I’ve been using Windows Vista for several months now, and find it to be a cleaner and somewhat better designed operating system then Windows XP. And while there are clearly UI updates from the XP interface, Microsoft’s most significant update – and one of Vista’s key selling points – is not so easy to spot.
Enhanced system security…
Vista gives a user’s account fewer baseline privileges then it had in XP. It requires people to install software through something called the User Account Control (UAC). When a user tries to install something on the system, or an application tries to perform a lower level operation, the UAC will display a pop-up asking them if it is OK to bypass the stricter security. The user needs to say yes, or the software doesn’t get to do what it wants. It requires permission.
Users also have a say with security in Vista’s version of Internet Explorer 7. To protect the system from ‘silent installs’ (malicious code that a site writes out to disk), users are now asked for permission before a web site can download anything, or even run certain scripts.
While this might seem like a good approach, it doesn’t always work well in practice. If people receive warnings every time they do certain actions – regardless of the real risk associated with a particular instance of it – they start to lose their significance.
Think about it. How many times do people need to click OK or Next during the installation of the typical piece of software? Three? Four? Do they really pay attention to each step? Do they actually read the License Agreement? Probably not.
They’ve seen it all before, and just want to get the installation done…
The same thing will happen with these security measures in Vista. People will start to ignore ‘alerts’ that they see all the time. They’ll habituate. They will end up just clicking OK because they always have to click OK – it’s how Vista works. And they want to get done whatever it is they are doing.
And that defeats the whole reason for asking in the first place…
While security enhancements in XP were clearly needed, people are ultimately responsible for knowing what they should and shouldn’t do online. They need to follow some basic ‘rules of the road’ for being on the internet, and have some common sense. The operating system needs to play a role in security, but to be most effective, it need to do most of it’s work in the background. If it only involves the user when something is clearly a high risk action, it will do a better job of protecting them than if it alerts them about every possible danger. Very focused alerts will start to mean something, and people will pay more attention to them.
Sometimes less is more, even with security…
UPDATE:
When I saw this ad from Apple poking fun at the way Vista handles security, I just had to add it to the post:
It’s a good laugh.