I’ve owned and continuously operated Microsoft PCs since that clunky 8086 behemoth running MS-DOS 3.3 that I took to college with me in 1989. It ran at a sizzling 6 MHz, unless you pressed the big white button labeled “Turbo” on the front, and then — look out! — 12 MHz. (Why you would ever turn this button off, I don’t know.)
In all that time, I’ve never been hit by a computer virus, worm, or malicious piece of spyware. Once, not too long ago, I actually double-clicked on a virus-infected e-mail attachment without thinking, but my computer security package quickly caught it and disabled it.
That’s not to say that I’ve never received a virus over e-mail, or suffered an attack on my firewall. These things happen all the time. I’ve been to web pages that could conceivably have launched various bits of nastiness onto my machine had I not been running Firefox with a pop-up blocker and lots of Javascript restrictions. I’ve just never suffered the effects.
And why have I never suffered from a virus outbreak? Because, despite what you see and hear all over the Internet and the media, the security problems of Windows are vastly overblown. Windows is and has always been a fairly secure operating system, if you know what you’re doing.
True, I’m what they call a computer professional, meaning that I make my living on these things. I can program PHP and ColdFusion. But when it comes to the operating system, I’m not some technical uber-wizard that can pinpoint obscure DLL failures using the command line. I know how to edit the Windows Registry, I know how to start and stop Windows Services, I know how to use the Event Viewer. These are all fairly basic computer troubleshooting skills, and yet these skills and some readily available off-the-shelf security software are all it’s taken for me to keep my computer safe for nearly 20 years.
(And no, this is not an invitation for someone out there to try and craft something that will infest my computer. I’m sure you can. But the point is that you haven’t bothered to try yet.)
The security problem, therefore, does not lie with Windows software. The problem is with Windows usability.
Most of you reading this blog may be astounded to realize this, but Microsoft’s most pressing problem is not the encroachment of free and open source Linux. It’s not the growing popularity of the Firefox browser, or the lagging performance of its online properties in relation to Google’s and Yahoo’s, or the activities of a small population of malicious hackers and crackers. The thing that keeps the Microsoft brass up at night, believe it or not, is that most people feel like Windows is too darned hard to use.
To us in the tech world, it seems like every Joe and Jane you pass in the street reads Slashdot and has contemplated switching to Ubuntu. But the vast majority of people aren’t nearly that technically savvy. I found a study from 1997 that gives the number of IT jobs in the United States at 2,063,000. Even if we’re charitable and say that, despite the IT bubble burst, the number of tech jobs has doubled since then — or even tripled — we’re still only talking about roughly 2% of the U.S. population. We’re a lot more computer-literate than we were a decade ago, but I’m willing to bet at least 70% of the Windows users in the United States have never even heard of the Registry.
And so these are the people that your standard Russian underground hacker types devote their energy to attacking. After all, if you’re a burglar, why bother carrying around lockpicks when two-thirds of the houses in the neighborhood leave the back door unlocked? When you read about zombie PCs that are unknowingly sending out tens of thousands of spam e-mails every hour, you never hear that the victim was a sysadmin for Smith Barney. It’s the people with the usability problems. It’s the guy who downloads porn screen savers from untrusted sources. It’s the guy who believes that Chase Bank really did just send an e-mail requesting that he go to www.chase-banc.com and reset his password. These people don’t know how to secure their computers.
So it strikes me that Microsoft has, on the whole, emphasized the right things in the development of their new Windows Vista operating system. They’ve concentrated on security, usability, and reliability. They’ve added in long-needed User Account Control, which will pop up a big, flashy warning message when your 73-year-old grandmother tries to add a worm to her Startup folder. They’ve built in anti-spyware, a stronger firewall, phishing protection, desktop search, and parental controls. Similarly, their workover of their Office software package has focused on cleaning up the user interface and bringing little-used features that have skulked backstage in sub-menus up to the spotlight.
Now whether Microsoft has actually done a good job is another question altogether. All of the early indicators say that Windows Vista is a less user-friendly operating system than XP was. They also point out that, since Microsoft spent so much time rewriting things from the ground up, there are bound to be a rash of new security holes in the first few months. (And I’m not even going to get into the whole Windows-vs.-Mac-vs.-Linux thing here.)
Unfortunately, I won’t be able to judge Vista first-hand until I either a) get the free reviewers’ copy that Microsoft is supposed to be sending me, or b) bite the bullet and buy that new laptop I’ve been talking about buying for months now. And if option a) comes first, I won’t be able to give a full review, because neither my desktop nor my laptop have strong enough video cards to handle the new Aero interface.
But our opinions aren’t necessarily the ones that matter in the grand scheme of things. No matter how convoluted the new user interface is, us relatively knowledgeable folks will get used to it pretty quickly. If Microsoft can help that 70% of people who’ve never heard of the Windows Registry to take better care of their computers — and maybe throw in a few goodies for the rest of us — they’ll have achieved what they set out to do.
It starts by making it easier for people to lock their back doors.