User Account Control and Security
While Windows XP went a long way towards correcting some of the biggest problems in previous versions of Windows, it's also had some significant problems where its age has not been good to it. Paramount among these is the overall security of Windows, a two-fold problem involving some arguably poor programming practices at Microsoft, and an operating system that nearly expects all users to be full administrators. Microsoft has made some effort to correct this in Widows XP, especially with Service Pack 2 which added support for the no-execute security bit and a dramatically improved firewall, but there's only so much Microsoft can do without completely overhauling the operating system.
With Vista of course, now that Microsoft has the chance to do so, they have made some significant changes to the underpinnings of Vista in order to better lockdown the operating system; specifically, with a feature called User Account Control. The basic premise behind UAC is that the previous way of running everything as an Administrator was wrong, and by doing so it not only allowed applications to make system-wide changes when they shouldn't, but it also meant that compromised applications could be used as a vector to attack the system. As a result, even an administrator isn't really an administrator under Vista.
The most noticeable change as a result of this is that Vista will attempt to run most programs using standard permissions, effectively turning administrators into standard users. For many programs, especially programs included in Vista, this won't be a problem, and they'll be able to run fine with standard permissions. Windows Media Player 11 is one such example of a program that had problems under XP that has been fixed for Vista.
For a second class of programs, those that think they need admin permissions but really do not, Microsoft has engineered what amounts to a partial sandbox for those applications, so that when they attempt to make changes in global locations (the Windows directory, certain registry locations, etc.), they'll instead be secretly redirected to locations inside of the user's home folder and the user's local branch of the registry, allowing these programs to make the file and registry changes they want without having true access to the global operating system. A number of programs that haven't been modified to be completely compliant with standard permissions can be made to work fine under this still-protected mode.
Last, but not least, there are certain programs and actions that simply require administrator privileges, such as deletions outside the user's home folder and most control panel changes. Here, Vista is implementing a very Unix-like system of getting the user's permission, rather than implicitly granting the user permission to undertake the action based on their administrator credentials. Vista will bring up a secure dialog box that informs the user of the action that is to be taken, and gives them the option to either approve or deny it (non-admin users will need to provide an admin account first).
It's this last change that will likely be most jarring for users coming from XP, as it turns out there are a number of actions Windows undertakes right now that are administrator level and are based on implicit permission. At this point, UAC will ask for confirmation a lot; entirely too much in fact (we ended up turning off UAC at one point). We've had to deal with other quirks with UAC as well, for example it's now harder to terminate an administrator-privileged program that's run amok (you have to elevate your permissions in the task manager to do it). There's also the ultimate issue of working out which programs need to be run in administrator mode; if a program isn't working, is it because it's incompatible with Vista, or because it needs administrator powers?
Microsoft is aware of this, and is working on streamlining the process for the release version of Vista, so the obtrusions should not be as bad as with the current beta. Nevertheless, it puts users in the odd position of picking an OS mode that either is secure because it makes it much harder for malware to infect the system at the cost of making every action potentially less convenient, or a more liberal system that gives up the security benefits. This is an especially odd position for enthusiasts who tend to have the skills to prevent a malware infection in the first place; not only is UAC not as helpful for them, but as one of the biggest new features in Vista, is it worth buying Vista if you're not going to use UAC?
Ultimately, UAC is a huge part of the new security systems within Vista, and even if it isn't perfectly streamlined by release, it will be much better for virtually all users to have it enabled and slightly bothered by it, rather than being in the open. If too many users end up turning off UAC, it can create a chicken/egg situation where application developers will not bother to make their programs work without administrative powers (just like today), and where Vista is left with much of the same security mess that XP has today as the other security systems aren't enough to completely secure Vista on their own. Everyone is going to find it's a significant change compared to the easy-going XP, but it's without a doubt this kind of overhaul is going to be for the best: what you don't know can hurt you.
It's also worth mentioning that IE7+ (the Vista version of IE7) will be tied into UAC. Its own sandbox mode, which is intended to keep ActiveX controls from running amok, requires UAC to be active to be effective; otherwise it will only have similar protections to what IE6 offers today. However, given the immense use of IE6 right now as a vector of attack for spyware, on paper it seems like these changes should significantly strengthen IE7 and Windows as a whole.
Besides UAC, Microsoft has made a couple other significant additions to Windows, largely as a tool of last resort, since the ultimate power to install spyware lies with the users; some will still continue to run malicious applications with administrative privileges, and will need tools to deal with that. The Windows firewall has been upgraded to a full-service product that is capable of blocking both inbound and now outbound connections, which provides an additional method of warning users that they have malicious applications attempting to get out to the internet, and a way of containing them until removal. Microsoft Anti-Spyware has also been integrated into Vista, given the new name Windows Defender. Defender has been given a significant upgrade from the previous incarnation as MAS, and now is a real-time scanning application that on top of removing spyware can monitor IE downloads for known spyware and warn users of suspicious user-level changes to programs like IE.
Lastly, Microsoft has implemented a range of parental control features intended to better help parents control their kids' activities, extending some of the previous business-class control features of Windows. On top of the already limited abilities of standard user accounts, new control features includes the ability to lock down computer usage to certain times, and Microsoft has indicated they may expand this in the future to specific applications at specific times. Other features are the ability to outright block specific programs and websites, and to monitor certain activities enacted by controlled accounts (with special attention to internet activity, instant messenger usage, email, and time spent playing games).
While Windows XP went a long way towards correcting some of the biggest problems in previous versions of Windows, it's also had some significant problems where its age has not been good to it. Paramount among these is the overall security of Windows, a two-fold problem involving some arguably poor programming practices at Microsoft, and an operating system that nearly expects all users to be full administrators. Microsoft has made some effort to correct this in Widows XP, especially with Service Pack 2 which added support for the no-execute security bit and a dramatically improved firewall, but there's only so much Microsoft can do without completely overhauling the operating system.
With Vista of course, now that Microsoft has the chance to do so, they have made some significant changes to the underpinnings of Vista in order to better lockdown the operating system; specifically, with a feature called User Account Control. The basic premise behind UAC is that the previous way of running everything as an Administrator was wrong, and by doing so it not only allowed applications to make system-wide changes when they shouldn't, but it also meant that compromised applications could be used as a vector to attack the system. As a result, even an administrator isn't really an administrator under Vista.
The most noticeable change as a result of this is that Vista will attempt to run most programs using standard permissions, effectively turning administrators into standard users. For many programs, especially programs included in Vista, this won't be a problem, and they'll be able to run fine with standard permissions. Windows Media Player 11 is one such example of a program that had problems under XP that has been fixed for Vista.
For a second class of programs, those that think they need admin permissions but really do not, Microsoft has engineered what amounts to a partial sandbox for those applications, so that when they attempt to make changes in global locations (the Windows directory, certain registry locations, etc.), they'll instead be secretly redirected to locations inside of the user's home folder and the user's local branch of the registry, allowing these programs to make the file and registry changes they want without having true access to the global operating system. A number of programs that haven't been modified to be completely compliant with standard permissions can be made to work fine under this still-protected mode.
 |
| Click to enlarge |
Last, but not least, there are certain programs and actions that simply require administrator privileges, such as deletions outside the user's home folder and most control panel changes. Here, Vista is implementing a very Unix-like system of getting the user's permission, rather than implicitly granting the user permission to undertake the action based on their administrator credentials. Vista will bring up a secure dialog box that informs the user of the action that is to be taken, and gives them the option to either approve or deny it (non-admin users will need to provide an admin account first).
 |
| Click to enlarge |
It's this last change that will likely be most jarring for users coming from XP, as it turns out there are a number of actions Windows undertakes right now that are administrator level and are based on implicit permission. At this point, UAC will ask for confirmation a lot; entirely too much in fact (we ended up turning off UAC at one point). We've had to deal with other quirks with UAC as well, for example it's now harder to terminate an administrator-privileged program that's run amok (you have to elevate your permissions in the task manager to do it). There's also the ultimate issue of working out which programs need to be run in administrator mode; if a program isn't working, is it because it's incompatible with Vista, or because it needs administrator powers?
Microsoft is aware of this, and is working on streamlining the process for the release version of Vista, so the obtrusions should not be as bad as with the current beta. Nevertheless, it puts users in the odd position of picking an OS mode that either is secure because it makes it much harder for malware to infect the system at the cost of making every action potentially less convenient, or a more liberal system that gives up the security benefits. This is an especially odd position for enthusiasts who tend to have the skills to prevent a malware infection in the first place; not only is UAC not as helpful for them, but as one of the biggest new features in Vista, is it worth buying Vista if you're not going to use UAC?
Ultimately, UAC is a huge part of the new security systems within Vista, and even if it isn't perfectly streamlined by release, it will be much better for virtually all users to have it enabled and slightly bothered by it, rather than being in the open. If too many users end up turning off UAC, it can create a chicken/egg situation where application developers will not bother to make their programs work without administrative powers (just like today), and where Vista is left with much of the same security mess that XP has today as the other security systems aren't enough to completely secure Vista on their own. Everyone is going to find it's a significant change compared to the easy-going XP, but it's without a doubt this kind of overhaul is going to be for the best: what you don't know can hurt you.
It's also worth mentioning that IE7+ (the Vista version of IE7) will be tied into UAC. Its own sandbox mode, which is intended to keep ActiveX controls from running amok, requires UAC to be active to be effective; otherwise it will only have similar protections to what IE6 offers today. However, given the immense use of IE6 right now as a vector of attack for spyware, on paper it seems like these changes should significantly strengthen IE7 and Windows as a whole.
Besides UAC, Microsoft has made a couple other significant additions to Windows, largely as a tool of last resort, since the ultimate power to install spyware lies with the users; some will still continue to run malicious applications with administrative privileges, and will need tools to deal with that. The Windows firewall has been upgraded to a full-service product that is capable of blocking both inbound and now outbound connections, which provides an additional method of warning users that they have malicious applications attempting to get out to the internet, and a way of containing them until removal. Microsoft Anti-Spyware has also been integrated into Vista, given the new name Windows Defender. Defender has been given a significant upgrade from the previous incarnation as MAS, and now is a real-time scanning application that on top of removing spyware can monitor IE downloads for known spyware and warn users of suspicious user-level changes to programs like IE.
Lastly, Microsoft has implemented a range of parental control features intended to better help parents control their kids' activities, extending some of the previous business-class control features of Windows. On top of the already limited abilities of standard user accounts, new control features includes the ability to lock down computer usage to certain times, and Microsoft has indicated they may expand this in the future to specific applications at specific times. Other features are the ability to outright block specific programs and websites, and to monitor certain activities enacted by controlled accounts (with special attention to internet activity, instant messenger usage, email, and time spent playing games).
Facebook
Twitter
RSS
75 Comments
View All Comments
Pirks - Friday, June 16, 2006 - link
Windows driver support and OSX driver support are quite different, in Windows you usually need a driver CD or download, while with OSX there almost nothing to do - plug the thing and enjoy it - hence the need for certified hardware - you need someone in charge of hardware approval to get that level of smoothness with hardware & other stuff. Apple can't provide this level of service IF they can't stamp their logo on something, while Windows can't provide this level of service BECAUSE they can't stamp their logo - feel the difference here :)) There's no such thing as "certified Windows hardware that you can just pop in and enjoy" - put all the WHQL/XP/MS logos on a Chinese card from newegg - and you still have to download and setup drivers yourself - which sounds like an insult for any Mac guy, hehe ;-)Locutus465 - Friday, June 16, 2006 - link
Not neccessarly... Hell, at work we started using signature pad software in conjunction with an active x control to provide digital signature functionality... I ordered a Topaz signature pad, it got to the office, plugged it in the USB and wouldn't you know it.... Windows found the device right away and it worked. To be fair, microsoft supports a huge number of the box... They just can't support all of it... Heck, I didn't even *need* to install any system drivers with vista, it found all my nForce4 devices and Gefore 7800GT just fine... I chose to becaues I'm guessing nVidia probably did a better job with thier drivers than microsoft did with their generic ones.Pirks - Friday, June 16, 2006 - link
This is what I'm talking about - noone can support everything out there out of the box but a MANAGEABLE subset of hardware, like most popular video/audio/TV/RAID and other cards - that's a piece of cake, and now you are right, Vista will support a lot out of the box but LATER maybe in a year or two a lot of new devices start to appear on the market that Vista will not support out of the box, and the problem is NOBODY cares whether user has to download a driver or something, nobody cares about setting up some automatic update site driven by MS and maybe some other big PC vendors together (joint MS/newegg site would be ubermegacool!) which says "IF YOU GET CERTIFIED HARDWARE FROM US IT'LL WORK MAC-STYLE" meaning that if this card has a special logo - you know you pop it in and nothing else - Windows automatically locates driver online and downloads/installs it - Mac OS X style. Just forget about this thing unless you get a Mac - somehow MS and other can't realize many users would love such a feature - very nice choice - if you're a pro - go to newegg and get nice cheap stuff and install it yourself, but if you're a noob - here's your WinHardware.com, get there, choose a card, order it, pop it in and just FORGET about everything else - no drivers no other sh1t to worry about - well, all AT/DT readers won't care about that, I know, but for noobs/general public I think that's a boon, all my Mac owning buddies LOVE that feature of Macs - hence it's a good idea to adopt something similar for Windows, don't you agree?Locutus465 - Saturday, June 17, 2006 - link
What you don't seem to realize is that Windows has such a feature called Windows update. Microsoft does continuously update their in house set of available drivers. The main thing is that Microsoft tends not to do as good a job optimising drivers for *performance*. What microsoft want's are good solid drivers that don't crash your system, as far as their conserned performance is a distant second. This is why most users in the know specifically tell Windows *not* to locate a driver for their new hardware (unless it's something simple like a USB/Firewire harddrive etc) and proceed to download drivers from the hardware manufacturers website.Pirks - Saturday, June 17, 2006 - link
Ever tried to install Audigy 2 or X-Fi on XP? Ever tried to pop in Nomad Zen in 2002 or so... rings any bells? Or not?Well, if not, here's an explanation for you - your Windows Update is just this - purely WINDOWS update, and nothing more - the problem is - Windows Update is not concerned with a lot of new hardware coming out (Nomad Zen back in 2002, X-Fi, many other examples), there's not even an idea of certifying the new piece of hardware and submitting drivers to Microsoft where they are put online with WHQL logo on them. See the difference? In Macs it's a rule - got a new fresh driver for Mac OS X for your card? Submit it to Apple NOW! In Windows? Who cares about this in Windows? Windows PC makers do not care whether their customer can or can not install drivers - here's your PC, bye now. You wanna install X-Fi? Well, you're on your own. Get a nerd or something. Yeah, this works, but why not to go one step further and do it like this - Creative makes new flashy X-Fi - IMMEDIATELY submits drivers to MS - MS quickly tests them and in a week or two there you go - you pop your new expensive X-Fi in your PC and MAGICCC!!! PC GOES ONLINE AND DOWNLOADS/INSTALLS DRIVERS ITSELF! Why? Because X-Fi has this logo "Just Works in XP". You wanna get third party hi-perf drivers and apps/tuning utils? No problemo - go get 'em. But if you're a noob and dont' know what a driver is - this is a boon.
So far no enthusiast understood me when I mentioned this idea - and this is normal - enthusiasts do not need this kind of service. What is more interesting is why a major Home PC brand still doesn't have this kind of service. My guess this is because quality Home PCs come pre-assembled with all the drivers, but still - this service is an interesting approach to clone from Apple.
After all Vista cloned a lot from Tiger - why not clone other things from Apple like this service?
Will it hurt anyone?
Or will it make PCs more noob friendly and hence better competitors for Macs which constantly boast this "Just works" attitude? I mean this is nothing major, this is just a little service - but this Dashboard and Expose and other things - they are also little services, if you think about it. Is Vista actively cloning this stuff? Sure it is, everybody loves eye-candy, Spotlight and stuff like that - so why would anyone NOT like this additional automatic hardware configuration service?
I feel this is a thing of the future, and should appear sooner or later.
Any other opinions on that?
Locutus465 - Saturday, June 17, 2006 - link
Yes, but perhaps what you're missing is Microsoft will update their own in house drivers for hardware they consider essential to Windows functioning properly. The fact that microsoft doesn't try to control the PC market in the way Apple controls the Mac market has made the PC significantly more cost effective than Apples platform, while still allowing for a very high degree of innovation. The IBM PC has always been about economics, which is why no one (including IBM) could control it the way in which Apple controls the Mac platform. So apparently the answer to your question is yes and no.Yeah, there does need to be a service to update driver critical to the functioning of modern PC's automatically (in Microsoft's case, Windows Update). But no, in order to retain the economic's of the IBM clone market, there needs to be no such Apple like control over the market..
Pirks - Sunday, June 18, 2006 - link
Excellent point - total Apple-like control of the hardware turns PC into Mac, which is obviously not what users need and want (excluding zealots, of course). However, my point was not about turning PC into Mac by introducing total hardware control over every PC out there, Apple-style, it was rather about creating a special BRAND of PC, obviously a Vista-based PC, which should retain best features of Vista and Mac from the point of view of a noob. This means: a Vista PC which has similar subset of applications as OS X Tiger, and which also behaves like a Mac when you pop a certified piece of hardware into it - it goes online and downloads/installs drivers quietly and user just enjoys the device without any thinking - it "just works".Naturally, there is no need at all to convert all PCs to that ideology, one brand would be enough. Who is the best candidate for that? Probably an alliance between Dell and MS, or something similar.
I heard a lot of talk about Microsoft's iPod Killa coming out soon, not sure these aren't just baseless rumors but... let's imagine for a sec MS is going to try and kick Apple a little in DAP market - how'd they do that? Obviously by cloning and amplifying strengths of iPod. What are these? Tight integration and control of course, especially on Macs - on Mac the OS itself plus iTunes/iPod/iTMS work seamlessly together. Maybe MS can leverage some of that by creating its own PC brand (together with Dell would be the best) so that when there's someone thinking about bying a Mac just because it's so noob friendly, he/she can reconsider - hey, wait, don't buy a Mac - see, there's similar MS PC, which also accepts a subset of certified hardware, just like Mac and because of that is as easy and stable as a Mac - this is its strength, this is why it can compete with Macs on their turf.
In other words, if Apple pushes personal computers as easy to use, utility devices, and if MS also kind of succeded with its console (which is also utility device - plug and enjoy) then, maybe, it's time to attack CORE Apple market - those utility PCs called Macs. MS has attacked Sony market with game console - why not attacking Apple market at some point by creating similar PC clone of Mac, which is also controlled by one company and hence easy and stable etc.
Seems like a viable business idea to me, well meybe not at this point in time, maybe we should wait till Apple share of US home computer market grows to, say, 10 or 20% - but EVENTUALLY MS might be just FORCED to go Apple way - tight control over hardware and such - while leaving current free PC market intact of course - as I said it should be just another PC brand, nothing more.
stash - Friday, June 16, 2006 - link
Because that is a nice gaping vulnerability.
If you notice, there are two large buttons (sleep and lock) and a menu containing restart, logoff, shutdown, hibernate, etc. Sleep is a faster and more efficient method to shut off a computer, since it combines standby with hibernation. So machines will shut down much faster and startup nearly instantaneously, right where you left them. They will also use less power, since resuming from sleep uses far less power than a cold boot.
This is not MS's behavior at all. All of these things are tested extensively in useability studies by thousands of (non-Microsoft) users. The UX and UI changes in Vista are a result of these studies, not some artibrary decision.
JarredWalton - Friday, June 16, 2006 - link
Sleep and standby are not "more efficient" as they continue to draw power. (If fact, even shutting down will still leave the PC drawing 5-10W on most desktops.) The best way to totally shut off a computer is to shut down Windows and unplug the PC (or turn off the PSU switch). If by more efficient you mean that it starts up faster, then yes, but that's really more convenient, not more efficient.Locutus465 - Friday, June 16, 2006 - link
So far, sleep doesn't start up my computer any faster than a cold boot with vista. In fact... Some times it doesn't start up my computer at all! I do like the general idea that you can put your computer into a sleep mode and still have it continue downloading data etc. Hopefully MS will get this worked out.