Microsoft's emphasis on improvements to security features in Windows Vista may have undermined business adoption of the OS, as many business and enterprise customers are still holding off on upgrading to the OS nearly a year after its release to them.

Microsoft spent a good deal of time and money to ensure Vista's security after Windows XP and applications running on it proved susceptible to devastating worms like Blaster, Slammer and MyDoom. Though Microsoft released Windows XP Service Pack 2 to remedy some vulnerabilities, the company decided that security would be a top priority for the next major Windows release, said George Stathakopoulos, general manager of Microsoft’s Response and Product Centers.

"The security part of Vista was talked about a lot because it was a primary concern all over the world," he said.

But in retrospect, those close to the company and even Microsoft have acknowledged recently that security has not proved to be important enough to encourage businesses to upgrade to Vista.

Robert Hansen, CEO of IT security consultancy SecTheory LLC in Austin, Texas, who has spoken at Microsoft's Blue Hat hacker conference and done contract work for the company, said Microsoft is aware that its laser focus on Vista security may have been a misstep, and that it is trying to remedy that.

He said that Microsoft staffers are pleased in general with Vista's security improvements, but they acknowledge that "the consumer reaction was ho-hum."

"Over the next year, although security is definitely top of mind, some people feel as if the security as a priority is going to shift downwards, as opposed to feature enhancements," Hansen said.

Hansen also said that Microsoft traded general OS usability to add some of Vista's security features, such as User Account Control (UAC), and is "feeling pressure from Apple" to provide a more intuitive and user-friendly OS.

UAC gives system administrators more control over what features business users can access. It has become a chief complaint with users because it interrupts a PC user's work with a pop-up window whenever they're about to do something the feature considers an administrative function. UAC can be bypassed by working in administrator mode instead of standard user mode, but this defeats the purpose of the added security the feature was supposed to bring to the OS.

The IDG News Service is a Network World affiliate.