Whos Inflating Vista Security Expectations?

By Larry Seltzer  |  Posted 2007-01-08 Print this article Print

Opinion: Unsatisfied with Microsoft's boring, conservative claims, critics invent new and unreasonable ones that they can blame the company for not meeting.

As I see it, the biggest question in the security business this year is how well Windows Vista will hold up against what will be the most concerted attack in the industrys relatively short history. The standards for a fair analysis of this question are more complicated than many would have you believe: Vista doesnt have to be perfect in order to hold up well. As even Microsoft will tell you, if you actually listen to what the company says, nothings perfect, and a big part of hardening a product against attack is to be prepared for when a failure occurs. Tests by eWEEK Labs say that Internet Explorer 7 security features work better under Windows Vista. Click here to read more.
This is why you keep hearing from Microsoft about "Defense in Depth." The idea is that a failure in one form of protection can be mitigated by other protections. And these protections dont stop with what is provided in Windows Vista. Any reasonable person, business or consumer, will add further security software to Windows Vista.
There is a widespread consensus in the security industry that Vista is a more secure Windows and, for what its worth, the most secure version of Windows ever. Of course, theyll tell you thats not enough, and of course theyre right. For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub. But the situation is an uncomfortable one for security companies: even though its indisputable, as I just said above, that you need to get modern anti-virus/host intrusion detection and prevention software for a PC running Vista, to the extent that Vista has better defenses in other regards, it could diminish demand for their products. We know that people let their licenses lapse and that they respond to things going badly. If things do turn out generally smoother with Vista, then people will let licenses lapse—and they will be more likely to get away with it. Another variable is that Microsoft included Windows Defender, an anti-spyware program and updates for it, with Vista. Even if its a bad anti-spyware program, as competitors generally claim (wow, whod have thought theyd say that?) youre better off with it than with no malware protection. Security vendors are obviously irritated at Microsofts entry into the business. You can buy desktop and server security products and services directly from the company. I havent tested either, but while the independent test results Ive seen for Microsofts consumer solution, Windows Live OneCare, dont look impressive, its enterprise solution, Forefront, (which uses multiple scanning engines) fares much better. The established security biggies feel threatened. Of course, Microsoft was unable for legal reasons (or was the company just unwilling?) to include OneCare or a similar product with Vista itself, and OEMs control all the real promotion of add-on security products. Next page: Microsofts real claims.

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel