Microsoft is promoting Windows Vista as the most secure version of its operating system yet — but it's still recommending outside help to shield against common cyberthreats.
All major security software makers, as well as many smaller ones, will have products available for Vista when the operating system is launched to consumers on 30 January, Microsoft said on Wednesday. That's a different story from last November, when Vista was released for businesses. At that time, only one major security company, McAfee, was ready.
"Windows Vista is the most secure operating system we've ever built," Ben Fathi, corporate vice president of the security technology unit at Microsoft, said in a statement. "Our security partners continue to play a vital role in adding layers of protection onto the Microsoft Windows platform."
There is no doubt that Vista will be Microsoft's most secure operating system. However, most secure is not equivalent to secure
Natalie Lambert, Forrester Research
Microsoft is increasingly encroaching on the terrain of traditional security companies such as Symantec, McAfee and Trend Micro. Included in Vista are two of the three protection technologies that security experts typically recommend for any Windows PC: a firewall and a spyware shield. The new operating system lacks the third: virus protection, but Microsoft now sells that as Windows Live OneCare.
In what could be good news for the security companies, some reviewers aren't enthusiastic about Windows Firewall, the Windows Defender spyware tool or Windows Live OneCare. The Microsoft software offers mostly basic protection and is not the best of its class, such critics have said.
Aside from the basic protection features, Microsoft has fitted Vista with several more features to thwart cyberattacks. For example, Internet Explorer 7 runs in a protected mode to prevent installation of malicious software through security holes. Also, User Account Control runs a Vista PC with fewer user privileges, in an effort to keep malicious code from doing as much damage as it would on a machine running in administrator mode — a typical setting on Windows XP.
In addition, Vista includes parental controls, and IE 7 has a filter to block phishing scams.
"There is no doubt that Vista will be Microsoft's most secure operating system. However, most secure is not equivalent to secure," said Natalie Lambert, an analyst at Forrester Research. "Users need to protect themselves."
Symantec, McAfee, Trend Micro and numerous others will have antivirus software and other protection tools available when Vista hits the market later this month. Microsoft, which has been pushing into the security market since last May, will also have a version of Windows Live OneCare ready for Vista buyers, the company said.
To distinguish itself from the pack, Symantec on Tuesday announced a new feature for Norton Internet Security and Norton AntiVirus. The products, for Vista and Windows XP, will include a new detection mechanism called "Sonar" that looks at the behaviour of code on a PC to determine whether it's malicious, rather than using the traditional signatures — a kind of "fingerprint" of known bad code.
"We're ensuring that customers remain fully protected on the new Vista operating system," Rowan Trollope, vice president for Symantec's consumer business unit, said in a statement.
Running security software is just part of the job to protect a Vista PC, Lambert said. "Customers should also make sure that they have good patch hygiene," she said. Also, simply clicking "yes" on any security warnings that the operating displays will negate the effect of the protection, she noted, specifically referring to User Account Control.
But one Vista user doesn't have protection beyond what's in the operating system: the seven-year-old son of Jim Allchin, Microsoft's Windows chief. Allchin clarified, though, that his boy's PC is locked down significantly, to the extent that he can access only certain websites and can't use email or instant messaging.
"I want to be clear — most users will use some form of antivirus software," Allchin wrote on a corporate blog in November. "In fact, Windows Security Center, a great feature in Windows Vista, specifically encourages the use of antivirus software."
Talkback
Perceived wisdom is that Microsoft hasn't been too helpful to the security industry.
Mixed messages have been emanating from Microsoft executives over the last couple of months and evidence is that Vista is being rushed to market.
No doubt it will all be sorted out in the usual way, but one can't help the feeling that Microsoft still has market dominance in it's sights and that it's marketing skills take precedence over it's coding skills, or even the genuine interests of it's customers.
I remember, some time ago, that Bill Gates once said that he envisaged a future when the hardware would be free and all the cost would be in the software. Surely this should be the other way round. a computer should be able to perform all the current everyday tasks out of the box without spending huge additional sums of money on necessary software.
And where would Vista be without the recent significant advances in the hardware, processors, video chips, etc.