So finally Vista has arrived, we have started to see ads on the newspapers, and even on TV.
There is one question regarding Vista that is still unanswered. Are you ready for Vista? A couple of days ago I was wondering if I was ready for Vista. So I decided to download and test the new tool delivered by Microsoft which helps users decide which Vista version is good for you. I was a bit dissapointed to realize that I was only going to be able to upgrade to Vista Home. Also, I found some problems regarding drivers support.
So if I need to change my hardware, basically buying a new computer, and if you add the Vista's price, which doesn't come cheap, it might be an expensive upgrade. So I don't think I will be an early adopter.
But let's talk about Vista Features, I want to focus on security. For a full detailed description visit the Vista security Guide.
So the question might be if I am going to be more secure with Vista. Microsoft claims so, and there is a lot of discussion around this. But some claim that there are already exploits on the black market.
I think that we should take into account, that security is as weak as the weakest link. If I rely on the user to allow or deny a certain activity, this is the weakest link. Let's see some examples. Recently it has been published a study regarding users online behaviour.
Online banks are one of the first targets for phishing attacks. This study shows, that users are the weakest link on the security chain. They really don't use the different tools available. But it is not their fault, in fact you have to take into account so many things that it is very easy to get fooled. I once made a web test regarding phishing attacks, and only got 95%. If you consider that I am quite aware of the problem, that made me wonder how easy it is for an unsuspicious user to be tricked.
Internet Explorer 7 has a new feature that changes the color of the url bar if you are navigating on a site with a certain certificate. This is not the solution, as lots of perfectly legal sites don't have the financial resources to afford those certificates. Will you prevent users from accesing them?
Attacks are getting more and more complex, we have fake codecs that fool users, spear phishing including personal information, DNS spoofing, etc. we need heuristic tools that are able to see what is happening behind the scenes, to really protect users from malware.
Finally, I hope that the new security features on Vista are up to what has been claimed, but we need to remember that nowadays users need to decide too many things related to security (ActiveX installations, Certificate validations, https, passwords, tokens, etc.) and as we have said before, it is very difficult to choose the right answer when there are so many elements involved.
So I think that as XP Service Pack 2 was a huge improvement in security so will be Vista, but there are still a lot of thing to be done. User education is a must and we should not forget this.