Vista (in-)Security
One thing I’ve noticed about the new Vista security model: it seems more designed to “CYA” on the part of Microsoft than to protect users from accidentally doing anything dangerous to their computers. I can imagine the smug looks on the Microsoft lawyers’ faces as they dream of swatting down any lawsuits, with an explanation to the judge that “every single user that got infected must have clicked the ‘OK’ button.”
In UNIX / Linux systems (including Mac OS X), if you want to do something dangerous, say, install a new device driver, either you have to explicitly “root up” by using “su” and entering your superuser password, or else it will prompt you for credentials when needed. The latter is a newer innovation; previously, in UNIX, you had to explicitly “become root” to do anything dangerous, thereby taking responsibility for security yourself. It’s a bit like a surgeon unsheathing his scalpel before operating; he is making a conscious decision to do something potentially dangerous, and is fully aware of what he’s doing.
Windows, on the other hand, takes the patronizing route that users are ignorant of security issues (which, to be fair, Windows users are, statistically). In effect, the new “elevation” dialog in Vista is saying, “In order to do what you just asked, I need to go do something dangerous that may break your system. But you don’t need to know what it is…just click that nice, cozy little “OK” button next to the oh-so-fluffy Windows logo, and I’ll take care of everything, so you don’t have to worry about or even think about security.” The user then blindly clicks “OK”, as he has learned to do with pretty much any cryptic dialog thrown up by Windows, and it’s as if security didn’t exist at all.
It’s a bit like if the aforementioned surgeon didn’t handle the scalpel directly, but instead controlled a computerized arm that held the scalpel. The computer controlling the arm would pop up a dialog asking the surgeon something like, “I’m about to sever the left ventricle artery and apply phosphoric acid to stem the bleeding. Please click “OK” to continue.”
To be fair, Microsoft has a tough row to hoe. The origins of Windows, of course, date back to DOS, which was firmly a single-user environment, not networked, and with minimal need for security. Hence, users got used to having free run of the machine and, by extension, the Internet. Windows users don’t take kindly to being told, “No, you can’t install that program unless you explicitly “become root”.” So, Microsoft has instead created a half-assed compromise, proving that a little security is more dangerous than none at all.
If I come across as a “Slashdotting, M$FT h@ter LOLZ!!11!!”, I’m not. A lot of stuff has been improved in Vista (at last! A proper management console for IIS!) but, as someone who kicked the “running as admin” habit several years ago, I really regret that Microsoft didn’t take advantage of this opportunity to educate its enormous user base about proper security.