I have been asked to write an article about the Windows Vista vs. XP issue for the German magazine Computerwoche. They translated an InfoWorld article by Randall C. Kennedy which is one of the best Vista bashing articles I've read so far. After reading it, I was attracted by the challenge to defend the Vista pro stance. I agree with some of Kennedy’s views, but quite a few of his claims distort the real picture, in my view.

His article addresses eight fields: Security, Manageability, Reliability, Usability, Performance, Hardware compatibility, Microsoft software compatibility, Third-party software compatibility, Developer tools support, and Future-proofing. Today, I will only cover the security aspect. In future posts I will blog about the other fields. Not all of them deserve a single post though.

windows_xp_logo windows_vista_logoI will always summarize Kennedy’s main arguments in italics before my reply. However, I encourage you to read the original article. Please, let me know if you believe that I missed something or if you think that I didn’t get the main point of his argument.

UAC is annoying and doesn’t really improve security in a corporate environment because there are ways to circumvent UAC, and domain users usually don’t have admin privileges, anyway.

I agree that UAC prompts are annoying and I explained in detail why I believe that these prompts might even decrease security a while back. However, UAC improves security even if you turn off the prompts. The fact that UAC can be circumvented under certain conditions is no argument against UAC. This is true for every security mechanism. When it comes to security, the only interesting question is if a certain feature raises the bar for certain attacks and this certainly applies to UAC.

I covered some of the benefits of UAC in another article, so I won’t repeat them here in detail. The main benefits are a lower risk for so-called shatter attacks, virtualization techniques for legacy apps requiring admin privileges, and the ability to give temporary admin rights to standard users.

It might also be true that in most corporate environments, distinguishing standard users from administrators is already common practice since the times of the good old Windows NT. But the main point about UAC is that developers programming for the consumer market are forced now to make this distinction which will improve the overall security of the whole Internet. We will all benefit from this development. It is correct to criticize the way UAC was implemented, but Microsoft definitely made a step into the right direction.

The other security-related features such as the updated firewall or Address Space Layout Randomization, are nice, but not compelling because we have other security measures like hardware firewalls and third-party software that take care of security.

I must admit that I am not sure if I really understand this argument because it seems to be quite far-fetched for me. You don’t have to be a security expert to know that the essence of any security strategy is to have as many lines of defense as possible. Every new security features is welcome as long as its costs for productivity aren’t too high.

But when it comes to Vista’s improved security it is not UAC or the other new security features that are most important, but the fact that Vista is Microsoft’s first operating system where security was a primary concern. This means that developers were urged to always have security in mind with every line of code they write. The fact that there were far less security-related updates for Vista than for XP proves this point.

This does not only reduce the costs for patch management, it also shows that Vista is simply much more secure than XP. Microsoft has been slapped by journalists all over the years for their lax attitude towards security. There is no doubt about it that this criticism was justified. For the first time they really valued security over other features only to hear now that we have third-party security software anyway.

What is your view? Does Vista improve security or not? Is XP secure enough? What are your favorite security-related Vista features? In my next post I will address manageability. Stay tuned!

6 Comments
  1. Nelson 14 years ago

    when it comes to security windows vista comes ahead of any Microsoft OS released so far. and I’m sick and tired of reading lame arguments like those of Kennedy. yes, is true Windows vista is a pain when it comes to hardware comparability, and somehow in performance, but wasn’t the same with XP when it was released?

    UAC is a great feature in vista,as it is the new firewall. the ability to scan inbound and outbound connections with the firewall is just great. the way vista manage user accounts is much better also. registry visualization and path redirection are some hidden goodies that Kennedy probably does not know about.

    I don’t know Mick but there are people that just like to refuse to embrace new things and they whine about about anything they can to justify it. as for me I’m really happy using windows vista as I do with XP..

  2. Computer Support 14 years ago

    Well i would say you have taken a tough work ahead on your hands.. with so much of Vista bash among the general community..

    Also entitled has one of the Technology Mishap of the Decade..

    But keep it going may u be able to uplift the thing for microsoft what even they were not able to get along

  3. ilektran 14 years ago

    “Microsoft has been slapped by journalists all over the years for their lax attitude towards security.”

    What gets me is that now it is the same criticizing journalists (or at least seems to be) that are now complaining that it’s too much security. “It’s too hot.” “Now it’s too cold.” Shut-up and eat your dinner. These are likely also the ones that complained about XP when it first came out saying that the user interface was too glitzy and the OS was too bloated and slow on the then current hardware.

    I, for one, feel that Vista was a necessary step. It may not be perfect, but nothing ever is. I’ve been running it for a year-and-a-half in 32-bit and 64-bit on three different hardware configurations that are at most two years old without any issues in hardware compatibility or, for the most part, software compatibility. Only major issue I had was finding