% fortune -ae paul murphy

Microsoft Vista and security

Microsoft's pending "Vista" desktop OS release has a number of "in your face" security features that can't be ignored on even the most cursory review. These may or may not prove effective in use, but certainly seem a little over the top in terms of the usual security trade-off in which it's recognised that every security step or feature written into a process is also an impediment to effective business process execution.

Imagine buying a new car that ensured passenger safety by locking out the transmission and defaulting all four disk brakes to full on, thereby allowing buyers to rev the engine and play with the stereo, but not actually to move - unless they first absolve the car maker of any safety responsibilities and then restart the car with all safety devices off.

Now imagine getting your copy of Windows Vista and discovering that you can't install anything, hardware or software, without jumping through both licensing and security hoops first, can't run a lot of existing XP software without upgrading applicable permissions to essentially unprotected operation first, and can't backup anything without either bypassing security at the time of backup, or agreeing that you'll only recover data on the machine you're using to write it.

Nobody would buy that car - but lots of people are going to be getting Vista.

The most frequently visible piece of this is part of the latest uaf incarnation: User Account Control. UAC imposes itself just about everywhere, asking if you really, truly, and honestly want to do whatever it is you want to do - even if you went through the same authorization process to do the same thing a minute earlier.

When this thing hits the corporate desktop the universal howl will be to get this those [expletives deleted] pop-ups the [expletive deleted] out of the users collective faces - and sensible wintel bunnies are going to hop right to that; probably at first just by giving users much higher authorization levels than they should have.

In the middle term, of course, we can expect both Microsoft and third party methods of balancing sensible security with minimal access pain to become available - and in the long run I expect Microsoft to adopt the basic Unix security model for their next OS. But it's the short term that's at issue here, and in the short term I think dangerous accommodations to user anger will just have to be made - simply because there's little else your average Windows administrator, or Microsoft either, can do.

And all of that raises a question: Microsoft obviously knows about this, so what are they planning? One strategy that occurs to me is this: they could be planning on extending support for XP SP2, while pushing hard on server based computing for corporate customers.

That would slow Vista adoption by the people who would find this security stuff most onerous, reduce the burden on corporate users, accelerate the move to the "Windows as Mainframe" organisational architecture that's been underway in big organizations for some time, and increase financial opportunities for the Windows community - the hobbyists, journalists, and windows professionals who sell this stuff to the rest of us. And if that sounds like a win for everybody except the customer; well, that's Windows, right?


Paul Murphy wrote and published The Unix Guide to Defenestration. Murphy is a 25-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues.