David Louis Edelman David Louis Edelman

Windows Vista and Easy Security

I’ve owned and continuously operated Microsoft PCs since that clunky 8086 behemoth running MS-DOS 3.3 that I took to college with me in 1989. It ran at a sizzling 6 MHz, unless you pressed the big white button labeled “Turbo” on the front, and then — look out! — 12 MHz. (Why you would ever turn this button off, I don’t know.)

In all that time, I’ve never been hit by a computer virus, worm, or malicious piece of spyware. Once, not too long ago, I actually double-clicked on a virus-infected e-mail attachment without thinking, but my computer security package quickly caught it and disabled it.

That’s not to say that I’ve never received a virus over e-mail, or suffered an attack on my firewall. These things happen all the time. I’ve been to web pages that could conceivably have launched various bits of nastiness onto my machine had I not been running Firefox with a pop-up blocker and lots of Javascript restrictions. I’ve just never suffered the effects.

Windows Vista with Aero screenshotAnd why have I never suffered from a virus outbreak? Because, despite what you see and hear all over the Internet and the media, the security problems of Windows are vastly overblown. Windows is and has always been a fairly secure operating system, if you know what you’re doing.

True, I’m what they call a computer professional, meaning that I make my living on these things. I can program PHP and ColdFusion. But when it comes to the operating system, I’m not some technical uber-wizard that can pinpoint obscure DLL failures using the command line. I know how to edit the Windows Registry, I know how to start and stop Windows Services, I know how to use the Event Viewer. These are all fairly basic computer troubleshooting skills, and yet these skills and some readily available off-the-shelf security software are all it’s taken for me to keep my computer safe for nearly 20 years.

(And no, this is not an invitation for someone out there to try and craft something that will infest my computer. I’m sure you can. But the point is that you haven’t bothered to try yet.)

The security problem, therefore, does not lie with Windows software. The problem is with Windows usability.

Most of you reading this blog may be astounded to realize this, but Microsoft’s most pressing problem is not the encroachment of free and open source Linux. It’s not the growing popularity of the Firefox browser, or the lagging performance of its online properties in relation to Google’s and Yahoo’s, or the activities of a small population of malicious hackers and crackers. The thing that keeps the Microsoft brass up at night, believe it or not, is that most people feel like Windows is too darned hard to use.

To us in the tech world, it seems like every Joe and Jane you pass in the street reads Slashdot and has contemplated switching to Ubuntu. But the vast majority of people aren’t nearly that technically savvy. I found a study from 1997 that gives the number of IT jobs in the United States at 2,063,000. Even if we’re charitable and say that, despite the IT bubble burst, the number of tech jobs has doubled since then — or even tripled — we’re still only talking about roughly 2% of the U.S. population. We’re a lot more computer-literate than we were a decade ago, but I’m willing to bet at least 70% of the Windows users in the United States have never even heard of the Registry.

And so these are the people that your standard Russian underground hacker types devote their energy to attacking. After all, if you’re a burglar, why bother carrying around lockpicks when two-thirds of the houses in the neighborhood leave the back door unlocked? When you read about zombie PCs that are unknowingly sending out tens of thousands of spam e-mails every hour, you never hear that the victim was a sysadmin for Smith Barney. It’s the people with the usability problems. It’s the guy who downloads porn screen savers from untrusted sources. It’s the guy who believes that Chase Bank really did just send an e-mail requesting that he go to www.chase-banc.com and reset his password. These people don’t know how to secure their computers.

Windows Vista with Aero screenshotSo it strikes me that Microsoft has, on the whole, emphasized the right things in the development of their new Windows Vista operating system. They’ve concentrated on security, usability, and reliability. They’ve added in long-needed User Account Control, which will pop up a big, flashy warning message when your 73-year-old grandmother tries to add a worm to her Startup folder. They’ve built in anti-spyware, a stronger firewall, phishing protection, desktop search, and parental controls. Similarly, their workover of their Office software package has focused on cleaning up the user interface and bringing little-used features that have skulked backstage in sub-menus up to the spotlight.

Now whether Microsoft has actually done a good job is another question altogether. All of the early indicators say that Windows Vista is a less user-friendly operating system than XP was. They also point out that, since Microsoft spent so much time rewriting things from the ground up, there are bound to be a rash of new security holes in the first few months. (And I’m not even going to get into the whole Windows-vs.-Mac-vs.-Linux thing here.)

Unfortunately, I won’t be able to judge Vista first-hand until I either a) get the free reviewers’ copy that Microsoft is supposed to be sending me, or b) bite the bullet and buy that new laptop I’ve been talking about buying for months now. And if option a) comes first, I won’t be able to give a full review, because neither my desktop nor my laptop have strong enough video cards to handle the new Aero interface.

But our opinions aren’t necessarily the ones that matter in the grand scheme of things. No matter how convoluted the new user interface is, us relatively knowledgeable folks will get used to it pretty quickly. If Microsoft can help that 70% of people who’ve never heard of the Windows Registry to take better care of their computers — and maybe throw in a few goodies for the rest of us — they’ll have achieved what they set out to do.

It starts by making it easier for people to lock their back doors.

Comments RSS Feed

  1. Ellen on February 1, 2007 at 2:03 pm  Chain link

    This is not exactly related to the post, though it is computer-y.

    I’m reading your blog via the Atom feed in Google Reader. I noticed today that it seems to do neither a summary or the full post; I thought it was doing the full posts until I got to the end of this one and thought, “Huh, that’s an odd note to end on.” (The last bit that appears is “…but I’m willing to bet at least 70% of the Windows users in the United States have never even heard of the Registry.”) So I clicked on the link and headed over here, and discovered that there was plenty more to read. There was, however, nothing to indicate that that wasn’t the end of the post, and now I’m wondering how many ends of posts I’ve missed. Any chance you could fix that somehow?

  2. Brian on February 1, 2007 at 2:05 pm  Chain link

    Why you would ever turn this button off, I don’t know

    Early DOS programs – or some of them, details are hazy at this remove – ran their timing on the clock. The faster the clock the faster the game would go.

    Load up a clone of Space Invaders written for a 6Mhz clock when your machine was at 12 Mhz and BAM they’ll march down the screen and do a number on your launcher before you can blink.

    I think. It’s been a loooonng time.

    It starts by making it easier for people to lock their back doors.

    True. When you have to play system admin just to get your computer up and running without issue … your average user isn’t going to bother.

  3. Matt Jarpe on February 1, 2007 at 2:08 pm  Chain link

    I’ve heard of the Windows Registry, from you. Never did figure out how to look at it, and if I did I’d be just like the guy who opens the hood of a car that won’t go anymore and stares at the hoses and wires thinking “What did it look like when it was working?”

    The only time I’ve gotten a virus that crippled my computer was when I tried to download a piece of software from a most untrustworthy source: Microsoft. I got the latest version of Internet Explorer and, six weeks and a fat useless box of Windows ME! later I had to buy a new computer.

    So I guess that puts me in the 70%. I do know how to fix a car, though.

  4. David Louis Edelman on February 1, 2007 at 5:58 pm  Chain link

    Ellen: Thanks for pointing that out! I don’t know when I would have noticed that. It turns out that this is a new “feature” of WordPress 2.1, which I just installed two or three posts ago. From now on, every WordPress feed is going to behave this way. (Unless you do what I did, and install the Full Text Feed plug-in.) In short, you should be able to read the full posts in Google Reader now.

    Brian: You’re right, I do remember that happening with my DOS games now.

    Matt: I’m fine with computers, but God help me if I ever have to touch the inside of my car. As soon as you can catch viruses on cars, I’ll have one of those.

  5. Ellen on February 2, 2007 at 1:49 pm  Chain link

    Thank you! I guess that means I’m not likely to have missed much — but I’ll check my other feeds and see if this problem is turning up elsewhere.

Add a Comment

I don't censor comments; please don't make me have to start. You can use common HTML tags, such as <b>, <i>, <a>, and <blockquote>. Comments with more than one hyperlink automatically go into the moderation queue. Your information will not be rented or sold, ever.