User Account Control and Security
While Windows XP went a long way towards correcting some of the biggest problems in previous versions of Windows, it's also had some significant problems where its age has not been good to it. Paramount among these is the overall security of Windows, a two-fold problem involving some arguably poor programming practices at Microsoft, and an operating system that nearly expects all users to be full administrators. Microsoft has made some effort to correct this in Widows XP, especially with Service Pack 2 which added support for the no-execute security bit and a dramatically improved firewall, but there's only so much Microsoft can do without completely overhauling the operating system.
With Vista of course, now that Microsoft has the chance to do so, they have made some significant changes to the underpinnings of Vista in order to better lockdown the operating system; specifically, with a feature called User Account Control. The basic premise behind UAC is that the previous way of running everything as an Administrator was wrong, and by doing so it not only allowed applications to make system-wide changes when they shouldn't, but it also meant that compromised applications could be used as a vector to attack the system. As a result, even an administrator isn't really an administrator under Vista.
The most noticeable change as a result of this is that Vista will attempt to run most programs using standard permissions, effectively turning administrators into standard users. For many programs, especially programs included in Vista, this won't be a problem, and they'll be able to run fine with standard permissions. Windows Media Player 11 is one such example of a program that had problems under XP that has been fixed for Vista.
For a second class of programs, those that think they need admin permissions but really do not, Microsoft has engineered what amounts to a partial sandbox for those applications, so that when they attempt to make changes in global locations (the Windows directory, certain registry locations, etc.), they'll instead be secretly redirected to locations inside of the user's home folder and the user's local branch of the registry, allowing these programs to make the file and registry changes they want without having true access to the global operating system. A number of programs that haven't been modified to be completely compliant with standard permissions can be made to work fine under this still-protected mode.
Last, but not least, there are certain programs and actions that simply require administrator privileges, such as deletions outside the user's home folder and most control panel changes. Here, Vista is implementing a very Unix-like system of getting the user's permission, rather than implicitly granting the user permission to undertake the action based on their administrator credentials. Vista will bring up a secure dialog box that informs the user of the action that is to be taken, and gives them the option to either approve or deny it (non-admin users will need to provide an admin account first).
It's this last change that will likely be most jarring for users coming from XP, as it turns out there are a number of actions Windows undertakes right now that are administrator level and are based on implicit permission. At this point, UAC will ask for confirmation a lot; entirely too much in fact (we ended up turning off UAC at one point). We've had to deal with other quirks with UAC as well, for example it's now harder to terminate an administrator-privileged program that's run amok (you have to elevate your permissions in the task manager to do it). There's also the ultimate issue of working out which programs need to be run in administrator mode; if a program isn't working, is it because it's incompatible with Vista, or because it needs administrator powers?
Microsoft is aware of this, and is working on streamlining the process for the release version of Vista, so the obtrusions should not be as bad as with the current beta. Nevertheless, it puts users in the odd position of picking an OS mode that either is secure because it makes it much harder for malware to infect the system at the cost of making every action potentially less convenient, or a more liberal system that gives up the security benefits. This is an especially odd position for enthusiasts who tend to have the skills to prevent a malware infection in the first place; not only is UAC not as helpful for them, but as one of the biggest new features in Vista, is it worth buying Vista if you're not going to use UAC?
Ultimately, UAC is a huge part of the new security systems within Vista, and even if it isn't perfectly streamlined by release, it will be much better for virtually all users to have it enabled and slightly bothered by it, rather than being in the open. If too many users end up turning off UAC, it can create a chicken/egg situation where application developers will not bother to make their programs work without administrative powers (just like today), and where Vista is left with much of the same security mess that XP has today as the other security systems aren't enough to completely secure Vista on their own. Everyone is going to find it's a significant change compared to the easy-going XP, but it's without a doubt this kind of overhaul is going to be for the best: what you don't know can hurt you.
It's also worth mentioning that IE7+ (the Vista version of IE7) will be tied into UAC. Its own sandbox mode, which is intended to keep ActiveX controls from running amok, requires UAC to be active to be effective; otherwise it will only have similar protections to what IE6 offers today. However, given the immense use of IE6 right now as a vector of attack for spyware, on paper it seems like these changes should significantly strengthen IE7 and Windows as a whole.
Besides UAC, Microsoft has made a couple other significant additions to Windows, largely as a tool of last resort, since the ultimate power to install spyware lies with the users; some will still continue to run malicious applications with administrative privileges, and will need tools to deal with that. The Windows firewall has been upgraded to a full-service product that is capable of blocking both inbound and now outbound connections, which provides an additional method of warning users that they have malicious applications attempting to get out to the internet, and a way of containing them until removal. Microsoft Anti-Spyware has also been integrated into Vista, given the new name Windows Defender. Defender has been given a significant upgrade from the previous incarnation as MAS, and now is a real-time scanning application that on top of removing spyware can monitor IE downloads for known spyware and warn users of suspicious user-level changes to programs like IE.
Lastly, Microsoft has implemented a range of parental control features intended to better help parents control their kids' activities, extending some of the previous business-class control features of Windows. On top of the already limited abilities of standard user accounts, new control features includes the ability to lock down computer usage to certain times, and Microsoft has indicated they may expand this in the future to specific applications at specific times. Other features are the ability to outright block specific programs and websites, and to monitor certain activities enacted by controlled accounts (with special attention to internet activity, instant messenger usage, email, and time spent playing games).
While Windows XP went a long way towards correcting some of the biggest problems in previous versions of Windows, it's also had some significant problems where its age has not been good to it. Paramount among these is the overall security of Windows, a two-fold problem involving some arguably poor programming practices at Microsoft, and an operating system that nearly expects all users to be full administrators. Microsoft has made some effort to correct this in Widows XP, especially with Service Pack 2 which added support for the no-execute security bit and a dramatically improved firewall, but there's only so much Microsoft can do without completely overhauling the operating system.
With Vista of course, now that Microsoft has the chance to do so, they have made some significant changes to the underpinnings of Vista in order to better lockdown the operating system; specifically, with a feature called User Account Control. The basic premise behind UAC is that the previous way of running everything as an Administrator was wrong, and by doing so it not only allowed applications to make system-wide changes when they shouldn't, but it also meant that compromised applications could be used as a vector to attack the system. As a result, even an administrator isn't really an administrator under Vista.
The most noticeable change as a result of this is that Vista will attempt to run most programs using standard permissions, effectively turning administrators into standard users. For many programs, especially programs included in Vista, this won't be a problem, and they'll be able to run fine with standard permissions. Windows Media Player 11 is one such example of a program that had problems under XP that has been fixed for Vista.
For a second class of programs, those that think they need admin permissions but really do not, Microsoft has engineered what amounts to a partial sandbox for those applications, so that when they attempt to make changes in global locations (the Windows directory, certain registry locations, etc.), they'll instead be secretly redirected to locations inside of the user's home folder and the user's local branch of the registry, allowing these programs to make the file and registry changes they want without having true access to the global operating system. A number of programs that haven't been modified to be completely compliant with standard permissions can be made to work fine under this still-protected mode.
 |
| Click to enlarge |
Last, but not least, there are certain programs and actions that simply require administrator privileges, such as deletions outside the user's home folder and most control panel changes. Here, Vista is implementing a very Unix-like system of getting the user's permission, rather than implicitly granting the user permission to undertake the action based on their administrator credentials. Vista will bring up a secure dialog box that informs the user of the action that is to be taken, and gives them the option to either approve or deny it (non-admin users will need to provide an admin account first).
 |
| Click to enlarge |
It's this last change that will likely be most jarring for users coming from XP, as it turns out there are a number of actions Windows undertakes right now that are administrator level and are based on implicit permission. At this point, UAC will ask for confirmation a lot; entirely too much in fact (we ended up turning off UAC at one point). We've had to deal with other quirks with UAC as well, for example it's now harder to terminate an administrator-privileged program that's run amok (you have to elevate your permissions in the task manager to do it). There's also the ultimate issue of working out which programs need to be run in administrator mode; if a program isn't working, is it because it's incompatible with Vista, or because it needs administrator powers?
Microsoft is aware of this, and is working on streamlining the process for the release version of Vista, so the obtrusions should not be as bad as with the current beta. Nevertheless, it puts users in the odd position of picking an OS mode that either is secure because it makes it much harder for malware to infect the system at the cost of making every action potentially less convenient, or a more liberal system that gives up the security benefits. This is an especially odd position for enthusiasts who tend to have the skills to prevent a malware infection in the first place; not only is UAC not as helpful for them, but as one of the biggest new features in Vista, is it worth buying Vista if you're not going to use UAC?
Ultimately, UAC is a huge part of the new security systems within Vista, and even if it isn't perfectly streamlined by release, it will be much better for virtually all users to have it enabled and slightly bothered by it, rather than being in the open. If too many users end up turning off UAC, it can create a chicken/egg situation where application developers will not bother to make their programs work without administrative powers (just like today), and where Vista is left with much of the same security mess that XP has today as the other security systems aren't enough to completely secure Vista on their own. Everyone is going to find it's a significant change compared to the easy-going XP, but it's without a doubt this kind of overhaul is going to be for the best: what you don't know can hurt you.
It's also worth mentioning that IE7+ (the Vista version of IE7) will be tied into UAC. Its own sandbox mode, which is intended to keep ActiveX controls from running amok, requires UAC to be active to be effective; otherwise it will only have similar protections to what IE6 offers today. However, given the immense use of IE6 right now as a vector of attack for spyware, on paper it seems like these changes should significantly strengthen IE7 and Windows as a whole.
Besides UAC, Microsoft has made a couple other significant additions to Windows, largely as a tool of last resort, since the ultimate power to install spyware lies with the users; some will still continue to run malicious applications with administrative privileges, and will need tools to deal with that. The Windows firewall has been upgraded to a full-service product that is capable of blocking both inbound and now outbound connections, which provides an additional method of warning users that they have malicious applications attempting to get out to the internet, and a way of containing them until removal. Microsoft Anti-Spyware has also been integrated into Vista, given the new name Windows Defender. Defender has been given a significant upgrade from the previous incarnation as MAS, and now is a real-time scanning application that on top of removing spyware can monitor IE downloads for known spyware and warn users of suspicious user-level changes to programs like IE.
Lastly, Microsoft has implemented a range of parental control features intended to better help parents control their kids' activities, extending some of the previous business-class control features of Windows. On top of the already limited abilities of standard user accounts, new control features includes the ability to lock down computer usage to certain times, and Microsoft has indicated they may expand this in the future to specific applications at specific times. Other features are the ability to outright block specific programs and websites, and to monitor certain activities enacted by controlled accounts (with special attention to internet activity, instant messenger usage, email, and time spent playing games).
Facebook
Twitter
RSS
75 Comments
View All Comments
rqle - Friday, June 16, 2006 - link
dont really need bad memory module, overclock the memory just a tad bit to give errors while keeping the cpu clock constant or known stable clock.JarredWalton - Friday, June 16, 2006 - link
That still only works if the memory fails. Plenty of DIMMs can handle moderate overclocks. Anyway, it's not a huge deal I don't think - something that can sometimes prove useful if you're experiencing instabilities and think the RAM is the cause, but even then I've had DIMMs fail MemTest86 when it turned out the be a motherboard issue... or simply bad timings in the BIOS.PrinceGaz - Saturday, June 17, 2006 - link
Erm, no. Just overclock and/or use tighter-timings on a known good module beyond the point at which it is 100% stable. It might still seem okay in general usage but Memtest86 will spot problems with it. Now see if Vista's memory tester also spots problems with it. Pretty straightforward to test.xFlankerx - Friday, June 16, 2006 - link
I love how I was browsing the website, and I just refresh the page, and there's a brand new article there...simply amazing.xFlankerx - Friday, June 16, 2006 - link
Masterful piece of work though. Excellent Job.