When I was a teenager in California there was private oil pier near Rincon that we liked to jump off. It was great—you’d throw your surf board off first so there was no backing out, because it was scary looking down at the dark green ocean so far below you. Once your board was in the water you had no choice but to follow it out into the emptiness below.

It seemed to take forever to fall that distance, with your arms flapping in the air the fear and adrenaline peaking right before slapping into the cold not-Central-but-still-not-Southern-California water. For a few seconds you sensed yourself sinking deeper and deeper into the darkness; feeling the heaviness of the salt water build around you and the sliminess of the sea weed wrapping crawling up your back. Then your momentum stops and you would be back up to the surface almost instantly. The relief of fresh air and hearing your friends yelling and laughing up on the pier filled you with that rush that just made you want to grab your board and get right back up there again.

But then they built a fence to block off access to the pier, coupled with warning signs that we were entering private property. Of course, the fence was pretty lame. It went down the rocks and stopped just short of the water, leaving a gap where we could easily pass. And being the disaffected teenagers we were, we construed that as permission to enter—and we did. Throw the surfboards, jump, fear, slimy, and then the rush, over and over again.

Looking back I wonder why they would end the fence just a couple feet short of the edge of the rocks. If you’re going to stop two feet short, would it really make any difference if you stopped four, or even ten feet short? Would that be any less effective? And seriously, why spend money on a fence at all if it doesn’t go all the way to the edge?

And that’s what bothers me about UAC and other security controls in Windows Vista. I have been reading so many articles lately criticizing the shortcomings of security Vista. Sometimes these articles make me angry at the authors that write the articles and sometimes they make me angry at the people at Microsoft who designed these things.

But what is most interesting is how we’re all reacting to Vista. Here we are at a place where operating system security, most notably Microsoft OS security, has reached an all-time high. We’re talking about a Windows brand that just a few years ago would be compromised within minutes of plugging in that Ethernet cable. We’re talking about a Windows OS that lets you work fairly well on a daily basis as a non-administrative user. We’re talking about advanced security features that even your most annoying neighbor doesn’t have to call you up to use.

And yet there are two big complaints: how annoying the security controls are and how they won’t be 100% effective. There are problems with User Account Control (UAC) and setup programs, and many people have shown that it just isn’t enough.

Nevertheless, Vista is more than what we really expected from Microsoft in terms of security so why are we being so hard on them? Did we really expect an OS that was 100% secure and 100% compatible? And doesn’t Microsoft have a right to put in place annoying restrictions on stupid or lazy users with the goal of protecting us all?

But on the other hand, this is a fence that falls short of the edge. Just because we’re closer to the edge than we were before, are really we any better off? Don’t we have a right to complain?

This is the dilemma I am faced with—do I hate Vista security features or do I praise them?

The fact is that I do hate them. But I also praise Microsoft for taking these steps. User Account Control (UAC) may not be the perfect fence but it is a fence that isn’t finished yet. UAC and some of its components are still a bit quirky and have left some gaps open, but we really can’t fault it yet. It sets the basis for security that still may take years for Microsoft, other software companies, and end users to fully implement.

Look at the automobile industry. Accidents and thefts have always been a problem but it has taken many decades of research, laws, and consumer involvement to even make a dent in those problems.

So should we lay off Microsoft? Of course not.

Security knowledge is collective and everyone benefits from this painful process. But we won’t get anywhere if we take off the pressure. Microsoft should be praised for their willingness to take the abuse and admit their mistakes. There are so many companies that will go through great lengths to hide their flaws.

So here’s my proposal to Microsoft: we’ll be patient with the process as long as you keep listening to and acting our complaining. And my proposal to the complainers: we’ll be patient with you but see this as a process—complain with the goal of making things better.

The fact is that there really is a benefit in having a fence that is 95% finished even if it does let a few punks through; because that means it’s now easier to focus on fixing that last 5%.

News Dig:  http://news-dig.com

Related posts

• No related posts.