"I've got clients at the moment who are getting very excited about BitLocker," Vista's hard-drive encryption technology, Okin added.
This encryption feature is a long-awaited improvement to a Windows operating system that ethical hacker Peter Wood says is a definite move in the right direction.
"The BitLocker technology is quite an interesting approach. We've been pushing a long time for (corporations) to take whole-disk encryption seriously, particularly on laptops and other devices outside the physical perimeter, and the majority of people we've spoken to still don't have a strategy in place," Wood said.
However, Wood also suggested that BitLocker, like other Windows features, could yet be undermined.
"We use PGP (the Pretty Good Privacy encryption program) for our whole-disk encryption because it is independent of the operating system," Wood said. "My experience to date with Microsoft's controls of these systems is that there is usually a way around it because it is so part of the Windows environment."
Security as a selling point
Wood said that determined hackers may discover that searching for holes in the operating system will offer the path of least resistance. But he admits he has yet to get his hands on Vista and is basing his criticism on the ease with which he has cracked past Microsoft code.
And he remains to be convinced Microsoft can learn from all its past mistakes.
Probability plays a part, said Wood: "It's an enormous chunk of code and it is going to be full of holes because anybody's code would be."
BitLocker, though, will most definitely be an improvement, because encryption that could potentially be cracked is still better than nothing. But as with any new technology, Wood's major concerns with Vista relate to the biggest potential security weakness: the end user.
And because encryption will be tied to individuals' Windows user accounts, Wood fears this, too, will make BitLocker inherently insecure.
He doesn't share Okin's confidence that two-factor authentication--and Vista's greater receptiveness to stronger authentication--will make much difference, or even be used.
Wood fears that for all Vista's improvements, passwords--a "perpetual, primitive and stupid problem"--will still be the Achilles' heel for many businesses rolling out the operating system.
And while biometrics and smart cards are an improvement on passwords, he says, they are still only a superficial improvement. He instead favors pass phrases, which he says could dramatically increase the security of any Vista environment and make its other features work more effectively.
But the bottom line is it seems Microsoft is going to need more than one generation of secure code under its belt before people start to believe the prerelease Vista hype. All in all, Accenture's Okin isn't convinced security will have much to do with how well Vista sells.
"The clients I work with today are probably looking at migration because they are using Windows 2000 and they aren't about to switch to XP," Okin noted. "I've seen economics around power usage and around lost laptops and savings that could be made from BitLocker and everything else, but even jointly they are not compelling."
It's more likely businesses will be swayed by other factors, such as the timing of their equipment-replacement cycle or by a wish to not be out of step with employees using Vista's home edition outside of work.
Okin says chief technology officers are telling him: "I don't want my guys to go home and have a better experience."
"If you are on Windows 2000, then of course it's compelling and you may as well go. Those on XP will be trialing and can pick their time to go.
"But are they doing it because of the security features? No. Have I seen security features as part of a business justification? Part of them, yes, but really the business justification (based on Vista's security features) is weak as a whole."
Will Sturgeon of Silicon.com reported from London.
Play video
There are currently no comments for this post.