Windows

Secure By Default or Usable?

We are stuck in a position where OS vendors have to make a choice between secure by default for enterprise customers, and usable for the home market. Which way do we go?
I read an article on ZDNet UK today titled "Microsoft: Harden your environment" in which Ed Gibson, the Chief Security Advisor for Microsoft UK, said that, "Businesses shouldn't look to the police, the law or Microsoft to deal with their security concerns, the solution lies with them."

I couldn't agree more.

People are constantly saying that Microsoft should make its systems more secure. Well to be honest, the ability is there. Windows Server 2003 and Windows XP can be as secure as any system around today. If you look at systems of the past like Windows 98, and older versions of Linux, they weren't designed to be able to withstand today's aggressive security landscape. Times change and the operating systems changed with them.

If you give someone a house, and they get robbed because they didn't lock the front door, that's not the builders fault. Some people would say, "Yeah, but the problem is with Windows it doesn't matter if you lock the front door because there are holes in the walls."

Generally speaking, that analogy doesn't hold up, but to be fair there are probably holes that haven't been discovered yet as there are with all operating systems in use today.

You'll find though that operating systems as a whole are a lot more secure now than they were even 2 years ago. We're learning. We've learned that security really does have to come before functionality, and that people can't be trusted to do what is right. This is why OSes are now shipping with everything turned off and they leave it up to you to turn on only what you need.

Users demand features, and if they don't get them, they complain. So it puts OS vendors in a rough position: do they make it usable and feature rich, or make it secure and 'off by default'. Corporate customers are at the point where they handle the latter case quite well. However, for the average consumer like my parents, this is a bit too hard. So what's the answer? If companies ship an OS with everything turned on and easy to use, chances are it's not as secure as one with everything turned off by default and designed from a "security first" standpoint.

Linux has shipped with things off by default for a long time, and rightfully so. This is a good approach but to be honest, to get anything working on Linux really does take a computer science degree. This is not the kind of thing most consumer users can do. It works fine in enterprise level systems where the people responsible for setting up the infrastructure and keeping it running live and breathe Linux, but not for people like my parents.

So here we sit, between off by default and safe, and feature rich and too easy to use. Maybe we should be focusing on how to make the off by default case easier to manage and maintain. If the features were easier to enable and disable in a secure manner maybe Mum and Pop would be able to deal with 'off by default and secure' as well as an industry expert would. What do you think?

Editor's Picks