Geeks With Blogs

Welcome to my blog.
Here's what we've got on the menu today:

Lorin Thwaits A geek says what?

Some have wondered why Vista took so long to get to us.  What's the big deal about it anyway?  Well, it's much more than a pretty face and the fancy new communication features of WCF.  Okay, so that was all it was going to be originally.  A marginal upgrade.  A hop between Whistler and Blackcomb, and its code-name told it all: Longhorn is just a small bar nestled between those two giant mountains.  But when Blaster and other embarassing attacks surfaced in the 2003 timeframe, the original plans to make this just an incremental upgrade were thrown out (along with alot of the work to that point), and for the first time in a Microsoft operating system security really took the front seat.  Major portions of the kernel are rewritten to give us a much more secure basis for the future.  I am amazed at how few compatibility issues exist based on the dramatic change that has been made to the OS.  Sure, it started from Win2K3 bits.  But unlike previous Microsoft operating systems, it has emerged as something the security experts are taking very seriously.

If you whimsically say "This is just a facelift, so what took them so long?" then here's what you're missing:

  • The amazing changes in the kernel that facilitate the new user driver model.  Result: nearly zero blue screens, even with crappy quality drivers doing their worst.  Far fewer reboots because whole subsystems can be invisibly rebooted independently.  Better power savings in mobile devices because it's a greatly simplified experience for those writing drivers, and third parties will get the job done right much more consistently.
  • The way that every user has a "split token", or in other words really two SIDs, making it much simpler to run 99% of the time as standard user and have a truly secure system.  You don't like UAC just because you have to make a few extra clicks now and again?  What do you like better?  Having over 70% of computers out there, maybe yours too, infected with malware?  Wake up and accept those extra clicks before someone sneakier than you who lives in Romania cleans out every dime you have in your checking account.  THINK ABOUT IT!!!
  • The significant preparation for much more secure 64-bit versions of Windows.  Did you know that kernel code loads at random places so it can easily dodge most buffer overflow attacks and attempts at rootkit installs?  And DEP works wonderfully, further making buffer overflows a thing of the past.
  • The great advances in Group Policy, with almost 1000 new settings, nearly doubling the number we had before.  This puts excellent control in the hands of the network administrator.  And the ADMX files that are now used instead of ADM files offer better performance in a corporate setting.  Also allows LGPOs, so local policy is better.
  • What about the excellent speech recognition APIs?  Wait until you see the cool things you can do with it in Windows Vienna!
  • The way CardSpace is woven in.  Don't miss out on Cardspace.  That and PowerShell are causing some very well-respected dyed-in-the-wool open source guys to take a serious look and even praise what Microsoft is up to.
  • How about the excellent new WIM file format for imaging and packages?  Deployment without HAL headaches is beautiful.  Adding service packs or software installs to an image without having to rebuild everything is priceless.
  • Consider the better printing features only available with XPS, and how much interest the printer manufacturers are taking so they can soon release models that use XPS as the underlying protocol.
  • BitLocker: if you lose your laptop, you don't have to lose any sleep that same night.
  • How about just the cool way you can create a Virtual Folder from a search, or also the "run box replacement"' search thing on the Start menu.  That saves tons of time.  It's "instant Google" for the stuff in your Start Menu and documents.
  • IPv6 "People Near Me" support.  Did you know that People Near Me uses IPv6 by default?  And it will work with your current hubs and switches.
  • The file and registry virtualization to allow legacy apps to "just work", while not allowing spyware to wedge its way in.  Amazing how well this caters to poorly-written legacy software.
  • The way services are now set up as a security principal and can be permissioned with just what they need for file, registry, and firewall access.
  • The way that the local _system_ account has been permissioned down so it can't even run Explorer, yet it can boot the OS so you can run Explorer.  In other words, having root doesn't mean you can hack.  You can't even read user's documents.  This level of security has only been seen before in special-built platforms like those designed for the military.

Maybe you haven't always trusted Microsoft in the past.  But on this one, trust them.  It's good, and it's worth five years wait.

Posted on Friday, January 26, 2007 1:52 AM Exploits , Vista | Back to top

Comments on this post: Security is the big deal about Vista

# re: Security is the big deal about Vista
Requesting Gravatar...
Are you kidding me?

Your average user should pay HUNDREDS of dollars for vista and the hardware upgrades needed to use it ( most don't have multiple gigs of ram ). For what? Better group permissions and some voice recognition?

Five years for this ?! forget it.

Left by Grumplestiltskin on Jan 26, 2007 8:23 PM

# re: Security is the big deal about Vista
Requesting Gravatar...
True that there is a cost, and some features have been seen in other OSes. But there are also some novel things under the hood in Vista. And it provides a good basis for a server version going forward. Microsoft has finally taken security VERY seriously, and it will pay off in the long run.
Left by Lorin Thwaits on Feb 20, 2007 4:07 AM

Your comment:
 (will show your gravatar)

Copyright © Lorin Thwaits | Powered by: