Feeds

Why Vista will take a back seat for a few years

The new waiting game

SANS - Survey on application security programs

Comment Vista is a step forward in security, but many businesses will be stuck with Windows XP for years to come, due to the cost of upgrading, the value of existing assets, and compatibility issues that trump security features.

As I write this, Microsoft is launching the consumer version of Vista in New York, apparently with dancers in tights scaling the side of an office building to form a human billboard. It sounds like the highlight of the launch, which reads in many news reports as a real yawner. It's too bad in a way, because Vista's security architecture makes it a much better product. But there aren't too many consumers lined up to buy Vista.

It's unfortunate that some of the useful features like full disk encryption (BitLocker), license transferability, and support inside virtual machines aren't enabled in the consumer (OEM) version of Vista, but that's a renewed discussion for another time.

I think Vista is a great advancement in safety and security for consumers, but most of those folks don't know what the real differences are. Consumers will just end up with Vista (or perhaps OS X, or even the long shot, Linux) the next time they buy a computer. They'll still need anti-virus, anti-spyware, and all the rest. Consumers who do understand what Vista offers aren't exactly lining up either, because they also know about the heavy hardware requirements, the lack of drivers, no gaming need for DirectX 10 (yet), which is exclusive to Vista, and some of the questionable product activation decisions made by Microsoft.

For businesses it's another story. They do know and care about Vista's security improvements. It really is better. It's a big step forward from Windows XP security, I agree. And if one believes Microsoft's marketing rhetoric, most businesses will be deploying Vista in the next three to six months, right? Not so fast...

Why is it that Windows XP will remain the corporate standard for years to come?

The cost of upgrading from XP (or, why everyone loves Vista)

Computers are assets in a business environment where the cost to maintain them far exceeds the purchase price of the hardware and software. Businesses want to keep costs and expenditures down, but more importantly they want to get the best value from their assets. Computers are only important to a company because of the applications that they run - and compatibility is key here. Unless an enterprise application that's critical to the business' operation requires Windows Vista, what is the business reason to upgrade?

I'm scratching my head on that one. Most businesses will stick with Windows XP for the next few years. Security by itself is not a business reason to upgrade; security and Windows don't exist in a vacuum. And yet, just about every vendor on the planet will now be telling you and your business about the need to upgrade to Windows Vista. Let's take a look a just a few of the reasons why.

Consultants love Vista because it means big consulting dollars to evaluate, plan, test, migrate and implement new desktops and server platforms in business environments. Vista is different enough, in fact, they may even need to raise their rates.

Resellers love Vista because the hardware requirements are very steep, meaning heavy new hardware purchases and new software licenses all around. Hardware manufacturers love Vista and are happy to advertise this fact because it just doesn't run well on old hardware (old = one year old). It doesn't run well at all on any laptop today that isn't high-end, say, anything less than dual 2.0 Ghz processors in a Core 2 Duo with a bare minimum gigabyte of RAM. Ouch. Video card manufacturers really love Vista because, for the first time ever, the majority of the population who don't play games (business users) will still need a high-end video card just to get all the OS features enabled in their word processor and web browser.

IT and security admins love Vista because they will need new training and new certifications to put on their resume. Security vendors love Vista because all customers will still need anti-virus, anti-spam, anti-spyware, anti-phishing, anti-adware, anti-fungal, anti-everything software. Help Desk folks love Vista because it provides long-term job security. And end users love Vista because it means they get some new training and a fancy new computer, albeit one that's faster yet somehow runs slower than the one they had before.

Content producers love Vista. Computer scientist Peter Guttman has a fascinating DRM discussion about how Vista purposely degrades "premium content" and affects what you can do with that content. It also affects system performance, stability, support, and hardware and software costs.

Apple shareholders love Vista because it will drive more folks to the Mac OS X environment than ever before.

Spyware and adware companies love Vista because the Internet Explorer 7 browser still supports ActiveX, an ill-conceived language dating back to the Netscape days. But I'm getting ahead of myself; oops, IE7 and its new ActiveX controls run just fine on Windows XP as well. Criminals are putting their botnet software and keyloggers in many of those "Vista Activation Crack" torrents on the Internet. Even virus writers love Vista, because it gives them fun new challenges to adapt and overcome Vista's security model in potentially trivial ways, like social engineering.

A great many companies and individuals, legitimate or otherwise, are set to make quite a bit of money off the early adopters of Vista. And it's all just to replace existing office technologies such as Windows XP that often perform adequately and do the job today. Of course, today's corporate installs may or may not be secure...

Top three mobile application threats

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.