Will a beefed-up firewall, User Account Control and disk encryption make Vista
a safer choice than XP?
Microsoft could create the prettiest OS in the world, but unless Vista solves the fundamental security problems that have beset Windows XP then history will ultimately deem it a failure. So it’s no wonder that Microsoft has made fundamental changes to the way programs access Vista, while throwing in a whole range of new security technologies to protect against hackers, viruses and even corporate espionage.
Administrators and the UAC
By default, the vast majority of Windows XP user accounts are all-powerful administrators: once logged in, you can do anything to your OS. The problems come when a virus has inveigled its way onto your system: it could change any setting, and the first you might know of it is your computer simply stopped working.
With Vista, Microsoft's intent is for most people to run as a “standard user”. The idea of a non-administrator account isn’t new, but with XP it was labelled a Limited account and many programs simply didn’t run unless you were logged in as an Administrator. The end result was that almost everyone soon switched to Administrator status, even in businesses.
To quote Vista itself, “Standard account users can use most software and change system settings that do not affect other users or the security of the computer.” If they need to make an advanced change that will affect others, such as altering the clock time, they’ll be prompted for the administrator’s password.
If, on the other hand, you’re logged in as an administrator, then you’ll be prompted to press “Continue” whenever you’re about to perform what Vista considers to be a potentially damaging task. This prompt is the outward sign of the UAC, the User Account Control; whenever an icon includes a small Windows shield, you’ll know you’re about to be prompted.
It’s an interesting approach, but we’re not convinced this will succeed in the long term. Far too many people will still log in as administrators, become annoyed by the UAC nagging, and switch them off (which is very easy to do). Also, the lack of meaningful information when you click on Details means many inexperienced users will click Continue by default.
Microsoft desperately needs to add some plain English to this dialog box, and make it context-sensitive, or many people will simply ignore the UAC. However, the new standard user accounts are a big step forward, especially if as many people use them as Microsoft hopes.
All-new Security Center
Microsoft has updated the Security Center it introduced with Windows XP Service Pack 2, with the intention that third-party security software suppliers (such as McAfee and Symantec) will plug their software into it. As standard, Security Center includes a two-way firewall, anti-spyware (Windows Defender) and parental controls.
The firewall is already a step above the one included with Service Pack 2, as it includes both inbound and now outbound protection. Another bonus is the ability to stop particular applications, such as messenger clients. However, our tests have consistently shown that third-party firewalls - including the free ZoneAlarm - are better at repelling threats. Fortunately, you can replace Microsoft’s firewall with your own choice.
It’s a similar story with anti spyware. Webroot’s Spy Sweeper is a far better performer when it comes to blocking, detecting and removing spyware than any version of Windows Defender we’ve yet seen. But you have to pay around $40 for Spy Sweeper, whereas Defender is free, and Defender is still a very good anti-spyware tool. Overall, it’s fantastic to see this built into an OS as standard.
The final inclusion of note is parental controls, which Vista ties in to user accounts. As the administrator, you can control the experience of your “standard users”, from the times of day they can use the PC to which games they play and which websites they visit. You can also choose to track their activities, including websites visited and applications run; it’s intrusive but effective.
Considering all this, it may seem a little strange that Microsoft hasn’t included anti-virus protection as standard. Cynics would argue the main reason for this is Windows Live OneCare - Microsoft’s subscription-based service that provides virus protection along with enhanced spyware, firewall, tune-up software and data backup services. Others believe that it’s to avoid another monopoly legal wrangle.
More controversy comes in Microsoft’s expectations of how third-party software will work with Vista. It wants the likes of McAfee and Symantec to plug their software into the Security Center, so users will always have a uniform interface; the companies want their own “Security Center” software to be able to replace Vista’s offering. There are pros and cons to both solutions, but the end result could be two Security Centers slugging it out for control, which will help no-one.
 |
| Windows Defender fends off spyware, and integrates well with Internet Explorer 7. |
The truth about Windows Vista
Under the skin
Security and encryption
Networking, IPv6 and beyond
Out of the box
Versions and requirements
What Vista might have been