Thu 8 May 2008
I have been asked to write an article about the Windows Vista vs. XP issue for the German magazine Computerwoche. They translated an InfoWorld article by Randall C. Kennedy which is one of the best Vista bashing articles I’ve read so far. After reading it, I was attracted by the challenge to defend the Vista pro stance. I agree with some of Kennedy’s views, but quite a few of his claims distort the real picture, in my view.
His article addresses eight fields: Security, Manageability, Reliability, Usability, Performance, Hardware compatibility, Microsoft software compatibility, Third-party software compatibility, Developer tools support, and Future-proofing. Today, I will only cover the security aspect. In future posts I will blog about the other fields. Not all of them deserve a single post though.
I will always summarize Kennedy’s main arguments in italics before my reply. However, I encourage you to read the original article. Please, let me know if you believe that I missed something or if you think that I didn’t get the main point of his argument.
UAC is annoying and doesn’t really improve security in a corporate environment because there are ways to circumvent UAC, and domain users usually don’t have admin privileges, anyway.
I agree that UAC prompts are annoying and I explained in detail why I believe that these prompts might even decrease security a while back. However, UAC improves security even if you turn off the prompts. The fact that UAC can be circumvented under certain conditions is no argument against UAC. This is true for every security mechanism. When it comes to security, the only interesting question is if a certain feature raises the bar for certain attacks and this certainly applies to UAC.
I covered some of the benefits of UAC in another article, so I won’t repeat them here in detail. The main benefits are a lower risk for so-called shatter attacks, virtualization techniques for legacy apps requiring admin privileges, and the ability to give temporary admin rights to standard users.
It might also be true that in most corporate environments, distinguishing standard users from administrators is already common practice since the times of the good old Windows NT. But the main point about UAC is that developers programming for the consumer market are forced now to make this distinction which will improve the overall security of the whole Internet. We will all benefit from this development. It is correct to criticize the way UAC was implemented, but Microsoft definitely made a step into the right direction.
The other security-related features such as the updated firewall or Address Space Layout Randomization, are nice, but not compelling because we have other security measures like hardware firewalls and third-party software that take care of security.
I must admit that I am not sure if I really understand this argument because it seems to be quite far-fetched for me. You don’t have to be a security expert to know that the essence of any security strategy is to have as many lines of defense as possible. Every new security features is welcome as long as its costs for productivity aren’t too high.
But when it comes to Vista’s improved security it is not UAC or the other new security features that are most important, but the fact that Vista is Microsoft’s first operating system where security was a primary concern. This means that developers were urged to always have security in mind with every line of code they write. The fact that there were far less security-related updates for Vista than for XP proves this point.
This does not only reduce the costs for patch management, it also shows that Vista is simply much more secure than XP. Microsoft has been slapped by journalists all over the years for their lax attitude towards security. There is no doubt about it that this criticism was justified. For the first time they really valued security over other features only to hear now that we have third-party security software anyway.
What is your view? Does Vista improve security or not? Is XP secure enough? What are your favorite security-related Vista features? In my next post I will address manageability. Stay tuned!
Articles in this series:- Windows XP vs. Windows Vista - Security
- Windows Vista vs. Windows XP - Systems Management
- Windows Vista versus Windows XP - Reliability
- Windows XP versus Windows Vista - Usability
- Windows XP vs. Windows Vista - Performance
- Windows Vista vs. Windows XP - Hardware compatibility
- Windows XP vs. Windows Vista - Software compatibility
- Windows XP vs. Windows Vista - Future proofing
Newsletter: 
Loading ...
when it comes to security windows vista comes ahead of any Microsoft OS released so far. and I’m sick and tired of reading lame arguments like those of Kennedy. yes, is true Windows vista is a pain when it comes to hardware comparability, and somehow in performance, but wasn’t the same with XP when it was released?
UAC is a great feature in vista,as it is the new firewall. the ability to scan inbound and outbound connections with the firewall is just great. the way vista manage user accounts is much better also. registry visualization and path redirection are some hidden goodies that Kennedy probably does not know about.
I don’t know Mick but there are people that just like to refuse to embrace new things and they whine about about anything they can to justify it. as for me I’m really happy using windows vista as I do with XP..
Well i would say you have taken a tough work ahead on your hands.. with so much of Vista bash among the general community..
Also entitled has one of the Technology Mishap of the Decade..
But keep it going may u be able to uplift the thing for microsoft what even they were not able to get along
“Microsoft has been slapped by journalists all over the years for their lax attitude towards security.”
What gets me is that now it is the same criticizing journalists (or at least seems to be) that are now complaining that it’s too much security. “It’s too hot.” “Now it’s too cold.” Shut-up and eat your dinner. These are likely also the ones that complained about XP when it first came out saying that the user interface was too glitzy and the OS was too bloated and slow on the then current hardware.
I, for one, feel that Vista was a necessary step. It may not be perfect, but nothing ever is. I’ve been running it for a year-and-a-half in 32-bit and 64-bit on three different hardware configurations that are at most two years old without any issues in hardware compatibility or, for the most part, software compatibility. Only major issue I had was finding a 64-bit printer driver that was quickly remedied.
Now I plan on running Server 2008 as a workstation for the increased performance. I can only expect that Microsoft will take the performance gains from Server 2008 and apply them to Win 7.
I understand that in order to get something done about an issue that is concerning you, you often times have to be loud and irritating before anything is done, but for the most part I feel that the complaints about Vista are out of sheer ignorance, uncomfortableness, peer-preasure, or fear.
Nelson, thanks for sharing your favorite security features. I think the problem is that there are so many little improvements. If you take just one or two, like Kennedy did, it is easier to say that this can hardly be a reason for an upgrade. However, I don’t think that Vista’s opponents just have problems embracing something new. At least the ones I talked to are not like this. But many of them have a tendency to dislike Microsoft. I also think that many just enjoy it if a big one gets slapped. Of course there are also those who really know Vista and still dislike it. And there are certainly good reasons not to deploy Vista in some environments.
Computer Support, I like tough work.
Ilektran, >>“It’s too hot.” “Now it’s too cold.” Shut-up and eat your dinner.< <
This one made me really laugh. I suppose this is something Ballmer wants to shout out loud sometimes. Maybe he doses when he is in his office and plays with his chairs. I am also thinking of running Server 2008 as a workstation because of Hyper-V.
well i like xp
Shut-up and eat your dinner.< <
Yeah.. just provide ballmer and company the link to the blog.. he will appreciate it… and probably like to meet the ilektran personally..
and add his comment as the customer testimonial feedback..
But then i dont want to take the credit out of ilektran comment he addressed it quite fairly in his comment..
cheers!!