It’s not bad, just misunderstood. Vista, that is.
Found this multi-step nightmare via The VERT Daily Post.
Now, it would be both easy and fun to turn this into another episode of MS bashing, but really, let’s think about this for a moment. Microsoft is trying to do mutually exclusive things: they are trying to make a system that is infinitely powerful and configurable—moreover, infinitely configurable by the typical user (aka my mother)—and at the same time protect that system from the ravages of said user and the virus-writing vermin that take advantage of that user.
It’s much easier to secure a system when you have a knowledgeable system administrator in charge of it and the user has to take what you give them. When the user has to be able to configure it directly, mmm, notsomuch. We have a nation of personal computers maintained (assuming they’re maintained at all) by a nation of minimally tech-savvy teenagers, tired sandwich generation baby boomers, and the occasional Geek Squadette. Not a good recipe for security.
Take the Mac. They were doing fine when it was a simple user interface and you couldn’t do a whole lot to get under the hood. But add the erstwhile NeXTstep OS on top of it (I guess Jobs had to try to re-use it somewhere after the black boxes tanked in the market), and you’ve suddenly got too many moving—and vulnerable—parts in it.
We need a stripped-down client, the equivalent of a rotary dial phone, for those users who still aren’t even really clear on the concept of the scroll bar. Everything needs to be pre-configured for them and immutable. It should get them from point A to point B and that’s it. It won’t protect them from phishing, of course, and other social engineering scams, but at least it will protect them from having their own user powers used against them.
In commercial areas where you have system administrators and some kind of central control, you can customize the stripped-down client that you deploy. For private users, maybe the way to go is to offer a centralized, dependable system administration service, complete with help desk and routine maintenance. If you could sign up with a bonded PC “service” that managed and controlled everything on your desktop, from the applications to the home area network and the Internet connectivity, then you’d be in much better shape. We have a lot of little consulting outfits offering parts of it already, but it doesn’t go nearly far enough to become an effective, trusted household name.
Once we got there, we could entertain an even more radical thought: maybe we should start fining those users who allow their computers to be taken over in a way that causes damage to others and the network. They could hand over the responsibility and liability to a third party, or they could keep it themselves, but someone would be liable. As Schneier always says, you’ve got to put the externalities in the right place.
Once users were made liable, they’d start demanding better security of MS and other vendors. They might even accept less control over their PCs if it meant less liability for them.
Just a thought ...
