Thomas Greene has an interesting review of Vista and IE7 user security measures. The verdict is better but not adequate and mostly an effort to blame the user when things go wrongff.
Windows is single-handedly responsible for turning the internet into the toxic shithole of malware that it is today. That's not going to change any time soon
... [Vista is] a slightly more secure version than XP SP2. There are good features, and there are good ideas, but they've been implemented badly. The old problems never go away: too many networking services enabled by default; too many owners running their boxes as admins and downloading every bit of malware they can get their hands on. But MS has, in a sense, shifted the responsibility onto users
Outlook Express is an improved Windows Mail. It won't autoload everything thrown at it, finally, but it still won't display actual urls in html formatted email, and phishing is still easy.
DEC is reported to cause programs to crash and Microsoft still encourages users to be root all the time and this negates most of their security measures.
I was delighted, when I set up Vista for the first time, to be presented with an opportunity to set up a "user" account. But moments later, when I saw that I was not invited also to create an admin account, I knew that the "user" account I had just set up was indeed an admin account. And so it was.
UAC is the most complained-about new feature of Vista, and most people are disabling it as soon as possible. Why?
... when you're running in an admin account, UAC is nothing but a bother. Every time you try to take an action, and this could be as simple as opening something in Control Panel, UAC disables your screen and pops up a little dialog asking you if you really want to do what you just did. A pointless irritant that will cause the vast majority of Vista users to disable UAC ...
The file browser still hides extensions and can have spoofed icons.
You can turn off "Recent Documents" but "Recently Changed" is worse and gives the user a false sense of privacy. The average user won't know it's there and no one can remove it without data loss.
The Security Center is dissmissed as ineffective but better than nothing.
Their overhyped Parental Controls will discourage Firefox use because Vista's download blocking does not work it or any other non Microsoft internet software. The author thinks blocking IM, email, chat and even internet access is a good idea and approves of parental controls but also argues they are not a substitute for real parental supervision.
The title of the article, "too little too late" sums up the authors feelings very well. What a mess.