Vista Security: A Petulant Child

Joe Wilcox Should third-party software vendors reduce the security noise Windows Vista makes?

The answer is no easy one. With Vista's new security features, Microsoft's heart is in the right place, but good execution takes more than heart.

The problem is simple: Windows Vista is a noisy operating system. Between the new UAC (User Account Control) and Internet Explorer 7, there is a lot of chatter. Other security features, such as DEP (Data Execution Prevention), only add to the noise--in the form of pop-up notifications, some that are greatly intrusive.

Nag, Nag, Nag
Like a screaming, petulant child, a UAC security pop-up demands attention, and users must respond to get around it. The security notice seizes control of the computer, the screen goes gray translucent and a pop-up box asks the end user's permission to do something. The end user can regain control by responding to one of two options: "continue" or "cancel."

Windows Vista uses a token-based approach to security that essentially treats all end users, even administrators, as standard users. The UAC pop-up warnings grant temporary administrator rights.

Shad Collins, director of Information Technology for Bojangles Restaurants, expressed a common sentiment: "The limited access that [UAC] has the users operate under is a nice concept but it doesn't always put the notification window in the foreground and [it] has a tendency to nag you to death when doing an install or running a non-signed application."

Symantec asserts that UAC is a problem that needs fixing, and the company plans to release security software to do just that. Symantec's core problem with Vista security is three-fold: There are too many security pop-ups, the notices are unclear or confusing and users aren't necessarily the best pop-up response decision makers. Symantec plans to release software that will reduce the noise and take over some of the security responsibility from end users.

I'm not convinced Symantec should take that role, which isn't an endorsement for Microsoft's approach to Windows Vista security. From a usability perspective, Vista security pop-ups are a usability bad dream. I don't say nightmare, because pop-ups from malware--that mechanisms like UAC seek to prevent--are a much worse usability problem.

Security and Usability
Strangely, Microsoft's Vista security is a problem because the fundamental concept is sound. Microsoft rightly recognizes that as security attacks increase in sophistication, so must the response. Anti-virus or anti-spyware software are no longer protection enough, if they ever were. These type of mechanisms are more passive responses.

With Vista, Microsoft has taken a more active approach to security, in part by putting in numerous roadblocks designed to stop or deflect security problems. If malware or a hacker breaches one barrier, another is in place to block the way.

Problem: From a usability perspective, these roadblocks to infiltrators act as speed bumps to end users and increase the complexity of using Windows Vista compared to Windows XP. End users accustomed to driving 65 mph down the Windows XP highway must slow down for the many Vista security speed bumps.

Microsoft faced a difficult challenge with Windows Vista: How to improve security without hurting usability. Overall, the security approach is sound--of building in multiple proactive security mechanisms--but at the cost of usability.

Solution providers say that security is one of the top-three areas of inquiry they get from IT organizations. More concern is about usability impact--and costs associated with it--than actual security benefits.

"UAC will be part of the hesitation in moving to Vista, because the general user population doesn't like change," said Dan Cogswell, senior technical trainer for KnowledgeWave Training.

I tested Windows Vista for most of 2006. Microsoft definitely decreased UAC noise--the sheer number of pop-ups--throughout the Vista development process. The security notifications were godawful many right up until the final test builds. As a user, I'm not too troubled by UAC anymore. However, UAC isn't the only source of Windows Vista pop-ups. It's the combination of security notices, from multiple places, that increases complexity and negatively impacts Vista usability.

IE 7 Nags, Too
Overnight, I posted about Internet Explorer 7, for which I have seen a large number of unhappy Microsoft Watch comments or received a direct reader e-mails. Security is part of the problem, whether caused by new security features or IE 7 pop-up noise.

Simple example: When using the Microsoft Watch blogging system's tools to insert a link in a post, IE 7 blocks the process and warns: "The Website is using a scripted window to ask you for information." I can "temporarily allow scripted windows," which is fine, but still annoying. The process is a security speed bump, which is intended to prevent malicious scripting windows but instead is an ongoing annoyance.

Symantec is right about what's wrong. But I'm not convinced third-party developers could do any better, and they could make things a whole lot worse by increasing end user confusion. Unnecessary complexity already is a huge problem that partners could make a whole lot worse.

Microsoft's mistake--plan, pure and simple--is execution. The company has a tendency to over design products, of exposing too much complexity to the end user. Office 2007's "ribbon" is an improvement, but it's one element of one product. The rule of thumb is complexity.

Where Microsoft could learn from Apple or Google is how to emphasize simplicity while hiding complexity.

Keep Security Simple
Increased safety doesn't necessitate increased complexity. Over the years. auto manufacturers have increased safety without overly increasing complexity. Many safety features are hidden, like airbags or structural protections such as the way the front end collapses during a collision to prevent the engine from easily pushing up into the cab (and the driver's lap).

If IE 7 were a car, drivers would hear warning "did you look for oncoming traffic" when switching on the turn signal. Or when switching on cool air: "Warning. Did you know that the air conditioner can impede engine performance and so driving safety."

The chatter would drive drivers nuts, lest they become numb to it. Microsoft definitely risks that outcome.

I praise Symantec for recognizing real Vista usability problems and looking to solve them. But they're only problems when consumers or businesses move to Windows Vista (which is going to be awhile), assuming they don't simply turn off UAC and other Vista security features. However, I'm convinced that only Microsoft can really fix the problems because the security notices are pervasive and summoned from multiple places in the operating system. Microsoft must take responsibility and reduce the unnecessary complexity.

I remember when, following the "I Love You" virus outbreak, Microsoft changed Outlook to block most file attachments. The company took some heat for the approach. Users weren't prompted to take attachments or not. Outlook simply blocked them. Microsoft made the right, tough call. The attachment blocking annoyed much less than would have pop-ups for every e-mail asking whether or not the end user wanted to accept or block the attachment.

Simple security should be one of Windows' number one design goals.

Create, Communicate, Collaborate with IT Professionals at Ziff Davis Enterprise IT Link.