Security Frosting

  • Article

I was attending my son's swim meet last night (Go Wayzata!).  They happened to be taking on my old school (Go Armstrong!)  And I ran into an old coworker from my previous life as a full-time Information Systems manager.  He is still there, doing development.  We got to talking about old acquaintances (who's still there and who's gone), and about how development is going (prior to doing IT I was also a Software Engineer there)... when he starts telling me about all the frustration he's having with Windows Vista.

Now... granted, this guy says he only changes operating systems because he "has to".  He didn't like Windows XP either ("Too cartoon-like").  He would buy Windows 2000 for his home PCs if he could.  But his comments and frustrations around User Account Control and how the new security model in Windows Vista were really interesting. 

"I hate it. I hate Windows Vista. I hate having to click three-or-four times to move a file into the Program Files area."

Now, I'm sure that his distaste was based on some earlier builds of pre-RTM Windows Vista, where we were still working out the kinks with regard to permissions.  But he didn't care about that.  His view is now forever that it's all just a nuisance, and he'd rather "take the chance" of getting a virus or spyware installed on his PC. 

What do you think?

Me - I disagree.  In my opinion and experience, UAC and the protections in Windows Vista are well done, well-thought-out, and very worthwhile.  Disabling that functionality might be a temporary solution for getting through some development issues he's having, but I do hope that he and others like him will still open up to the idea of letting UAC do what it is designed to do.  An extra click here and there for administrative tasks (which we typically don't do much of anyway) is a small price to pay for the added protection you get.

Kai "The Security Guy" Axford A former teammate and really sharp guy, Kai Axford, has a great post about this kind of thinking on his blog.  Kai is one of Microsoft's star security experts and presenters, and his expertise is often sought out by big businesses, security firms and government agencies.  And, as you can read in his blog post, this notion that "security is a burden" really "frosts" him.

--

Props to Keith Combs.  I saw the link to Kai's Blog there first.  (Gosh.. "Kai's Blog".  I've waited a long time to hear those words!  We miss you, Kai!)