User Account Control and Security
While Windows XP went a long way towards correcting some of the biggest problems in previous versions of Windows, it's also had some significant problems where its age has not been good to it. Paramount among these is the overall security of Windows, a two-fold problem involving some arguably poor programming practices at Microsoft, and an operating system that nearly expects all users to be full administrators. Microsoft has made some effort to correct this in Widows XP, especially with Service Pack 2 which added support for the no-execute security bit and a dramatically improved firewall, but there's only so much Microsoft can do without completely overhauling the operating system.
With Vista of course, now that Microsoft has the chance to do so, they have made some significant changes to the underpinnings of Vista in order to better lockdown the operating system; specifically, with a feature called User Account Control. The basic premise behind UAC is that the previous way of running everything as an Administrator was wrong, and by doing so it not only allowed applications to make system-wide changes when they shouldn't, but it also meant that compromised applications could be used as a vector to attack the system. As a result, even an administrator isn't really an administrator under Vista.
The most noticeable change as a result of this is that Vista will attempt to run most programs using standard permissions, effectively turning administrators into standard users. For many programs, especially programs included in Vista, this won't be a problem, and they'll be able to run fine with standard permissions. Windows Media Player 11 is one such example of a program that had problems under XP that has been fixed for Vista.
For a second class of programs, those that think they need admin permissions but really do not, Microsoft has engineered what amounts to a partial sandbox for those applications, so that when they attempt to make changes in global locations (the Windows directory, certain registry locations, etc.), they'll instead be secretly redirected to locations inside of the user's home folder and the user's local branch of the registry, allowing these programs to make the file and registry changes they want without having true access to the global operating system. A number of programs that haven't been modified to be completely compliant with standard permissions can be made to work fine under this still-protected mode.
Last, but not least, there are certain programs and actions that simply require administrator privileges, such as deletions outside the user's home folder and most control panel changes. Here, Vista is implementing a very Unix-like system of getting the user's permission, rather than implicitly granting the user permission to undertake the action based on their administrator credentials. Vista will bring up a secure dialog box that informs the user of the action that is to be taken, and gives them the option to either approve or deny it (non-admin users will need to provide an admin account first).
It's this last change that will likely be most jarring for users coming from XP, as it turns out there are a number of actions Windows undertakes right now that are administrator level and are based on implicit permission. At this point, UAC will ask for confirmation a lot; entirely too much in fact (we ended up turning off UAC at one point). We've had to deal with other quirks with UAC as well, for example it's now harder to terminate an administrator-privileged program that's run amok (you have to elevate your permissions in the task manager to do it). There's also the ultimate issue of working out which programs need to be run in administrator mode; if a program isn't working, is it because it's incompatible with Vista, or because it needs administrator powers?
Microsoft is aware of this, and is working on streamlining the process for the release version of Vista, so the obtrusions should not be as bad as with the current beta. Nevertheless, it puts users in the odd position of picking an OS mode that either is secure because it makes it much harder for malware to infect the system at the cost of making every action potentially less convenient, or a more liberal system that gives up the security benefits. This is an especially odd position for enthusiasts who tend to have the skills to prevent a malware infection in the first place; not only is UAC not as helpful for them, but as one of the biggest new features in Vista, is it worth buying Vista if you're not going to use UAC?
Ultimately, UAC is a huge part of the new security systems within Vista, and even if it isn't perfectly streamlined by release, it will be much better for virtually all users to have it enabled and slightly bothered by it, rather than being in the open. If too many users end up turning off UAC, it can create a chicken/egg situation where application developers will not bother to make their programs work without administrative powers (just like today), and where Vista is left with much of the same security mess that XP has today as the other security systems aren't enough to completely secure Vista on their own. Everyone is going to find it's a significant change compared to the easy-going XP, but it's without a doubt this kind of overhaul is going to be for the best: what you don't know can hurt you.
It's also worth mentioning that IE7+ (the Vista version of IE7) will be tied into UAC. Its own sandbox mode, which is intended to keep ActiveX controls from running amok, requires UAC to be active to be effective; otherwise it will only have similar protections to what IE6 offers today. However, given the immense use of IE6 right now as a vector of attack for spyware, on paper it seems like these changes should significantly strengthen IE7 and Windows as a whole.
Besides UAC, Microsoft has made a couple other significant additions to Windows, largely as a tool of last resort, since the ultimate power to install spyware lies with the users; some will still continue to run malicious applications with administrative privileges, and will need tools to deal with that. The Windows firewall has been upgraded to a full-service product that is capable of blocking both inbound and now outbound connections, which provides an additional method of warning users that they have malicious applications attempting to get out to the internet, and a way of containing them until removal. Microsoft Anti-Spyware has also been integrated into Vista, given the new name Windows Defender. Defender has been given a significant upgrade from the previous incarnation as MAS, and now is a real-time scanning application that on top of removing spyware can monitor IE downloads for known spyware and warn users of suspicious user-level changes to programs like IE.
Lastly, Microsoft has implemented a range of parental control features intended to better help parents control their kids' activities, extending some of the previous business-class control features of Windows. On top of the already limited abilities of standard user accounts, new control features includes the ability to lock down computer usage to certain times, and Microsoft has indicated they may expand this in the future to specific applications at specific times. Other features are the ability to outright block specific programs and websites, and to monitor certain activities enacted by controlled accounts (with special attention to internet activity, instant messenger usage, email, and time spent playing games).
While Windows XP went a long way towards correcting some of the biggest problems in previous versions of Windows, it's also had some significant problems where its age has not been good to it. Paramount among these is the overall security of Windows, a two-fold problem involving some arguably poor programming practices at Microsoft, and an operating system that nearly expects all users to be full administrators. Microsoft has made some effort to correct this in Widows XP, especially with Service Pack 2 which added support for the no-execute security bit and a dramatically improved firewall, but there's only so much Microsoft can do without completely overhauling the operating system.
With Vista of course, now that Microsoft has the chance to do so, they have made some significant changes to the underpinnings of Vista in order to better lockdown the operating system; specifically, with a feature called User Account Control. The basic premise behind UAC is that the previous way of running everything as an Administrator was wrong, and by doing so it not only allowed applications to make system-wide changes when they shouldn't, but it also meant that compromised applications could be used as a vector to attack the system. As a result, even an administrator isn't really an administrator under Vista.
The most noticeable change as a result of this is that Vista will attempt to run most programs using standard permissions, effectively turning administrators into standard users. For many programs, especially programs included in Vista, this won't be a problem, and they'll be able to run fine with standard permissions. Windows Media Player 11 is one such example of a program that had problems under XP that has been fixed for Vista.
For a second class of programs, those that think they need admin permissions but really do not, Microsoft has engineered what amounts to a partial sandbox for those applications, so that when they attempt to make changes in global locations (the Windows directory, certain registry locations, etc.), they'll instead be secretly redirected to locations inside of the user's home folder and the user's local branch of the registry, allowing these programs to make the file and registry changes they want without having true access to the global operating system. A number of programs that haven't been modified to be completely compliant with standard permissions can be made to work fine under this still-protected mode.
Click to enlarge |
Last, but not least, there are certain programs and actions that simply require administrator privileges, such as deletions outside the user's home folder and most control panel changes. Here, Vista is implementing a very Unix-like system of getting the user's permission, rather than implicitly granting the user permission to undertake the action based on their administrator credentials. Vista will bring up a secure dialog box that informs the user of the action that is to be taken, and gives them the option to either approve or deny it (non-admin users will need to provide an admin account first).
Click to enlarge |
It's this last change that will likely be most jarring for users coming from XP, as it turns out there are a number of actions Windows undertakes right now that are administrator level and are based on implicit permission. At this point, UAC will ask for confirmation a lot; entirely too much in fact (we ended up turning off UAC at one point). We've had to deal with other quirks with UAC as well, for example it's now harder to terminate an administrator-privileged program that's run amok (you have to elevate your permissions in the task manager to do it). There's also the ultimate issue of working out which programs need to be run in administrator mode; if a program isn't working, is it because it's incompatible with Vista, or because it needs administrator powers?
Microsoft is aware of this, and is working on streamlining the process for the release version of Vista, so the obtrusions should not be as bad as with the current beta. Nevertheless, it puts users in the odd position of picking an OS mode that either is secure because it makes it much harder for malware to infect the system at the cost of making every action potentially less convenient, or a more liberal system that gives up the security benefits. This is an especially odd position for enthusiasts who tend to have the skills to prevent a malware infection in the first place; not only is UAC not as helpful for them, but as one of the biggest new features in Vista, is it worth buying Vista if you're not going to use UAC?
Ultimately, UAC is a huge part of the new security systems within Vista, and even if it isn't perfectly streamlined by release, it will be much better for virtually all users to have it enabled and slightly bothered by it, rather than being in the open. If too many users end up turning off UAC, it can create a chicken/egg situation where application developers will not bother to make their programs work without administrative powers (just like today), and where Vista is left with much of the same security mess that XP has today as the other security systems aren't enough to completely secure Vista on their own. Everyone is going to find it's a significant change compared to the easy-going XP, but it's without a doubt this kind of overhaul is going to be for the best: what you don't know can hurt you.
It's also worth mentioning that IE7+ (the Vista version of IE7) will be tied into UAC. Its own sandbox mode, which is intended to keep ActiveX controls from running amok, requires UAC to be active to be effective; otherwise it will only have similar protections to what IE6 offers today. However, given the immense use of IE6 right now as a vector of attack for spyware, on paper it seems like these changes should significantly strengthen IE7 and Windows as a whole.
Besides UAC, Microsoft has made a couple other significant additions to Windows, largely as a tool of last resort, since the ultimate power to install spyware lies with the users; some will still continue to run malicious applications with administrative privileges, and will need tools to deal with that. The Windows firewall has been upgraded to a full-service product that is capable of blocking both inbound and now outbound connections, which provides an additional method of warning users that they have malicious applications attempting to get out to the internet, and a way of containing them until removal. Microsoft Anti-Spyware has also been integrated into Vista, given the new name Windows Defender. Defender has been given a significant upgrade from the previous incarnation as MAS, and now is a real-time scanning application that on top of removing spyware can monitor IE downloads for known spyware and warn users of suspicious user-level changes to programs like IE.
Lastly, Microsoft has implemented a range of parental control features intended to better help parents control their kids' activities, extending some of the previous business-class control features of Windows. On top of the already limited abilities of standard user accounts, new control features includes the ability to lock down computer usage to certain times, and Microsoft has indicated they may expand this in the future to specific applications at specific times. Other features are the ability to outright block specific programs and websites, and to monitor certain activities enacted by controlled accounts (with special attention to internet activity, instant messenger usage, email, and time spent playing games).
75 Comments
View All Comments
aeschbi99 - Wednesday, July 5, 2006 - link
HiI just loved your article about Vista....especially the comparison to TIGER...I am a big MAC fan! But what MS did with Flip3D it appears to me is a copy of SUN's "Looking Glass" - which was out I believe even in 2003.
Redmond --- start your copy machine.... the real invention starts somewhere else....
see link http://java.sun.com/developer/technicalArticles/J2...">http://java.sun.com/developer/technical...s/J2SE/D...
absynthe49 - Saturday, July 1, 2006 - link
I really enjoy anandtech but I didn't really like the style of this article. When I read it.. I was quite sad that vista was looking so bad at this stage... particularly the game performance.But then I remembered that I read in a few places that Vista would not support native DirectX 9. That it would be in a way.. emulated. So there was an expected decrease in numbers. My understanding was that new powerful hardware would be coming out and that it would run the older games fast enough to overcome the loss from emulation.
The article almost seemed to say that gaming looks doomed in a way.
So basically... the drivers are not tweaked yet... this is still a beta... there may still be a debugging layer running... and I think vista runs directx 9 through an emulation layer.
So unless this is false and it actually runs directx 9 natively... is it really a surprize at all that directx 9 games run from 20 to 30 frames per second slower? This did not seem to be addressed at all in the article and I thought it was kind of premature worry so much.
NullSubroutine - Monday, June 19, 2006 - link
they can say every hardware/software limitation they want. i dont buy that they 'cant' make dx10 for xp and they 'cant' have full opengl support. just too convienent for microsoft.mongo lloyd - Sunday, June 18, 2006 - link
Although Microsoft may not consider itself to be in direct competition with Apple, this is the match-up most people have been waiting for. Only people who give a shit about OSX, which is far from "most people".drewintheav - Sunday, June 18, 2006 - link
I thought the staged install method was supposed to be so fast?It took way longer to install than it does for me to install XP.
The Vista Media Center is not useable at this point...
The video stutters, the audio drops out, and it crashes all the time.
I had always heard Mac fanatics saying how much better OSX was than XP
I didn't really believe it could be "so much" better
I tried out OSX after I installed Vista.
And now it is very obvious to me where Microsoft has gotten most of its new UI ideas.
At this point I would say that Microsoft's has executed them very poorly
which is a little disappointing.
It is disappointing to me that even if everything worked perfectly in Vista
it would still lag behind OSX on a number of points
In fact if Apple sold OSX for Intel as a retail product
and added a Media Center application
I would switch to MAC and just run windows Windows apps with an emulator or a VM
and dual boot XP for games.
Microsoft really has a lot of work to do and I hope they get it together...
OSX is way more innovative than Vista at this point...
AndrewChang - Wednesday, June 21, 2006 - link
Well, after months of deliberation, it looks like my next personal computing platform will be a merom/leopard based mac book pro. I don't expect to be using a vista based pc until at least the first or second service pack. A fully intergrated bookcamp/virtualization in this next OSX release should take care of my legacy applications (games on xp). Thanks Anandtech, w/o your Macintosh articles I would have never considered all the wonderful options available to me. It'll be fun learing how to use a new OS, especially one that is already superior what us PC users have to look forward to.Pirks - Monday, June 19, 2006 - link
There's no point - since Dell with the same configuration as iMac and with the same set of basic apps (like DVD burning/mastering etc) costs the same as iMac - why would you buy Dell in the first place? To me it seems that if you spend $1500 on a Dell plus retail Mac OS X instead of iMac - you'll get lower quality product.
Hence no retail Mac OS X - nobody is interested because iMacs are priced on par with comparable Dells.
There is Front Row - check out decent Mac sites, read reviews - you'll be surprised how much you missed, hehe ;-)
nullpointerus - Monday, June 19, 2006 - link
Not everyone who wants to run Mac OS X wants to purchase a prebuilt computer for it. You should know that if you're posting here because this site is mostly made up of enthusiasts.Mac OS X w/ Front Row isn't comparable to Windows MCE. Show me the integrated program guide and automatic recording capabilities. You may as well compare Paint to Gimp or Photoshop.
Pirks - Monday, June 19, 2006 - link
Depends on what the user wants. I suppose some users are happy with limited functionality of Paint and don't need/don't want Photoshop. Same can be said about the post of the guy above asking for the OS X retail version. If I should know this site is for enthusiasts - THEN HE SHOULD KNOW what OS X is and why it is so successful and generates lots of buzz in IT press - pecisely because it DOES NOT have a retail version. Hence asking OS X to give up it's number one advantage - smooth integration with hardware because hardware is NOT open - is not much smarter than my post above.
nullpointerus - Saturday, June 17, 2006 - link
"We also tested the boot times for a clean install of each operating system, using a stopwatch to see how long it took for the OS to boot to the point where it presented a usable login screen."Um...you must have something seriously wrong with your system. I'm using a lowly Athlon64 3000+ Winchester and 2GB PC3200 RAM. I did a clean install of the x64 version and timed it with my digital watch; it took ~50 seconds to get to the desktop, not the login screen. I had to switch to the 32-bit version because of driver support, and I can tell you it doesn't take 48 seconds to get to the login screen.
Now, if you rummage around in the control panel's performance applet, you can look at services and drivers which are slowing the boot process down; USB audio and nVidia's drivers affected my system, and even so it starts nearly 30 seconds faster than your clean x64 system. Maybe there's something on your PC that's causing problems?
Also, something on my second boot will chew up large amounts of CPU time, making the login screen unresponsive. On subsequent boots this problem disappeared, and I was able to enter my password immediately and login fairly quickly. I have drivers for my Linksys WMP54GX and Creative Audigy installed now, too, so my PC should be worse than your clean system.
Maybe you could check these things out and retest?