News Stay informed about the latest enterprise technology news and product updates.

Windows Vista's security features: One year later

Although Vista is the most secure version of Windows ever created, many of its security features have drawn criticism. This article explains why.

When Vista was released to manufacturing, Microsoft co-president Jim Allchin told the press that the

Windows Vista security features
Microsoft Windows Vista: Security feature reviews

The ultimate Microsoft Vista tutorial on security

number one reason for upgrading to Vista is that it's far more secure than previous versions of Windows operating systems. In the year since Microsoft released Windows Vista to corporations, and just under a year since the OS was released to consumers, Vista's new security features have drawn both praise and criticism. In this article, I take an objective look at security features that seem to be drawing the most attention.

User Account Control

User Account Control (UAC), a feature that limits the types of activities a user can perform, has drawn a lot of attention in the last year. With UAC, even administrators are treated as basic users.

Microsoft decided to implement UAC because, like any other application, malware is subject to the limitations of the user who is running it. If a user has unlimited access to the system and the system becomes infected with malware, then the malware also has unlimited access to the system. By limiting users' access to the OS, Microsoft greatly restricts the damage that malware can do to a system.

Although preventing malware-related damage is generally regarded as a good thing, UAC has drawn an almost unprecedented amount of criticism. One reason for the condemnation is that many administrators believe that a lot of legacy applications are programmed to have free reign over the system; truth is, however, they end up not being compatible with Vista.

Windows professionals require elevated permissions to perform elevated tasks. Those tasks are more difficult when administrators are treated like common users. Hence, more criticism.

Even though User Account Control can be annoying at times, I think Microsoft had no choice -- it had to create this feature. Windows XP had such a bad reputation in regards to how easily it could be infected with malware that Microsoft made sure Vista was designed in a way that would prevent malware from taking over the system.

Unfortunately, the problems related to Vista's incompatibility with legacy applications are real. Fortunately, there are a lot of workarounds you can use to help many of your older applications run on Vista. I recently published an article on this site that discusses these compatibility clashes and the workarounds in detail. Some applications simply cannot be run on Vista, though, so compatibility testing is essential for any company contemplating a migration to Vista.

I disagree with a lot of arguments regarding UAC versus admins. Once I got over the initial learning curve and became accustomed to how Vista works, operating in a restricted environment didn't seem any more difficult than working in Windows XP.

Windows Security Center

Microsoft introduced Windows Security Center in Windows XP Service Pack 2 and extended it in Windows Vista. It created Windows Security Center with the intention of it being a central location from which the various security settings could be managed.

I have heard various IT professionals criticize the Security Center, calling it patronizing or saying that it was created solely for public relations purposes. Although I don't completely agree with these statements, I do tend to side with the critics on this one. For systems administrators and Windows experts, the Windows Security Center is nothing short of laughable.

However, I could be convinced that it has its place.

If you look at the Windows Firewall settings that are exposed through the Windows Security Center and compare them to the firewall settings available through the Microsoft Management Console, you will see that there is a difference. Users with limited computer experience most likely would not know what to do if they had to configure the Windows Firewall through the Microsoft Management Console. Windows Security Center gives inexperienced people a very simple mechanism for turning the firewall on and off, while leaving the more advanced settings safely hidden away.

Windows Defender

Windows Defender is Vista's built-in anti-spyware program. It draws criticism for being "annoying." Even benign operations can trigger alerts that require you to approve the requested activity. I have heard others in IT compare those alerts (often referred to as nag screens) to the snooze button on an alarm clock. The fear is that, over time, users will get into the habit of always approving any action, just to make the warning message go away.

I agree: The nag screens can be obnoxious. But Microsoft has really toned them down since Vista's beta testing period. During that time, Windows Defender messages were so pervasive that the OS felt borderline unusable. I think Microsoft has done a good job of redesigning Windows Defender to only display a warning message when it's really necessary.

And, in spite of complaints against Windows Defender, Vista seems to do a good job. I'm not saying that Vista is immune to spyware, but, to date, I have yet to see a Vista machine infected with spyware. I have seen a situation in which an infected Windows XP machine was upgraded to Vista, and the infection remained after the upgrade, but not the former.

The new security features in Vista have been raked over the coals for various reasons and, in many cases, the criticism is warranted. Even so, there is simply no denying that Vista is far more secure than any previous version of Windows. I have just learned to accept that security and convenience are often a tradeoff.

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.

Dig Deeper on Windows applications

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.