I believe some security vendors are worried about their future — and rightly so. The out-of-box experience for Windows Vista will include a two-way (outbound and inbound) firewall, anti-spyware protection, an operating system that asks for permission prior to allowing administrative tasks, and a redesigned Internet Explorer 7 that works in a protected mode that separates your browsing experience from the operating system. Having all of these features provides you with a very secure out-of-box experience.
After working with the latest Windows Vista Release Candidate 2, I have several predictions and observations that I would like to share. The two-way firewall protection included in Vista will not put software firewall companies out of business just yet, but I see that market drying up as we approach the first service pack of Vista. Microsoft still has some catch-up to do. Windows XP and Internet Explorer 6 were full of security flaws and holes. It was also very cumbersome to run as a limited user account (LUA). Almost everyone runs Windows XP with a computer administrator account. This is a security nightmare and helped malware and spyware thrive in the Windows XP era. It wasn’t until XP SP2 that Microsoft finally began securing XP. All of these flaws and holes in security opened the doors for security companies such as Zone Alarm, Norton, Lavasoft, McAfee, etc. In the PC world of today, it is a requirement to have software firewalls, anti-virus, spyware and rootkit detection to keep your computer safe. This is why I am so excited about Windows Vista — I’m not going to have to buy all those other security products anymore! All of these third-party products will become obsolete as Microsoft’s security products evolve and mature. This is what security vendors are worried about. They are in no immediate danger but they are scurrying to come up with plans for the future. Microsoft still has some catch-up to do before the out-of-box experience is up to par with the current security products available, but it has security vendors asking some really hard questions such as, “What will we be able to offer that the out-of-box experience doesn’t already provide?”
As a senior consultant in the trenches, I hear a lot of mumbling and grumbling that Vista’s two-way firewall is not as good as competing products and that the spyware protection, Windows Defender, does not handle spyware and rootkits very well compared to other vendors. I absolutely agree with that view, but you have to look at what Windows Vista is going to offer as a whole — the big picture. Vista has tightened security, two-way firewall, ability to run as a standard user, and spyware protection. All of these pieces are going to make it very difficult for viruses and spyware to make it on your system. Just look at Linux and Apple. Most people who run their operating systems do not even run antivirus or spyware protection. Microsoft is playing catch-up but they are heading in the right direction and I am very proud and excited about the future of Windows Vista.
Let’s look at an example. You are currently running Windows XP as a computer administrator with Internet Explorer 6. As a computer administrator, you are giving spyware and malware an open door to your system. IE 6 is not protected, and because you are running as an administrator, you are automatically giving access to spyware and malware to write to your system files. With Windows Vista, you can successfully close the door on writing to your system files by running as a standard user account. This closes the door on spyware and malware automatically. Add the other components such as spyware protection and a firewall on top of this and your system is very secure. If I were a security vendor, I would look to complementing Microsoft’s existing infrastructure rather than replacing it with similar products. One such area that Microsoft hasn’t approached is the rootkit arena.
It would be naive of me to think that all of Microsoft’s security woes are going to be fixed with Windows Vista, but this release is heading in the right direction, and I will be very curious to see how security vendors handle the transition. What are your thoughts on the issue?