Microsoft's emphasis on security improvements in Windows Vista may have undermined business adoption of the OS, as many business and enterprise customers are still holding off on upgrading nearly a year after its release to them.
Microsoft spent a good deal of time and money to ensure Vista's security after Windows XP and applications running on it proved susceptible to devastating worms such as Blaster, Slammer and MyDoom. Though Microsoft released Windows XP Service Pack 2 to remedy some vulnerabilities, the company decided security would be a top priority for the next major Windows release, general manager of Microsoft's Response and Product Centers, George Stathakopoulos, said.
"The security part of Vista was talked about a lot because it was a primary concern all over the world," he said.
But in retrospect, those close to the company and even Microsoft have acknowledged that security has not proved good enough reason for businesses to upgrade to Vista.
CEO of IT security consultancy SecTheory, Robert Hansen, who has spoken at Microsoft's Blue Hat hacker conference and done contract work for the company, said Microsoft was aware its laser focus on Vista security may have been a misstep.
He said Microsoft staffers were pleased with Vista's security improvements, but they acknowledged consumer reaction was "hohum".
"Over the next year, although security is definitely top of mind, some people feel as if the security as a priority is going to shift downwards, as opposed to feature enhancements," Hansen said. Microsoft traded general OS usability to add some of Vista's security features, he said, such as User Account Control (UAC). It was also feeling pressure from Apple to provide a more intuitive and user-friendly OS.
UAC gives system administrators more control over what features business users can access. It has become a chief complaint with users because it interrupts a PC user's work with a popup window whenever they're about to do something the feature considers an administrative function.
Microsoft has said it plans to improve UAC in an update to Windows to address usability and make it more intuitive for users while maintaining OS security. In a recent interview on Vista adoption, vice-president of product management for Windows client, Mike Nash, acknowledged security was not a reason in the short term to buy a new OS. He promoted other features of Vista, such as updates to how it manages and stores multimedia, to encourage users to upgrade.
Microsoft certainly seems to have misjudged how important security was with customers before Vista's business launch. But, to be fair, the company faced complexities in promoting and marketing Vista to customers because, with every new version of Windows, the company was competing with itself, research director for MarketingSherpa, Tim McAtee, said.
Still, Microsoft made a crucial mistake in pushing and marketing something many felt should be an inherent part of an operating system, he said. By telling customers a feature of the OS was not right in a previous version, you were abusing the trust of your customer if you expected them to buy an upgrade to fix your mistake, McAtee said.
A belief that security should not be intrusive was probably a factor in the lacklustre response from customers to Vista's security improvements, according to a public relations spokesperson on the Microsoft Windows account. "Security is something Microsoft is constantly addressing with updates," the spokesperson said. "Instead of making that the feature of a huge launch, they should have gone for many of the much cooler features."