« Promotion by Merit? | Main | Yesterday / Tomorrow (in shell) »

February 23, 2007

Vista Secure? NBL!

There is an interesting (for IT support staff) article over at The Register entitled Vista security overview: too little too late which says in the summary:

So, what have we got here? An adequately secure version of Windows, finally? I think not. We have got, instead, a slightly more secure version than XP SP2. There are good features, and there are good ideas, but they've been implemented badly. The old problems never go away: too many networking services enabled by default; too many owners running their boxes as admins and downloading every bit of malware they can get their hands on. But MS has, in a sense, shifted the responsibility onto users: it has addressed numerous issues where too much was going on automatically and with too many privileges. But this simply means that the owner will be the one making a mess of their Windows box.
Data hygiene is still an absolute disaster on Windows. In fact, it's worse than it ever was in some ways, and that's very bad indeed. Browser traces still in the registry, heavy and complicated indexing to improve search, new locations where data is being stored. It all adds up to a privacy nightmare. Keeping a Vista box "clean" is going to be impossible for all but the most knowledgeable and fastidious users.
So don't rush out to buy Vista in hopes of getting much in return security-wise. I do like some of the changes, at least in theory, or as a decent platform on which to build an adequately secure version of Windows one day. But that day, if it ever comes, will be well in the future.

The comment that sprang out at me was about the default user being the administrator. Still. After all these years.

It just goes to show that Microserfs may have been inspecting the Apple GUI so they could copy it but they never looked underneath the flashy pictures to see how the security model worked....

[NBL = Not Very Likely (but in the Australian vernacular)]

Posted by Ozguru at February 23, 2007 06:00 AM