Does Microsoft Get It?

Jeff Atwood seems to think not: in Windows Vista: Security Through Endless Warning Dialogs he describes, referring to Paul Thurrot's Vista article 'Where Vista Fails', how Microsoft - using an understatement - did not so good a job on the security model in Vista. In the struggle to be as secure as possible, even real Administrators are normal users by default, leading to an endless display of security warnings which will make you click the 'yes' button all to eagerly when the first virus comes around asking for permission to destroy your file-system.

On the other hand I see Dana Epp who is Educating his grandma on the security of her home computer. He sees very good use in some excellent videos Microsoft made on the subject of worms, viruses and other dangerous creatures. The point here of course is: how do we get Grandma to actually watch those videos? She probably rather skypes with her grandchildren in Australia, or order some novels on Amazon. Security is not really on her radar, as long as the internet connection is working she really couldn't care less (and she's right: suppose every time I'm driving through a tunnel, I would have to think of the possibility that it falls apart, or that it can even be dangerous to drive at all...)

Bottomline: security is hard.
Bottomline2: maybe we shouldn't judge Microsoft too quickly. It's not that they have this conspiracy going on like "hey, let's give all Administrators a Repetitive Strain Injury". I've seen enough effort from them to know that they take security seriously (now), but the more complex your projects get, the more advanced everything that's related to it, security included!

PS: on a completely different note, but the same subject not *getting* security: Bruce Schneier has read the Pittsburgh Post-Gazette and makes a very short blog post which does not need any further comment