IDG News Service - Despite being widely derided (even by Microsoft executives), the Vista OS was instrumental in finally bringing to the world a secure version of Windows, at least if a presentation by a Microsoft security expert at the Usenix Security Symposium, being held this week in Washington, D.C, is any indication.
And it was the most widely hated feature of Vista -- User Access Control (UAC) -- that can take the credit.
It was all the users complaining about the annoying UAC pop-up boxes that finally spurred many application developers to rewrite their programs, explained Crispin Cowan, a Microsoft senior program manager for the Windows core security team.
These programs were rewritten so that they did not require full administrative privileges to run, which, in turn, cut down on the UAC boxes and allowed users to slowly grow more comfortable running in more limited, but safer, user modes.
"The purpose of UAC was to move applications away from using administrative privileges. Its job was to spank programs that used administrator that don't need to," Cowan said.
UAC, in effect, caused a "massive decimation of the population of ill-behaved [Windows] programs," he said. "The number of programs asking for admin rights dropped precipitously."
Cowan's talk was an extended argument on why Windows 7 is as secure as Unix variants such as Linux. And this security parity came about, in his view, in large part thanks to the fact that Windows Vista was the first desktop version of Windows to not, by default, give each user account full administrative privileges.
Windows' reputation for lousy security has been fully deserved, Cowan admitted. Even today, the most widely used version of Windows is Windows XP, which was built in 2001, and lacks most of the security provisions needed for today's environments (though Service Pack 2 added a lot of security features, he said).
Early versions of the Windows OS stressed usability over security, as well as interoperability among different programs, Cowan said. As a result, Windows allowed every user to have full control over the machine, in effect giving each user account full administrative control over a machine.
"If you are running as administrator, security is fairly hopeless," he said. Unfettered administrative rights is what allowed malware and viruses to take control of computers.
Beginning in 2002, however, Microsoft started making security an essential part of software development. As a result, the then next version of Windows, Vista, featured a total separation between what a user can do on a machine and what an administrator can do, a separation that has always been enforced on Unix distributions.
Free Insider GuideCopyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
