The much-anticipated and much-delayed release of Windows Vista
to the enterprise market was the end of a long, arduous process for
Microsoft and the beginning of an equally lengthy and potentially
difficult one for customers. Deploying a new OS is never an easy
task, and enterprise IT shops only do so when there is a compelling
economic or technological reason to do so. With Vista, Microsoft is
pinning much of its hopes for broad adoption on the many security
upgrades woven into the OS.
 | | | | | Perhaps more important to the
overall health and well-being of the Internet at large is how
rapidly Vista penetrates the consumer market.
, |
| | | | | |
| |
|
However, analysts and customers say that even with new security
measures such as Network Access Protection (NAP), an improved
Windows Security Center and User Account Control, it will likely be
as long as a year or 18 months before Vista makes any serious
inroads in corporate networks. Budget cycles, the relative
stability of Windows XP and the cautious nature of most CIOs will
dictate a cautious approach to large-scale Vista rollouts in the
coming months.
But perhaps more important to the overall health and well-being
of the Internet at large is how rapidly Vista penetrates the
consumer market. The plain ugly truth is that home users are the
biggest security threat there is at the moment. Careless and just
plain clueless home users have become the favored victim pool for
spammers, phishers and bot herders looking to plant their Trojans,
keystroke loggers and other malware. Despite the fact that
virtually every new PC sold in the last five years has come
preloaded with antivirus and other security software, consumers
continue to fall victim to scams of every size, shape and color.
Once their wares are happily ensconced on users' PCs, attackers use
the infected machines as launching pads for all manner of badness,
including DoS attacks, bank fraud and spam runs.
This kind of activity has been going on for years, but the
education and awareness efforts aimed at home users have been
largely ineffective. Apparently clicking on pretty pictures and
opening offers for discount Viagra are just too tempting to pass
up. But, many of the new security features in Vista should help
protect those users from themselves. Two features in particular,
Kernel Patch Protection (KPP)and User
Account Control (UAC), could prove especially useful in
preventing serious malware infections.
KPP, the feature that security vendors love to hate, is designed
to stop rootkits and Trojans from hooking the kernel and burrowing
deep inside compromised machines. Without access to the kernel,
these programs are far less effective at hiding their presence and
therefore easier to find and remove. It's important to note that
users will not be able to turn off KPP as they are wont to do with
things like antivirus or Windows Firewall when they become too
intrusive or noisy.
User Account Control is perhaps even more important for the home
user base than is KPP. In previous versions of Windows, each user
for all intents and purposes was an administrator with unlimited
privileges on their machines. This meant that any malware resident
on the PC also had administrative rights by default. Not good. With
UAC, machines can be set up so that most applications and processes
run with limited rights, known as standard user mode. The idea is
to prevent users from making changes to their PCs that can cause
security vulnerabilities or other problems.
For the 99% of home users who don't have any real technical
knowledge, these protections should function as a digital safety
net. They may annoy more advanced users in the short term, but the
Internet as a whole will be better off for it in the long run.