I read this article from Angus today with much amusement. Apparently Vista is more insecure than Windows 2000. I found this really very funny. Why?
The number of virus infections found by a virus vendor does not necessarily equal poor security. In many cases (though not all) it equals poor user behaviour. Why?
If I, despite all prompting and consent behaviour, choose to go to a (probably dodgy) website, accept the ActiveX control prompts to download (probably dodgy) code and I actually choose to execute that code then I’m hosed. I’m now at the mercy of whatever code I’ve chosen to run – and in many cases its running under your local shell integrity level. The anti-virus vendor is now the last line of defense and you need them to help get the malicious code off the PC.
So is this purely the operating system’s fault? I contend not. No in some cases its the user and their lack of knowledge and their implicit “it-wont-happen-to-me” complacency. Hence my comments to Angus that we do need to do more to educate users about security and UAC. Take for example a previous post on Protecting Your Business from your users. Sometimes we just have to spend more time in actually helping them to understand the risks….there’s only so far that technology can go in protecting users….
This brings us to the point of UAC and why its there. Its there to add another layer and to enforce least privilege. In the majority of cases in Windows 2000 and XP people ran their applications while logged on with local administrator privileges. This was something we wanted to stop and UAC does that. Assuming that I don’t have local admin privilege I cant even consent to install the potential malware – but my apps run and I can do basic things now like connect to a wireless LAN, connect to a VPN and change my timezone….all things that previously you needed local admin privilege to do. In some cases, yes, some apps have issues running like this. The CoPilot Live software that came with my TyTN II phone is one of these…
And its not like the application developer community didn’t know about writing for least privilege. We made it pretty clear over a number of years not to write to protected parts of the OS. Our logo certification reflects this!! UAC is designed to enforce least privilege and for the most part applications do work nicely and behave properly running under UAC without any prompting whatsoever. So far today I’ve run Office, run Camtasia, even Command and Conquer Generals….all without a single prompt.
Despite the claims – Vista’s actual vulnerabilities are significantly less than Windows 2000…period. And we still stand by that claim. We also stand behind UAC and its intent – and what I showed Angus was that we have made great strides in reducing the excessive amount of UAC prompting for a single action. Ill be doing a webcast shortly showing you this fact with Windows Vista and Windows Vista SP1 running side-by-side. More to come on that!