The security program in Microsoft's new version of Windows is so annoying you're likely to turn it off. And that's risky
When I write a column, I almost never feel I have had enough time using the product under review. Even in the rare instance in which deadlines aren't bearing down, I often realize later on that I've missed a fair amount. In the case of Microsoft's Windows Vista, flaws that I thought would grow less annoying with extended use have actually become more troublesome.
Most of the time I spent testing Vista was with sluggish pre-release versions. I expected things to improve when I ran the finished software on PCs configured for the new Windows version. I now realize that Vista really is slow unless you throw a lot of hardware at it. Microsoft (MSFT) claims it will run with 512 megabytes of memory. I had recommended a minimum of a gigabyte, but 2 GB is more like it if you want snappy performance. This is especially true if you're also running resource-hungry Microsoft Office 2007.
The most exasperating thing about Vista, though, is the security feature called User Account Control. UAC, satirized in an Apple (AAPL) ad as a security guy who constantly interrupts a conversation, appears as a pop-up asking permission before Windows will do a number of things: change system settings, install programs, or update antivirus software. UAC may well be necessary to block malicious programs from secretly installing themselves or hijacking your browser settings. But Microsoft has designed it to drive you nuts.
A recent experience demonstrates what I mean. I was working away when Windows OneCare, Microsoft's extra-cost security program, suddenly popped open a window asking me if it should give a program called wercon.exe access to the network. To begin with, this is a question that would mystify nearly everyone. (It turns out wercon.exe is a tool that sends error reports back to Microsoft.) When I clicked O.K., UAC asked me if it should let OneCare proceed. You would think Windows would be able to figure this out for itself and that these different security components would work together. But Vista leaves it all to the user to sort out.
There's a real danger here: UAC is such a nag that many folks will just turn it off, which Microsoft has made quite easy to do. Disabling UAC is especially tempting if you have set up limited accounts for your children that let you restrict the sort of Web sites they can visit, the programs they can run, and the amount of time they can spend on the computer. With limited accounts, the kids will have to find a parent whenever a UAC window pops up. But if you give them unlimited accounts to deal with UAC requests, they can undo any restrictions.
Unfortunately, turning off UAC severely weakens Vista's defenses. In a study of Vista security, Symantec researcher Orlando Padilla found that without UAC, Vista's resistance to hostile software was similar to that of Windows XP. Before Vista, Windows promiscuously let programs install new software and make system changes without any notice to the user. UAC goes way too far the other way, requiring intervention for many innocent actions. The version of UAC in Mac OS X works much better, rarely popping up except during a software installation or upgrade.
As for general usability, I still have trouble finding once-familiar features that have been hidden in odd places. For example, unlike XP's My Network button, an item on Vista's main menu called Network does not give access to any network settings.
Things don't have to be this way. I've spent as much time with the redesigned Office 2007, and it feels quite comfortable. I'm sure I'll get used to Vista's quirks, Microsoft will smooth out the rough edges, and, in time, Vista's many attractions will outweigh the drawbacks. For now, though, it's a pain.