication."
Currently half of Accenture's security business is done around identity and access management--a fact that makes Okin confident his former bosses have hit something of a sweet spot with the user-identity and authentication features.
"Over the next few years, you're going to be seeing the first apps which will find it very easy to say, 'OK, you need your biometric authentication now or your smart card,' whether it's online banking or e-commerce or anything else, he said.
"Up until now it has been expensive and difficult to do, and as long as it is expensive and difficult people will find a reason why they don't want to do it."
And it's not just Vista's identity and access management features that Okin thinks will have chief technology officers thumbing their checkbooks.
The operating system includes USB-device controls that help stop data leakage via devices such as digital cameras, iPods and memory keys, and also help prevent the introduction of unlicensed applications, copyrighted media and potentially infected files.
- More from News.com on this story's topics
Security
Windows Vista
Microsoft
See more CNET content tagged:
security feature,
Microsoft Windows Vista,
security,
Gartner Inc.,
improvement





admit that Vista will be more secure than XP. Why? After all
these years, Microsoft has finally adopted some of the security
features that have been part of Unix for years. For most is a
more meaningful separation between user and administrator
privileges. Why has Microsoft adopted these features? Because
these security features work!
That said, Vista will still be plagued by security problems for
years to come. Why? Rightly or wrongly, Microsoft has
emphasized backwards compatibility. Microsoft will only be able
to produce and OS that approaches Unix's security, if they make
a clean break as Apple did in their transition between OS 9 and
10.
The OS's out there that are reasonably secure(Linux, OSX, Unix) do so without getting in the users way. Linux does it and only bugs the user when the root password is needed.
So why did MS go the opposite direction?
Simple, they know they can't secure the bloated pig they have so now they can avoid working on real security solutions and just blame the end-users.
Reason #232432243 why no one should buy this POS, and move to an alternative. Before you whine about not running your favorite program in a non-windows environment, you should know that many programs run perfectly(especially games), and there are great alternatives to the software that is keeping you stuck to an incompetent software company.
been in wide use for a year or so. Microsoft uses the "most
secure version of Windows" marketing every time so that means
nothing.
So Vista may indeed be the most secure version of Windows ever
developed - and still carry on the tradition of being the least
secure operating system in wide use.
Time will tell.
If you want something secure go with anything but Windows.
security, why is that I wonder ?
Steve Wiseman
http://www.windows-admin-tools.com
- So very true......
-
by gwats1957
November 20, 2006 9:40 PM PST
- Microsoft is not willing to do the housecleaning they need to do to
-
Reply to this comment
-
-
1 | 2 | Next 10 Comments >>make vista as stable as OSX. They have to admit defeat and build a
rock solid OS from the ground UP.