I have been asked to write an article about the Windows Vista vs. XP issue for the German magazine Computerwoche. They translated an InfoWorld article by Randall C. Kennedy which is one of the best Vista bashing articles I've read so far. After reading it, I was attracted by the challenge to defend the Vista pro stance. I agree with some of Kennedy’s views, but quite a few of his claims distort the real picture, in my view.
- Pip install Boto3 - Thu, Mar 24 2022
- Install Boto3 (AWS SDK for Python) in Visual Studio Code (VS Code) on Windows - Wed, Feb 23 2022
- Automatically mount an NVMe EBS volume in an EC2 Linux instance using fstab - Mon, Feb 21 2022
His article addresses eight fields: Security, Manageability, Reliability, Usability, Performance, Hardware compatibility, Microsoft software compatibility, Third-party software compatibility, Developer tools support, and Future-proofing. Today, I will only cover the security aspect. In future posts I will blog about the other fields. Not all of them deserve a single post though.
I will always summarize Kennedy’s main arguments in italics before my reply. However, I encourage you to read the original article. Please, let me know if you believe that I missed something or if you think that I didn’t get the main point of his argument.
UAC is annoying and doesn’t really improve security in a corporate environment because there are ways to circumvent UAC, and domain users usually don’t have admin privileges, anyway.
I agree that UAC prompts are annoying and I explained in detail why I believe that these prompts might even decrease security a while back. However, UAC improves security even if you turn off the prompts. The fact that UAC can be circumvented under certain conditions is no argument against UAC. This is true for every security mechanism. When it comes to security, the only interesting question is if a certain feature raises the bar for certain attacks and this certainly applies to UAC.
I covered some of the benefits of UAC in another article, so I won’t repeat them here in detail. The main benefits are a lower risk for so-called shatter attacks, virtualization techniques for legacy apps requiring admin privileges, and the ability to give temporary admin rights to standard users.
It might also be true that in most corporate environments, distinguishing standard users from administrators is already common practice since the times of the good old Windows NT. But the main point about UAC is that developers programming for the consumer market are forced now to make this distinction which will improve the overall security of the whole Internet. We will all benefit from this development. It is correct to criticize the way UAC was implemented, but Microsoft definitely made a step into the right direction.
The other security-related features such as the updated firewall or Address Space Layout Randomization, are nice, but not compelling because we have other security measures like hardware firewalls and third-party software that take care of security.
I must admit that I am not sure if I really understand this argument because it seems to be quite far-fetched for me. You don’t have to be a security expert to know that the essence of any security strategy is to have as many lines of defense as possible. Every new security features is welcome as long as its costs for productivity aren’t too high.
But when it comes to Vista’s improved security it is not UAC or the other new security features that are most important, but the fact that Vista is Microsoft’s first operating system where security was a primary concern. This means that developers were urged to always have security in mind with every line of code they write. The fact that there were far less security-related updates for Vista than for XP proves this point.
This does not only reduce the costs for patch management, it also shows that Vista is simply much more secure than XP. Microsoft has been slapped by journalists all over the years for their lax attitude towards security. There is no doubt about it that this criticism was justified. For the first time they really valued security over other features only to hear now that we have third-party security software anyway.
What is your view? Does Vista improve security or not? Is XP secure enough? What are your favorite security-related Vista features? In my next post I will address manageability. Stay tuned!