User Account Control and Security
While Windows XP went a long way towards correcting some of the biggest problems in previous versions of Windows, it's also had some significant problems where its age has not been good to it. Paramount among these is the overall security of Windows, a two-fold problem involving some arguably poor programming practices at Microsoft, and an operating system that nearly expects all users to be full administrators. Microsoft has made some effort to correct this in Widows XP, especially with Service Pack 2 which added support for the no-execute security bit and a dramatically improved firewall, but there's only so much Microsoft can do without completely overhauling the operating system.
With Vista of course, now that Microsoft has the chance to do so, they have made some significant changes to the underpinnings of Vista in order to better lockdown the operating system; specifically, with a feature called User Account Control. The basic premise behind UAC is that the previous way of running everything as an Administrator was wrong, and by doing so it not only allowed applications to make system-wide changes when they shouldn't, but it also meant that compromised applications could be used as a vector to attack the system. As a result, even an administrator isn't really an administrator under Vista.
The most noticeable change as a result of this is that Vista will attempt to run most programs using standard permissions, effectively turning administrators into standard users. For many programs, especially programs included in Vista, this won't be a problem, and they'll be able to run fine with standard permissions. Windows Media Player 11 is one such example of a program that had problems under XP that has been fixed for Vista.
For a second class of programs, those that think they need admin permissions but really do not, Microsoft has engineered what amounts to a partial sandbox for those applications, so that when they attempt to make changes in global locations (the Windows directory, certain registry locations, etc.), they'll instead be secretly redirected to locations inside of the user's home folder and the user's local branch of the registry, allowing these programs to make the file and registry changes they want without having true access to the global operating system. A number of programs that haven't been modified to be completely compliant with standard permissions can be made to work fine under this still-protected mode.
Last, but not least, there are certain programs and actions that simply require administrator privileges, such as deletions outside the user's home folder and most control panel changes. Here, Vista is implementing a very Unix-like system of getting the user's permission, rather than implicitly granting the user permission to undertake the action based on their administrator credentials. Vista will bring up a secure dialog box that informs the user of the action that is to be taken, and gives them the option to either approve or deny it (non-admin users will need to provide an admin account first).
It's this last change that will likely be most jarring for users coming from XP, as it turns out there are a number of actions Windows undertakes right now that are administrator level and are based on implicit permission. At this point, UAC will ask for confirmation a lot; entirely too much in fact (we ended up turning off UAC at one point). We've had to deal with other quirks with UAC as well, for example it's now harder to terminate an administrator-privileged program that's run amok (you have to elevate your permissions in the task manager to do it). There's also the ultimate issue of working out which programs need to be run in administrator mode; if a program isn't working, is it because it's incompatible with Vista, or because it needs administrator powers?
Microsoft is aware of this, and is working on streamlining the process for the release version of Vista, so the obtrusions should not be as bad as with the current beta. Nevertheless, it puts users in the odd position of picking an OS mode that either is secure because it makes it much harder for malware to infect the system at the cost of making every action potentially less convenient, or a more liberal system that gives up the security benefits. This is an especially odd position for enthusiasts who tend to have the skills to prevent a malware infection in the first place; not only is UAC not as helpful for them, but as one of the biggest new features in Vista, is it worth buying Vista if you're not going to use UAC?
Ultimately, UAC is a huge part of the new security systems within Vista, and even if it isn't perfectly streamlined by release, it will be much better for virtually all users to have it enabled and slightly bothered by it, rather than being in the open. If too many users end up turning off UAC, it can create a chicken/egg situation where application developers will not bother to make their programs work without administrative powers (just like today), and where Vista is left with much of the same security mess that XP has today as the other security systems aren't enough to completely secure Vista on their own. Everyone is going to find it's a significant change compared to the easy-going XP, but it's without a doubt this kind of overhaul is going to be for the best: what you don't know can hurt you.
It's also worth mentioning that IE7+ (the Vista version of IE7) will be tied into UAC. Its own sandbox mode, which is intended to keep ActiveX controls from running amok, requires UAC to be active to be effective; otherwise it will only have similar protections to what IE6 offers today. However, given the immense use of IE6 right now as a vector of attack for spyware, on paper it seems like these changes should significantly strengthen IE7 and Windows as a whole.
Besides UAC, Microsoft has made a couple other significant additions to Windows, largely as a tool of last resort, since the ultimate power to install spyware lies with the users; some will still continue to run malicious applications with administrative privileges, and will need tools to deal with that. The Windows firewall has been upgraded to a full-service product that is capable of blocking both inbound and now outbound connections, which provides an additional method of warning users that they have malicious applications attempting to get out to the internet, and a way of containing them until removal. Microsoft Anti-Spyware has also been integrated into Vista, given the new name Windows Defender. Defender has been given a significant upgrade from the previous incarnation as MAS, and now is a real-time scanning application that on top of removing spyware can monitor IE downloads for known spyware and warn users of suspicious user-level changes to programs like IE.
Lastly, Microsoft has implemented a range of parental control features intended to better help parents control their kids' activities, extending some of the previous business-class control features of Windows. On top of the already limited abilities of standard user accounts, new control features includes the ability to lock down computer usage to certain times, and Microsoft has indicated they may expand this in the future to specific applications at specific times. Other features are the ability to outright block specific programs and websites, and to monitor certain activities enacted by controlled accounts (with special attention to internet activity, instant messenger usage, email, and time spent playing games).
While Windows XP went a long way towards correcting some of the biggest problems in previous versions of Windows, it's also had some significant problems where its age has not been good to it. Paramount among these is the overall security of Windows, a two-fold problem involving some arguably poor programming practices at Microsoft, and an operating system that nearly expects all users to be full administrators. Microsoft has made some effort to correct this in Widows XP, especially with Service Pack 2 which added support for the no-execute security bit and a dramatically improved firewall, but there's only so much Microsoft can do without completely overhauling the operating system.
With Vista of course, now that Microsoft has the chance to do so, they have made some significant changes to the underpinnings of Vista in order to better lockdown the operating system; specifically, with a feature called User Account Control. The basic premise behind UAC is that the previous way of running everything as an Administrator was wrong, and by doing so it not only allowed applications to make system-wide changes when they shouldn't, but it also meant that compromised applications could be used as a vector to attack the system. As a result, even an administrator isn't really an administrator under Vista.
The most noticeable change as a result of this is that Vista will attempt to run most programs using standard permissions, effectively turning administrators into standard users. For many programs, especially programs included in Vista, this won't be a problem, and they'll be able to run fine with standard permissions. Windows Media Player 11 is one such example of a program that had problems under XP that has been fixed for Vista.
For a second class of programs, those that think they need admin permissions but really do not, Microsoft has engineered what amounts to a partial sandbox for those applications, so that when they attempt to make changes in global locations (the Windows directory, certain registry locations, etc.), they'll instead be secretly redirected to locations inside of the user's home folder and the user's local branch of the registry, allowing these programs to make the file and registry changes they want without having true access to the global operating system. A number of programs that haven't been modified to be completely compliant with standard permissions can be made to work fine under this still-protected mode.
Click to enlarge |
Last, but not least, there are certain programs and actions that simply require administrator privileges, such as deletions outside the user's home folder and most control panel changes. Here, Vista is implementing a very Unix-like system of getting the user's permission, rather than implicitly granting the user permission to undertake the action based on their administrator credentials. Vista will bring up a secure dialog box that informs the user of the action that is to be taken, and gives them the option to either approve or deny it (non-admin users will need to provide an admin account first).
Click to enlarge |
It's this last change that will likely be most jarring for users coming from XP, as it turns out there are a number of actions Windows undertakes right now that are administrator level and are based on implicit permission. At this point, UAC will ask for confirmation a lot; entirely too much in fact (we ended up turning off UAC at one point). We've had to deal with other quirks with UAC as well, for example it's now harder to terminate an administrator-privileged program that's run amok (you have to elevate your permissions in the task manager to do it). There's also the ultimate issue of working out which programs need to be run in administrator mode; if a program isn't working, is it because it's incompatible with Vista, or because it needs administrator powers?
Microsoft is aware of this, and is working on streamlining the process for the release version of Vista, so the obtrusions should not be as bad as with the current beta. Nevertheless, it puts users in the odd position of picking an OS mode that either is secure because it makes it much harder for malware to infect the system at the cost of making every action potentially less convenient, or a more liberal system that gives up the security benefits. This is an especially odd position for enthusiasts who tend to have the skills to prevent a malware infection in the first place; not only is UAC not as helpful for them, but as one of the biggest new features in Vista, is it worth buying Vista if you're not going to use UAC?
Ultimately, UAC is a huge part of the new security systems within Vista, and even if it isn't perfectly streamlined by release, it will be much better for virtually all users to have it enabled and slightly bothered by it, rather than being in the open. If too many users end up turning off UAC, it can create a chicken/egg situation where application developers will not bother to make their programs work without administrative powers (just like today), and where Vista is left with much of the same security mess that XP has today as the other security systems aren't enough to completely secure Vista on their own. Everyone is going to find it's a significant change compared to the easy-going XP, but it's without a doubt this kind of overhaul is going to be for the best: what you don't know can hurt you.
It's also worth mentioning that IE7+ (the Vista version of IE7) will be tied into UAC. Its own sandbox mode, which is intended to keep ActiveX controls from running amok, requires UAC to be active to be effective; otherwise it will only have similar protections to what IE6 offers today. However, given the immense use of IE6 right now as a vector of attack for spyware, on paper it seems like these changes should significantly strengthen IE7 and Windows as a whole.
Besides UAC, Microsoft has made a couple other significant additions to Windows, largely as a tool of last resort, since the ultimate power to install spyware lies with the users; some will still continue to run malicious applications with administrative privileges, and will need tools to deal with that. The Windows firewall has been upgraded to a full-service product that is capable of blocking both inbound and now outbound connections, which provides an additional method of warning users that they have malicious applications attempting to get out to the internet, and a way of containing them until removal. Microsoft Anti-Spyware has also been integrated into Vista, given the new name Windows Defender. Defender has been given a significant upgrade from the previous incarnation as MAS, and now is a real-time scanning application that on top of removing spyware can monitor IE downloads for known spyware and warn users of suspicious user-level changes to programs like IE.
Lastly, Microsoft has implemented a range of parental control features intended to better help parents control their kids' activities, extending some of the previous business-class control features of Windows. On top of the already limited abilities of standard user accounts, new control features includes the ability to lock down computer usage to certain times, and Microsoft has indicated they may expand this in the future to specific applications at specific times. Other features are the ability to outright block specific programs and websites, and to monitor certain activities enacted by controlled accounts (with special attention to internet activity, instant messenger usage, email, and time spent playing games).
75 Comments
View All Comments
Squidward - Friday, June 16, 2006 - link
Having beta tested Windows XP when it was released, I have to say that so far I'm not very impressed with Vista. Granted there is still quite some time before final release but even with RC1 of XP it was a rock solid stable OS that I used as my full time OS and never had any issues whatsoever (especially security cause no one was writing viruses and malware for it back then). Quite frankly I don't see how the beta 2 I've been looking at and the final polished out the door product is going to happen in 7 months for a Jan. launch. The real problem however lies in the fact that I know I will move up to Vista at some point, but not because it's a better OS than XP but that I'll be hindered by continuing to use an older operating system. I just haven't seen anything in it yet that made me go. "Now that's the kind of feature I've been needing!", and the few features that did make me feel that way were removed to be implemented 'at a later date'. Fancy graphical effects are nice and all, but they don't make an OS. As it stands in the betas the UAC feature is just a complete hinderance that to me seems to punish the end user because of security risks that are out there. The end user shouldn't get a pop up on every single application or item they open to be sure it's 'safe'. There are far better means of controlling permissions within an OS that would have made a lot more sense that what we have now with UAC. That being said, I believe in time and with Microsoft really listening to customer feedback they'll work out a lot of the kinks, but I won't consider purchasing Vista until they do... or force me to upgrade. :)Pirks - Friday, June 16, 2006 - link
Yet another nice point - you think MS will sit still and let Leopard to chew its (MS's) private parts with impunity? I doubt that - MS will very likely release those nice sweet WinFS and other toys there were promising for years and integrate them in the next Vista release (I hope Leopard or whatever Mr. Jobs is up to isn't going to eat that for lunch - 'cause WinFS is the last hope for MS, really - DX10 won't count, too small a market it seems). So, in two years or maybe earlier you'll get those new sexy features you want, I believe... well, Apple could probably beat MS's ass here again, which is even more likely judging how well Apple devs were performing so far, so maybe you won't be interested in Vista at all - OS scene moves very fast - bang bang and u'r dead :) Especially now when Ballmer replaced BG - I'm worried, I don't quite trust Ballmer and Ozzie and others - ol' Bill was da man, not sure Vista survives w/o him when his archrival Jobs is only started to accelerate before real takeoff (Leopard?), but we'll see, we'll see...
Oh, interesting, tell stupid us what is this "far better means of controlling permissions within an OS" instead of annoying ugly UAC, this must be something revolutionary and ingenious - maybe MS will pay you big bucks for that, who knows ;-)) Besides this thing being early beta, also keep in mind that it's not a cosmetic chaneg akin to upgrade from W2k to XP or from OSX 10.3 to 10.4 - this is a major OS overhaul not too far from migration from 9x to NT, of course early beta of such a grand release will be total crap (at least for many people, but some others seem to enjoy it a lot). So, comparing this early beta release to XP release candidate is indeed pretty stupid. I don't even expect Vista release to be 100% usable out of the box, ESPECIALLY x64 version - Vista 64 will take another year or two to mature, get drivers/apps ready and such. And you should also keep in mind that MS is in a big hurry to avoid Apple to chop its balls off - some more delay and you'll see Apple market share well over 10% which is pretty dangerous to MS if they wanna keep enjoying their desktop x86 OS monopoly status. Hence MS does stuff quickly, cuts off features and will probably release something buggy just to avoid serious threat from Apple. Expect something usable only after SP1 and give it at least a year - in a meantime read some rumours about Leopard and salivate a little - that'll keep you going ;-))
ChronoReverse - Friday, June 16, 2006 - link
You tested RC1 of XP. Release Candidate 1.This is BETA 2 of Vista. Maybe when they release RC1 of Vista you can compare again.
Frallan - Friday, June 16, 2006 - link
Well i found 1 thing to be more interesting then the rest: Gaming Perfomance!!That means that at least til the games I want to play are DX10 combined with the fact that DX10 games get better results im going to stax with my XP.
Sorry M$
/F
Googer - Friday, June 16, 2006 - link
There are so many versions and the feature sets will confuse most of us.Here is a screen shot from Paul Thurott's Win Super Site.
http://pics.bbzzdd.com/users/Googer/Windows_Vista_...">Windows Vista Versions.
Ryan Smith - Friday, June 16, 2006 - link
Keep in mind that that's an old chart. Small Business Edition no longer exists, and Professional is now Business Edition.Googer - Saturday, June 17, 2006 - link
Thanks forthe update. Here is the now silghtly out of date chart but still has some usefull information.http://www.winsupersite.com/showcase/winvista_edit...">http://www.winsupersite.com/showcase/winvista_edit...
slashbinslashbash - Friday, June 16, 2006 - link
Page 8, "regulated" should be "relegated"Also in the same sentence, "Superfetc.h" (which might not be a typo)
A 14-page article with 2 minor problems.... The quality ratio here at AT just kills DailyTech.... please impose AT quality control on DailyTech!
JarredWalton - Friday, June 16, 2006 - link
Fixed - DT runs a lot of short, quick articles, and unfortunately that means they get more typos and errors. Anyway, since they are a separate entity, there's not much we can do. Feel free to post and tell them, though, but remember they're looking at probably 10X as many press releases as we do. LOLDerekWilson - Friday, June 16, 2006 - link
1) vista is perfectly capable of being a stable light weight desktop system (with some quirks) at the beta 2 stage ... but try to do anything fast or power hungry and you'd be better off sticking with xp until vista is released. right now, at beta 2, vista is a neat toy. don't try to use it for everything.2) after all the spit an polish dries, i will still prefer os x to vista
3) final verdict? same as it ever was -- i'll be running vista for games and linux for programming. and since i've recently been bitten by the switch bug, os x for everything else.