Advance and Be Mechanized

So I'm not one for criticising something I haven't tried or don't know much about, but that's precisely what I'm going to do here; giving some thoughts about the security in Microsoft's Windows Vista. After all, I'm familiar the security of previous Windows versions and for the improvements I'll just take a look at what Microsoft itself is saying.

So let's start with Microsoft's own marketing literature by examining the Windows Vista Features - Security page.

What are the new improvements in this new version of Windows?. Let's see: there's a thing called User Account Control (UAC) that takes away the default administrative privileges and minimizes its use. This is a great idea and it was about time, since it's so 1980's (or 1970's) - finally Windows is catching up with UNIX -

What are the other great new security features?. There are none described in this page. They have four bullets, but three of them (automatic updates, security center and firewall) are already available in Windows XP, and the fourth one is the Malicious Software Removal Tool (MSRT) that is not part of Vista, but a tool to download.

More interesting is this interview with Windows chief Jim Allchin: Buy Vista for the security.

There are two highlights for me. One is having the responsible of a product that has been over 12 years in the market say with a straight face: "A standard Windows XP computer can get hacked the moment it is connected to the Internet." It's like the ad on the paper they had when they released Windows 2000 (or something) and there was a picture of the "blue screen of death" and then some copy of how the new Windows would have none of that. Imagine an ad by Honda cars showcasing the new Accord with a picture of last year's model totally wrecked and a caption that read: "New Accord: this time the breaks will work".

The second interesting point is a new "double-checking" Windows security feature that it wasn't mention in Microsoft's page: "As an example of double-checking, Allchin said Microsoft has marked the OS services to know what network ports they should open and what OS functions they should call. Then, another part of the OS verifies the process. "If we ever find something trying to open a port that the developer said it should not be opening, it is immediately shut down," he said.".

And apparently Vista is going to take on spyware and make a lot of users and tech support centre people very happy, and as a side effect it will make anti-spyware software companies miserable. That's what happens when you are a good parasite (living off others and making them better) and your business depends on the whims of somebody else.