« Vista Gets it Right "Can't find NTLDR" | Main | Visual Studio 2008 -- Still Has Not Addressed Basic Issues »

User Access Security in Vista--A Terrible Mistake

This entire security paradigm makes a grossly invalid assumption: ordinary people actually know what to trust, that they actually know what they are doing and know how to protect themselves. The vast majority of consumers treat their systems like a trusted home appliance. They assume that it should work and keep working as long as it's plugged in and they pay their broadband bill. They have no clue about how their systems are subject to attack from all sides--they simply trust Microsoft to protect them. Putting the responsibility for their own security entirely in their hands is a truly ludicrous idea.

I just build up a system for my granddaughter (age 5). She was able to connect the keyboard and mouse (color-coded cables) but when we visited a trusted web site that had a PDF file, the trouble began. For some reason Vista does not have the Adobe Reader installed. (Incidentally, one MUST have UAC enabled for it to install.) In the process of getting the file read, we must have had to click "OK" to a dozen (literally) dialogs warning about one thing or another. Try to explain that to an ordinary person--much less a 5-year old.

Should parents expect their children to come and get them when they see these dialogs? How are parents to know which are real threats and which are not? Since the parents or someone they trust told them that it was okay to click through the message, why hasn't the system learned that this action is safe? No, this system is totally, 100% unworkable. Why? Well, people will get so tired of these constant security popups that they will disable the feature and then what? Since the security scheme assumes these attacks will be prevented by UAC, once it's disabled, they're pooched.

I think that Microsoft has really failed the world's computer users--they've had a decades to get this right and they still missed the mark. Frankly, I think it's insane to build better and better filters when the problem is polluted water. MS and the worlds internet service providers need to rebuild the internet so those who have no regard for the law can't prey on the most vulnerable--our wives, children and the elderly. They need to stop talking about fixing the problem and just do it. Microsoft has the money. Just do it. And stop foisting off the job on the consumer.

Posted by William Vaughn on August 14, 2007 10:04 AM |

Comments

Very well put. User Access Security has always seemed somehow wrong to me and this summarizes it nicely.

Posted by: Peter Kellner Author Profile Page | August 16, 2007 6:25 AM

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)