Tag Archives: Windows Vista UAC

No Anti-Virus Warning Message + No In-Your-Face UAC = Less Secure Windows 7

Get this formula? Well this is the basic formula thrown out by Trend Micro CTO, Raimund Genes, in an interview with The Register. Genes also said that out of the box, Windows Vista is better than Windows 7. Let’s go over his reasoning.

After install, Windows 7 does not warn users to install an Anti-Virus program.

This depends on what you consider a “warning” to be. For instance, a pop up balloon appeared above the system tray when I first booted into Windows 7 telling me that I had a potential security problem. When I clicked on the balloon, the Windows Security window appeared showing me my problems which was the lack of an Anti-Virus program. It wasn’t a flashing red screen with words like, “OMGZ! DANGER ANTI-VIRUS NEEDED! GET NOW WTF!” but, it was something.

My problem with this is that the average user has been aware of viruses, malware and other coded shenanigans for about a decade. It has become standard for a Windows user to install Anti-Virus software onto a computer after installation of Windows. Any user that still does not know to do this will eventually have someone tell them to do it or they will find out the hard way. The latter is unavoidable and something, I think, the IT community has gotten used to.

Where’s the UAC?

Windows 7 UAC File Extension ChangeMr. Genes says that Microsoft sacrificed security for usability. In Windows 7, the User Account Control has been dumbed down a bit where there are far less popups, annoying users with warnings that they were about to do something to changing something – from running an installation program to changing a file extension. As you can see to the right, the UAC works just fine when you attempt to change a file extension, such as .exe, in the Program Files folder. The UAC did not warn me when I changed an .exe file extension on my D drive (my hard drive is partitioned into C (Windows and programs) and D drives).

One of the biggest complaints I personally heard from people was the UAC. Apparently, Microsoft got the same as well. The UAC is a good idea but in Windows Vista, it was a little poorly implemented. Annoying people won’t get them to make better choices when it comes to security – it will make them look somewhere else for an operating system. Usability and profit were obviously involved in Microsoft’s decision but I do not believe they sacrificed security for those things.

Mr. Genes also thinks that a virtual Windows XP should be added with versions of Windows 7 Home Premium for security reasons. Windows XP was a good OS but it has served it’s purpose. I fail to see how this would improve security any and I think that this would only serve to confuse the average user and retard their adoption of Windows 7. Windows 7 is about moving forwards, not backwards.

Mr. Genes, to his credit, did not say Windows 7 is not secure at all. He merely thinks that Windows Vista is more secure out of the box than Windows 7. I disagree, because a few [hundred] extra pop ups does not make an operating system more secure. But what do I know? I’m just some random idiot with a blog, not a CTO from a security firm. 😀