Hey Doug, I don’t want to pick on you but this…

There are a few things about Vista that most “power user” types change, and so have I. I have the UAC stuff disabled, since I’m installing and configuring so much software right now that it just feels in the way.

Doug Mahugh is a technical evangelist for Office 2007, and this is from his blog. He’s probably one among many Microsoft folk disabling UAC – though I hope otherwise – but it’s a big mistake.

What’s the biggest problem with Windows right now? Security, right. And what’s the centrepiece of Vista’s security solution? UAC, right. So it strikes me that anyone evangelising Microsoft software should be evangelising UAC as well.

There’s more. Consider Outlook, for a long time a decent Exchange client, but a poor standalone email client and PIM (Personal Information Manager). One of the reasons is that everyone at Microsoft uses Exchange. So they didn’t suffer the problems of standalone Outlook, so they didn’t beat up the product team about it, so the problems went unfixed.

More than anyone, Microsoft folk need to use UAC and ensure that it works right.

Bottom line: don’t disable UAC.

Tags:
vista
microsoft
security

Microsoft says Vista is more secure – but nobody out there will believe it. They “know” that Windows is insecure, and even if Vista really is a secure operating system, it will take a long time to change that perception.

How secure is Vista? Nobody knows as yet; though I don’t doubt that enormous effort has been put into this aspect of the new Windows. There are also some solid security advances over Windows XP. Users no longer run with local admin rights by default – even if they have those rights, they are disabled unless processes are specifically elevated, which means passing a dialog. Another key improvement is that Internet Explorer is sandboxed.

Having said which, everyone will be watching for security alerts and “Patch Tuesday” fixes after Vista’s final release. Undoubtedly when the first flaw is discovered Windows will be proclaimed as insecure as ever.

That’s not necessarily so. All operating systems have security flaws. But Microsoft’s challenge is twofold: addressing first the technical issues, and second the public perception.

The latter may be even harder than the former. For sure, it’s gleefully exploited by competitors. Apple says on its site:

Connecting a PC to the Internet using factory settings is like leaving your front door wide open with your valuables out on the coffee table. A Mac, on the other hand, shuts and locks the door, hides the key, and stores your valuables in a safe with a combination known only to you. You have to buy, configure, and maintain such basic protection on a PC.

Apple’s statement is mostly false. A new, default installation of XP with SP2 (which is how PCs are supplied) has an effective built-in firewall; although a router with NAT is safer, you can connect a cable modem directly and intruders can’t get in. I had a machine connected like this for 2 years always-on, in pre-SP2 days but with the built-in firewall enabled, and suffered zero successful attacks.

Still, Apple is correct in saying that numerous viruses target Windows and there are a large number of infected machines, largely I suspect because users run as local admin and they (or their children) cheerfully execute malicious scripts and executables. Can Vista stop this happening, even though such users will need to pass a dialog? Probably not altogether.

The best hope then is that Vista will be mostly secure for sane users. The worst scenario is that people are persuaded to turn off UAC (User Account Control), and instead put their trust entirely in ineffective third-party utilities, only to grumble a few months down the road that Windows has let them down again.

In security, nothing changes quickly. Watch this space.

Tags:
vista
microsoft
apple
security