What it means to be in the default install

by Michael S. Kaplan, published on 2005/05/13 23:01 -04:00, original URI: http://blogs.msdn.com/b/michkap/archive/2005/05/13/417167.aspx

A few years ago, the Microsoft Office XP marketing team had a big advertising campaign that they hired Gilbert Gottfried for. The news coverage (in a rare burst of accuracy and journalistic integrity that I wish I had seen around here lately) summarized the message well: MICROSOFT'S 'CLIPPY' HEADED FOR THE TRASH.

Now this is not to say that it was an entirely truthful message, because the Office Assistant (a feature symbolically personified by the "Clippy" character, played by Gilbert Gottfried) still existed. But the message that Microsoft was putting out there was that it was being taken out, and for most users it was. Because it was being taken out of the default installation of Office XP.

(By the way, it is still there in Office System 2003 -- but again, not in the default install; therefore for most users it is still gone)

In the end, all it takes to make sure that a feature is not seen by most users is to take it out of the default install. Because then the only ones who will ever really see it are (a) the people who really want the feature, and (b) the small percentage of users who say "install everything."

Now this is a powerful notion, and one that was interestingly one of the many important components in the security enhancements for both Windows XP SP2 and Server 2003 SP1 -- by making sure features that people are not using are off by default rather than on by default, you enhance security.

Part of the reason for this is the whole idea of "reducing the surface area" for attackers.

But another, perhaps more important part of why it helps with security is the related, common sense fact that people who do not knowingly install a feature or who know about it but do not actively use it are considerably less likely to make sure all of the right settings are made to it to ensure proper and secure operation.

All of this comes with a price, of course -- some features are now harder to use. And back before the "black hats" were out of control, the idea was enabling the features and making them all easier to use.

I am sure there are some support costs have piled up for dealing with backcompat breaks in user experience that this sort of change will obviously cause. But the goal of a safer Internet is ultimately more appealing.

But it does point to how complicated the issues of assessing what is put into the default install can be. Everyone is saying "turn off everything except my features" and unless you refuse to pay heed to most of those people, you won't be able to get anything turned off. So they have to ignore those people. And they should.

Of course, the issue with the default install is not always to do with security (just ask Clippy!). I'll talk more about that soon, including a bit about the default install of international settings on various platforms....

no comments

Please consider a donation to keep this archive running, maintained and free of advertising.
Donate €20 or more to receive an offline copy of the whole archive including all images.

referenced by

2008/06/30 Give people their SPACE, and most of the time they still go with the defaults

2007/07/21 She typed in 'God damn clippy'

2007/04/01 There is no spoon^H^H^H^H^HGDI Font Cache

2006/06/25 About the Fonts folder in Windows, Part 1 (aka What are we talking about?)

2006/06/04 Developers vs. Users?

2005/06/18 Font substitution and linking #3

2005/05/19 What it means to be in the default MOBILE install

go to newer or older post, or back to index or month or day