Report Casts Doubt on Vistas Security Impact

News Analysis: In a scathing review of the security features built into preview versions of Microsoft's upcoming Windows Vista operating system, one analyst contends that the software giant's highly-touted security features are self-defeating and m

An early review of the much-publicized security features due in Microsofts next-generation Windows Vista operating system concludes that the tools may be so unfriendly to users that they delay enterprises move to adopt the new product.

In a research report published May 8, analysts at Boston-based Yankee Group said that Microsofts latest attempt to better secure its dominant OS is significantly off the mark. Based on feedback garnered by the experts from a wide range of software developers already testing preview versions of Vista, Yankee Group said that the intrusive nature of the security features could turn off IT administrators and users alike.

While the researchers laud Microsofts efforts to reduce account privileges to slow the spread of malware, lock down holes in its Internet Explorer browser, improve network access controls and integrate anti-spyware and anti-phishing applications into Vista, the report concludes that the execution of some of those plans may encourage companies to take a wait-and-see approach with the OS.

Andy Jaquith, the analyst who authored the report for Yankee Group, said that many people already working with Vista feel that Microsofts security tools are unnecessarily repetitive and even patronizing, and interrupt the workflow of administrators to the extent it makes their jobs harder to perform.

Specifically, Jaquith, who tested a preview version of Vista released in December 2005, said that Microsofts incorporation of user accounts that strictly limit access privileges via its User Account Control feature will be "particularly problematic."

Microsoft representatives didnt immediately offer comment on the findings of the Yankee Group report, but confirmed that they had read its contents.

/zimages/2/28571.gifGuru Jakob Nielsen offers advice on designing applications for usability. Click here to watch the video.

By forcing end users with such accounts to constantly seek approval from administrators to complete tasks they manipulate freely in todays versions of Windows, and creating headaches for those people charged with handing out such permissions, Jaquith said the features may simply be ignored or shut off by many people.

/zimages/2/28571.gifRead more here about delays in Vista.

"The User Account Control feature is like Chatty Kathy, its always in your face and the danger is that users are going to start treating it like the snooze button on their alarm clock and hitting yes without looking to see why theyve been prompted," said Jaquith. "A lot of people, especially home users, will probably turn the feature off so theyll essentially be no better off than before."

Another issue with the User Account Control is that it is incompatible with popularly used anti-virus applications from companies such as Symantec and McAfee, forcing customers to wait until those firms have rewritten their products to mesh properly with Vista.

The analyst said he was surprised to see that the new SafeDocs backup program shipped with Vista can only be run by IT administrators, not end users.

Next Page: Putting itself at a disadvantage.