Another “you make the call”, is Windows 7 really less secure than Vista?
As you know, I “hate when they do this”. Here’s another example of a headline designed to foster a negative perception – this time around Windows 7 interestingly enough (which has generally gotten great press for the most part). At any rate the title of the post is “Out of the box, Win 7 less secure than Vista” (posted by Adrian Kingsley-Hughes, Dec 10th, on ZDNet blogs). I’m not even going to link to it, because it’s not really even worth a read. Essentially, AK-H makes this post on the strength of one quote from Trend Micro CEO Raimund Genes who has the following observation: “I’m not saying Windows 7 is insecure, but out of the box Vista is better…Windows 7 may be an improvement in terms of usability but in terms of security it’s a mistake, though one that isn’t that surprising. When Microsoft’s developers choose between usability and security, they will always choose usability.”
I guess what gets me the most is the final sentence of Genes’ comment above about MSFT “always” choosing usability over security. Really?? Would you agree that Vista UAC was a “choice” for usability (over security)? Wow, for the last 8+ years (the Secure Computing Initiative era) MSFT actually has been routinely choosing security over usability (here’s another example: when was the last time you had to confirm the download pictures or had to deal with other content that was blocked by default?). Yet, AK-H basically throws Genes’ blanket statement out there for everyone to accept on its face value, which gives the statement an aura of credibility – and the fact that he makes this blanket statement in the aftermath of the overwhelming negative usability reaction to UAC in Vista, as I pointed out above, is almost ludicrous, or it would be if folks like AK-H didn’t give it the appearance of credibility by not only publishing it, but, in fact, basing a whole post on it, with the specious title I’ve already called out above.
Bottom line, UAC is still at work in Win7, it’s just the level of notification that’s been changed, so I would maintain that, notwithstanding any of the other improvements made to security in Windows 7, on the basis of just this, it’s not fair to cast the perception that Windows 7 “in terms of security, [is] a mistake”. His underlying premise that more notification (which is what upping the UAC settings does) = better security is subjective at best and potentially erroneous. But as is my normal point with these “you make the call” posts, the lack of factual basis, and the reliance on purely anecdotal evidence (in this case a single quote) that’s not adequately vetted, or substantiated is a real disservice to the general readership. Yet it continues to happen, and when enough of it is out there in the “echo chamber” (as Ed Bott likes to call it), it leads to or adds to many of the negative perceptions that you have to overcome or that keep your customers from making the best technology choices based on objective factors. OK, so that’s my post.
Windows 7 less secure than Vista? You make the call. But, as they say in the current vernacular, I don’t think so.