|
Windows Vista: It's All About the Security
Published: January 31, 2007
by Alex Woodie
After five years of development, two years of delays, and $7 billion in R&D from Microsoft, Windows Vista finally became available to the masses this week. When it all boils down, the new security features in Vista are what will separate it the most from previous versions of Windows. But will better security be enough to get users to bite?
Microsoft had very ambitious plans for Windows Vista as developers started planning in earnest for "Longhorn" (as the joint development effort that gave us Windows Vista and the yet-to-be-named upcoming version of Windows Server was called) following the release of Windows XP in late 2001. Chief among these plans was the revolutionary new Windows File System (WinFS), which would combine a relational database with XML programming hooks to bring a higher level of performance and integration to Windows PCs and servers.
As it turned out, Microsoft's eyes were bigger than its stomach. Two and a half years ago--around the time Longhorn was originally slated to ship--Jim Allchin and the other honchos in the Windows division had to face the facts: WinFS wasn't ready for prime time. So to prevent Longhorn from slipping even more, and thereby angering the large enterprise accounts that had paid for, and were expecting to receive, a new version of Windows before their maintenance contracts expired, it pulled WinFS from Longhorn.
Without WinFS, Longhorn was nowhere near the revolutionary new operating system that still twinkles in Bill Gates' eye. Without WinFS, the new operating system would have to stand on its other legs--namely "Avalon," the codename for the new presentation subsystem that has resulted in the cool new 3D and glass-effects found in the revamped Aero interface, and "Indigo," the codename for the new programming model that developers will use to write Vista applications using the latest .NET and C# tooling in Visual Studio, which together are referred to as WinFX.
The 'Wow'
WinFX marks a significant and important departure from the legacy Win32 API that developers wrote to in previous versions of Windows. Microsoft is doing an excellent job managing its huge and mostly loyal base of developers, and developing powerful and easy-to-use tools to help them create advanced applications on the new WinFX APIs. But let's face it: Consumers don't give a hoot about the tools developers use to write programs that run on Vista. Plumbing is only important when it breaks.
If Vista is going to exceed expectations in the marketplace, it will be a result of things that regular consumers can see and touch (figuratively speaking). This means things like the nifty new Aero interface, the new search capabilities in Windows Explorer (which has been renamed Vista Explorer), improved startup time, a new release of Windows Movie Maker, DirectX 10 video drivers, and new a new Game Folder. Indeed, one only has to hear Microsoft's Vista launch slogan--"the wow starts now"--to see that that Microsoft is trying to out-Apple its competitors.
Considering that much of the eye candy in Vista has already been available in Apple's OS-X operating system, one must consider other ways Microsoft can differentiate itself. There's one other way, and it's largely a situation of Microsoft's making: Security.
The Meat
Thanks to poor implementation of security in previous versions of Windows, consumers today are constantly bombarded with viruses, worms, and hackers attempting to exploit some new vulnerability found in previous versions of Windows. Users are sick and tired of dealing with these security issues when all they want to do is browse the Web and communicate via e-mail and IM, and Microsoft has heard them, loud and clear.
To that end, Microsoft made several significant security improvements in Windows Vista, which is widely considered to be the most secure version of the Windows client operating system out of the box to date. That's not saying a whole lot, mainly due to the fact that security had been an afterthought with previous versions. Also, users will have to purchase the Vista Ultimate edition to get some of the features, such as BitLocker encryption.
But with Vista, Microsoft is eager to show that it now "gets it" when it comes to security. Here are the most important new security features in Vista:
- Lowered Privilege -- No longer will the computer, by default, run wide open with an administrator's authorities, which should make it harder to write malicious programs. When users need more power, the new User Account Protection (UAP) feature will guide them. However, a shift to lowered protection requires cooperation from software developers, which could trip up this important new feature.
- PatchGuard Kernel Protection- No longer will programs--written by ne'er-do-wells or the well-meaning alike--be allowed to alter the Windows kernel. This was a favorite avenue of attack for malicious software writers, but it was also how the biggest antivirus vendors, McAfee and Symantec, gained access to fight the good fight. No longer: Symantec and McAfee had to play catch-up with their smaller competitors, and learn to love the new Microsoft AV API.
- Windows Defender - Users can forget about installing third-party products to protect their computers from spyware and other malicious software (wait, that's a good thing, right?). Vista marks the first release of Windows that includes the new anti-spyware product, called Windows Defender, although it is also available for Windows XP.
- Network Access Protection (NAP) -- Windows Vista should also improve the overall health of all-Windows networks. NAP governs access to servers by analyzing the state of a client's security features, including currency of antivirus and security patches, and firewall. Microsoft's full NAP offering will require Windows Server "Longhorn," which is still at least a year away. In the meantime, Microsoft is working with Cisco Systems to let users get NAP over the network via a NAP agent that works with the Network Admission Control (NAC) capabilities in Cisco networking gear.
- Trusted Platform Module (TPM) - Support for TPM hardware via Vista's "BitLocker" feature should also boost security by encrypting the contents of disks, and also by verifying the integrity of executables and DLLs before users log in.
- Parental Control - No longer will parents need to dead-bolt the computer room's door to control Junior's access to the family PC. With Vista, Microsoft is making it easy for parents to see what Web sites their children are visiting and what types of program they try to load onto the machine. They can also disable the computer during certain times.
- Phishing Filter - Microsoft has included a new phishing filter in Vista that should help prevent users from becoming victims of phishing attacks. The new filter combines client-side scans with an opt-in online service to warn users about suspicious Web sites.
The Upgrade Game
However, it's yet to be seen if consumers will upgrade to Windows Vista just to get the better security, or even if they'll shell out $200 more than the Home Basic edition to get the security features in Vista Ultimate (which costs $399 new).
After all, Microsoft has already delivered a pretty secure client operating system with Windows XP Service Pack 2 (SP2), which Vista borrows from heavily. The software behemoth also answered calls for a beef-up in security with Internet Explorer 7.0, which was delivered at the same time as Windows XP SP2. A Windows user with XP SP2, IE 7.0, and a frequently updated antivirus product has a pretty secure system already.
It seems unlikely that home users will upgrade to Vista--which requires a machine with 2 GB of memory and a speedy graphics card to get the full Aero affect--just to get better security. However, when those users upgrade their machines, Windows Vista will be the default choice for a new operating system.
Businesses, too, are predicted to take their time moving to Vista, as they seek to delay an expensive upgrade for as long as possible. However, Microsoft has an ace up its sleeve in the form of Exchange Server 2007, which shipped about two months ago.
Exchange Server 2007 has some powerful new communication and collaboration capabilities, and many of these features will require the new version of Outlook found in Office 2007. Since most customers buy Windows and Office hand in hand, a move to Office 2007 could precipitate a bump up in Windows Vista sales. But on the flip side is the fact that many businesses will probably delay upgrading to Exchange Server 2007-the first 64-bit-only product from Microsoft--until Windows Server Longhorn ships, since many companies got into Windows Server only to run Exchange in the first place.
It all depends on those upgrade cycles, which have been getting longer and longer in recent years. Whether Windows shops upgrade to Vista and Office '07 now or upgrade later, Microsoft will get its share in the end.
RELATED STORIES
Gates, Ballmer Wow NYC with Vista Windows, Office 2007 Shindig
Microsoft Completes the 'Triple Launch'
Microsoft and Cisco Play Nice on Security Interoperability
Microsoft Plugs 'Managed Code' as WinFX Goes to Beta
Microsoft Cuts WinFS from Longhorn to Make 2006 Ship Date
 Post this story to del.icio.us
 Post this story to Digg
 Post this story to Slashdot
|
