Burglar-Proof Windows?

The new security features may be annoying, but they're good for you


The Microsoft (MSFT ) marketing hoopla set off by the Jan. 30 launch of Windows Vista will focus on the software's spiffy new look and enhancements such as greatly improved search abilities (BW—Jan. 15). But the really important changes, mostly hidden, aim to improve Windows' leaky security. What you see of this may be annoying, but trust me, it's good for you.

One big reason Windows has been so vulnerable over the past 15 years is that Microsoft chose to make things easy when faced with a trade-off between security and convenience. But in recent years, as Windows users have grown increasingly outraged by nonstop hacker attacks, Microsoft's attitude has evolved. The company originally intended to base Vista on Windows XP but scrapped that idea a couple of years ago. Instead, it resolved to work off the much more secure foundation of Windows Server 2003. The Server version has generally won good marks for security.

All operating systems have security holes, and Vista will be no exception: One potential vulnerability has already been identified by security experts. The difference is that the holes in Vista should be much harder for the bad guys to exploit, compared with earlier versions of Windows.

A couple of protective features introduced in Windows XP have been expanded in Vista. Windows Defender, an anti-spyware program that was a free download for XP, is built into the new version. And the Windows Firewall is much enhanced. The XP version could block incoming attacks, but the Vista edition watches traffic both in and out of your system, which can help stop malicious programs from stealing data or spewing spam e-mails.

THE CHANGE YOU WILL NOTICE MOST is called user account control. Mac owners have long been used to Apple's (AAPL ) OS X asking their permission before installing any software. This is a good thing. Microsoft, similarly, tried to clean up its act in 2004 with a major upgrade to XP called Service Pack 2, and again with Internet Explorer 7 last fall. But Windows has always been promiscuous about loading software from dubious sources without asking questions.

No more. Vista won't install anything, from any source, without explicit permission. (You can turn account control off in a control panel, but it's not wise.) To let an installation proceed, you will have to either click a button to give permission or supply a password, depending on how your account was set up. Among other things, Vista allows you to set up restricted accounts for your kids to keep them from downloading software to your computer without your password.

But some work needs to be done, especially by third-party software suppliers, to keep account control from driving you nuts. For example, every time I start up, the Logitech (LOGI ) mouse software wants to check the Web for updates—and triggers an alert. So does a test version of Norton Antivirus (SYMC ). Eliminating these false alarms will encourage users to pay attention to the warnings rather than just reflexively clicking O.K. Stopping to think for a moment before permitting an installation can help keep Windows more secure.

Versions of Vista designed for corporate use include a feature called BitLocker that allows simple but strong encryption of hard-drive contents. It's likely to make its way eventually to home versions, too, but only when a required piece of hardware, called a Trusted Computing Module, becomes common in consumer desktops and laptops.

I'm usually the last person to salute anything that makes life more complicated for computer users. But in the case of Vista, a little inconvenience up front can save you a lot of grief that malicious software and other attacks can cause. The long-overdue security enhancements are bound to irritate some users, but they're all for the best.

For past columns and online-only reviews, go to Tech Maven at www.businessweek.com/technology/wildstrom.htm

By Stephen H. Wildstrom

    Before it's here, it's on the Bloomberg Terminal.