Quick Disclaimer: I am not writing this post to scare you, but I wanted you to make aware of the thought process of the security community, specifically the not so nice component.
Security in any software is a mandatory requirement, and not a value proposition. Especially when you think about Windows Vista. So why this post and you may call me paranoid after reading it. When I think about the IT landscape, especially around security, it is always good to know thy enemy. As Sun Tzu said:
- Keep your friends close, and your enemies closer.
Well I stumbled upon this website for the Pwnie Awards that are given out at the Blackhat conference. Well digging around, Windows Vista was nominated for an award, in the Most EPIC fail category, but not for the reason you are probably thinking of. I will let you read the right up of the :
Windows Vista for proving that security does not sell
$100,000,000 invested in security and what does Microsoft have to show for it? Customers are revolting against Windows Vista and nobody who has a choice is choosing to upgrade. It doesn't matter that Vista really is the most secure Microsoft operating system ever made, all customers care about is the annoyance of the UAC prompts, the confusing user interface and the insane hardware requirements.
The good thing about the Vista debacle is that no other vendor will care to do such a security push, which means that we'll be able to easily own any piece of software for the foreseeable future.
Let that sink in for a minute, especially the last paragraph. Too me, that tells me the Vista security is good. How good, and is the security tradeoff worth it? Ultimately you and your business need to make that decision. For me I think it is very telling that the not so nice security community is happy that is not deployed and they will:
....be able to easily own any piece of software for the foreseeable future.
Things that make you go hmmm.