Windows 7 less secure than Vista

It's really about time that Microsoft realised just how annoying UAC is and essentially downgraded it. People need to stop relying on Windows to keep their operating system safe and accept that they need a powerful antivirus and firewall suite. For me, Kaspersky does a better job than UAC ever could and does it in a way that doesn't annoy me and doesn't lower security. The difference is that Kaspersky will let me configure it easily and will trust that I know what I'm doing, whereas UAC is like an overbearing parent looking over your shoulder all the time. Here's an idea: make it mandatory to use a proper firewall with Windows 7. Give users a time limit to install one with program access controls, after which the operating system throws a rightly due hissy fit.

UAC is quite easy to disable as are the barrage of notifications. Once disabled you run everything in the administrative mode. Really then the only malware you need to fear is when you use IE with install on demand enabled. Better yet switch to FireFox.

at least it's more secure than XP, so XP users should have no problem in switching. Besides, they give you the choice to control how many UAC prompts you want, so I really can't understand what all the fuss is about. Get annoyed by UAC? lower the number of prompts. Obsessed about security? Raise it back to the Vista level. It's that simple. @Steve:They do give you the option to adjust how many UAC prompts you want to see. Lowering the slider will prevent the system from prompting you for changing system settings and only prompt you for other administrative and potentially dangerous activities. And since they even give you the option to completely turn it off, your complain isn't valid.

I think you forgot that this is a Beta release. Who would have thought that a beta release wasn't locked down completely and would have holes. It's almost like they're having people try it out so that they can report the issues before they actually release the product...

@ssj4Gogeta:
No, it is your complaint that isn't valid. Windows usage should be seemless and there should be no prompts as standard.
If you like prompts so much, or are afraid of your own incompetence, then you can move the slide up and get asked "are you sure you want to click the start button?".

Neowin has post a Microsoft respond -- http://www.neowin.net/news/main/09/02/05/microsoft-update-on-windows-7-uac-issues

First thing anyone with any sense does after installing Vista is to disable the UAC. Then it's off with the security centre, defender, indexing, readyboost, superfetch and all the other rubbish that takes your resources. Then you install your own AV/Spyware software. I doubt if W7 will be any different.

If you were running Unix, it'd do exactly the same thing, because it's designed properly. Windows also has a reasonable design, but up until now has not enforced it.

It's all down to poorly programmed applications and impatient users. You're *supposed* to have to answer prompts when installing new software or performing administration tasks.

What Vista lacks is a temporary 'switch to superuser' mode (in the GUI, rather than an elevated command prompt), the ability to designate certain programs setuid (yes, not ideal, but it's a better option to automatically run known good programs rather than disable UAC altogether) and granular admin tools that allow the user to view in non superuser mode and change only in superuser mode..

In normal day to day usage I don't see UAC at all, except for the few badly programmed apps that insist on admin privilege when it's not required.

@Graeme: "First thing anyone with any sense does after installing Vista" -- now that's an impossible situation, it just can't happen. Anyone with any sense wouldn't install Vista. If he needs/likes Windows, he'll stick with XP (basically the same functionality, but needs half the RAM and a third of the disk space of Vista). Otherwise he'll find a *nix alternative (Mac, Linux, BSD, Solaris -- there are plenty). br
Honestly, choosing to use a bought/pirated Windows version instead of Linux is like deciding to buy/steal a Porsche if Ferrari is handing out cars for free, wouldn't you agree?

Vista was not as much targeted by virii/malware as XP was, and security companies would not have made much bucks as they did developing security wares for XP. This is going to be good news for them ;)

once again, just as others said, its not UAC that is a problem - its you. UAC can be configured to work the way you want. why are you bitchin that it doesn't behave the way you want it to behave if you didn't even bother configuring it to your wants? so you think it should have been set to sertain configuration "by default"? oh no! they forgot to ask you how would you like to have it!

the tool is not perfect. but it is up to your professionalism to work around the limitations and achieve your task nevertheless. perhaps it is wrong tool for the task altogether. but then it is again up to your professionalism to identify and use the correct tool for the task instead of being a whiny little biyatch.

Windows Vista's UAC headache tells Windows designers, that UAC settings should be configured for different type of users, I think enterprises like banks and investment firms should set UAT settings to highest level (4 of 4), so users won't be able to install external software or modify system settings, this can be a default in Windows 7 Professional and Windows 7 Enterprise editions. But for home users which are switching from XP, they won't want so strict security, so Windows 7 Home Premium or Home Basic should have the default level in high (3 of 4). I think for new users that never use a computer they should have UAC settings to highest level (4 of 4) since they probably don't want to modify system settings by themselves.

To answer your question in short, people install vista because either 1) it comes on there computer and do not want to buy another operating system(and in some cases XP comes side-by-side with vista. 2) games, the DX10 hack in XP is horrible and if someone is a gamer, paying lots of money for a computer that can run games, they are going to want to take full advantage of that. Vista definitely has it's flaws, but I have been using ultimate since it came out and it isn't THAT bad. they have had plenty of time to improve it with updates and Sp1 has fix most of the bugs, I haven't gotten a BSOD since so they must have done something right. Vista gets too much negitive attention. People look for flaws to talk about, just like you did in this article. There isn't a problem, never was a problem, and your just trying to find ways to talk bad about Microsoft. I'm not a fanboi either, I use what works on my computer. Linux doesn't have that many programs and wine(windows emulator) win-for-lin wokrs very well, but I shouldn't have to pay for something to natively run games. I can't even get quake 3 to run in Linux higher than 640X480 and I have 2 8800gt's, and they even have a native Linux version, open arena. Linux is immature, macs just blow, Microsoft sucks too, but at least they can play games being its only redeeming quality.
/rant

UAC does NOT make Windows more or less secure for most users as they never pay attention to what it's saying in the first place..
Until such time as MS unmaries the software from the OS and takes measure to better protect core system files, there will always be security issues.
A good third party Firewall/AV package does and still will do more for keeping hackers and other nasties off a computer than ANYTHING MS puts in place.

"However, one of the things that makes it 'not Vista' is that it does not have so many user notifications such as, "you have just typed the letter A... are you sure you wish to proceed?"."
________________________

Turn UAC off and you get no more notifications than XP. IE, none. So the point of this article is to basically say that a public BETA has some security flaws?

Nice job Nick, stick to bashing macintosh. You can't even get that right either but at least its light comedy over a cup of tea.

... commenting on a beta realese is... pointless (at least) ?

As soon as I wrote that line I knew someone would say pretty much what you've said. I like Vista, it works well on reasonably spec'd PCs and it runs all the applications and the few games that I use. And things just work (usually), I don't have to sod around with textual config files, everything installs properly, and it never crashes. If I were younger then the excitement of Linux (et al) would probably thrill me but these days I just want everything to be easy and to work. I wish you well using whichever OS you enjoy using.

Security is in your head, not in your computer. If people would take proper measures and follow a few simple guidelines of how to treat suspicous e-mails, web sites and the like, they wouldn't get into the kind of trouble the UAC is meant the effects of which to minimize at all. Insofar saying "Win7 is less secure than Vista" is misleading. It should rather read "*Unattended* Win7 is less secure than Vista". Unfortunately, many people are too dumb to handle their computer wisely, and too immature and selfish to take the blame for that on themselves; so MS gets bashed for what often is people's own fault. I am still using Windows XP, and I never ever had a single security breach in my systems. And that is not because XP would have so many automatically working security systems built into it.

The very day this article was written on the Inq, MS made a post on the Windows 7 engineering blog (blogs.msdn.com/e7) addressing this very issue. UAC will run with elevated permissions, putting the very setting of UAC within the scope of what UAC is supposed to protect. Nick, come on!! You keep writing articles like this without doing your homework. Any good reporter would at least VERIFY their information before copy&paste from another website. Another -1 for Nick. :(

Vista is bloated, its big, its graphically intense, but that is what people wanted. the Vole last many customers to the "pretty & peaceful" world of Mac, especially Leopard, which also has a UAC fyi. Users wanted an operating system with a pretty UI, thus Aeros was born. On a rock solid PC with some hefty hardware Vista runs like a charm. I ran it from RC5600 until up until a few weeks ago when my Nvidia 6800 Ultra gpu caught fire. Honestly, I had more hardware problems long term with XP then Vista. Vista was hard at the beginning, but after the first month when the new hardware drivers came out it just worked. The UAC is a vital utility. If you don't want system security or want defective programs with built in holes, ie norton, don't use vista. The UAC is not some outlandish thing the vole came up with to torture us. Red Hat's got it, Leopard has it. The only way to prevent malware from eating a computer is to make it rock solid, which involves prompt windows. On a normal day I rarely saw the UAC, and moving the mouse to the center of my screen and clicking "yes" really is not a burden, not when you consider that I'm on a computer 8-16 hours a day and not once in the last 3 years have I gotten a virus.

Glenn said: "Better yet switch to FireFox."

Your blind faith in unbreakable security of Firefox is dangerous. Especially, when it's combined with your recommendation to disable UAC. You'd better look up a report about a recent hacking competition in which all major browsers (including Firefox too) were broken into. UAC is another layer of protection.

All personal preferences and as much bias aside (as humanly possible anyway) I am tackling this debate from the perspective of a Gamer who likes to play things at about 95% quality (100% when it doesn't mean dealing with 12 fps) and switched to vista (32 bit) from XP about 1.5 years ago when I had new desktop custom made for gaming purposes. Admitedly for most basic to intermediate end-users I would argue that the only really big long term issue with Vista is hardware requirements. It stinks, outright, that you need 2 Gigs of RAM to play a game at the same settings as you need 1 Gig in XP. In Upcoming games such as Dragon Age Origins the difference is 4 Gigs recommended vice 2 for XP. A hefty difference on paper, but for DDR2 RAM what are you looking at? A 50 - 80 dollar difference in hardware? Hardly worth screaming bloody murder over, really. With the Service Pack out things are well in hand and like many have already mentioned, the UAC is totally customizable for even basic end-users. The extra hardware requirements are arguably worth having UAC for people who like to download free music, movies, torrents, etc. as many related sites are sketchy and VISTA is great at blocking behind the scenes scripting from buggering your computer from behind.
With that said though, I think - from my perspective as a gamer - the biggest advantage of XP over VISTA right now is that it doesn't suffer as much from the 32 bit to 64 bit jump. Fall 2009 and forward will have vista users pretty much requiring the 64 bit system to make full use of 4 GIgs and eventually 6 Gigs etc. XP gamers have the benefit of only needing 2 Gigs of Ram and most likely will not have to upgrade to a 64 bit system for at least another year or two if not even longer. So in the conest of "who doesn't have to deal with swtching to 64 bit" I would give the win to XP hands down.
Ultimately if you know what you are doing and can handly yourself online, XP is fine and arguably better due to less hardware requirements. As a gamer though, graphically, DX10 is simply far too above and beyond to ignore and for, like I said above, a mere extra 2 Gigs of RAM at the cost of DDR2 is peanuts when considering an overall build.
Thus I argue that gamers are pretty much destined for VISTA 64 bit platforms. Anyone else its really a matter of preference for the various reasons stated by everyone so far in this discussion.
Keep in mind I am basing this on XP and VISTA... I know little of Windsows 7, and the BETA really doesn't mean squat anyway.