Windows fortified

Vista, Microsoft’s new operating system, offers users stronger security, better performance than earlier versions

There is one reason above all others for agencies and departments to consider shelling out money for Vista, the newest version of Microsoft Windows: There are currently no Vista viruses.

Yes, it’s early. Yes, many people are undoubtedly trying to become the first to write an effective malevolent virus that attacks Vista.  And, yes, it would be silly to believe that Vista — or any other operating system, for that matter — is invulnerable to motivated virus writers and hackers.

Nevertheless, improved security is Vista’s strongest selling point. Developers have made a number of changes in Windows’ architecture and design, eliminating many of the operating system’s existing vulnerabilities. When viruses crop up they are not likely to be capable of causing as much damage.

Improved security is not, of course, the only enhancement Microsoft is using in Vista sales pitches. This is a complete reworking of the operating system, and it offers an array of new features that will appeal to users and system administrators.

We’ll take a look at the major attractions, and the surprisingly few drawbacks, for each.

Lure for users: Interface, performance
A lot of users will probably ask for an upgrade to Vista to get the nifty new screen backgrounds. But there’s more to Vista than glitz and glitter. Microsoft claims that many of the other enhancements to the interface will add to greater user productivity, primarily through easier navigation of applications. We’re not so sure about that, but there’s no denying that at least initially they add to the fun of using the operating system.

The glass effect of the new interface, with semitransparent application windows that allow users to view underlying applications, may or may not aid navigation, but it sure is slick. 

The Windows Flip3D function is more impressive. Hold down the Windows key on your keyboard, and press Tab. You’ll see the desktop change to a 3-D display of your open Windows. Click Tab until the window you want is on top, and it will pop up front and center. This feature does help navigation.

We also like the new gadget bar, a translucent bar that is by default along the right side of the display. The user-configurable gadget bar holds utilities that you want to keep close at hand. Interface aside, Vista clearly makes it easier to search for content than earlier versions of Windows did.  

We were especially impressed by Windows Explorer’s new search capabilities. The upper-right corner of each Window offers an expandable search field that you can use to search your computer, the Internet or only indexed items. You can limit results to display only documents, e-mails, images and so forth. You can also save search results as impromptu folders for quick access in the future. 

Several new applications and utilities promise potential productivity gains, especially for workgroups. One especially notable addition is the Windows Meeting Space. Make no mistake, Meeting Space is not as powerful as Groove from Groove Networks or other dedicated Web conferencing software. But it does have a niche. Using Meeting Space, as many as 10 users can connect to one another via a wired or wireless network to share and edit files or view one another’s desktops. 

We also found the new Sync Center and Mobile Device Center to be well-designed utilities that make it easy to keep data on a portable device synchronized with a desktop.  We were skeptical about those utilities when we tested beta versions of Vista because we frequently encountered problems setting up and syncing devices. But developers have apparently ironed out those wrinkles.   

Securing and tuning performance

Those are the main reasons users will ask for upgrades to Vista. But many other new features will make users’ life easier. Vista has a built-in anti-spyware program called Windows Defender, which does a pretty good job of snagging spyware. But we’re a little stumped about why Microsoft decided to stop there. Why not make an antivirus program part of the operating system, too?

Users will also appreciate the newer, slightly more robust Windows Firewall, which can restrict inbound and outbound traffic. Systems administrators won’t, however, likely abandon more powerful enterprise-level firewall solutions.

In addition, users will also find that Vista does a better job than previous Windows versions of helping them access network resources and diagnose network connectivity problems. We found significantly fewer problems accessing computers and folders across the network using Vista clients. And when connectivity problems arose, Vista did a much better job of helping diagnose the problems.

Finally, although we haven’t yet developed empirical benchmarks for standardized performance tests with Vista, we found performance to be significantly improved with Vista compared with earlier Windows versions.  

Vista also includes several technological enhancements that have the potential to boost performance on PCs. Windows ReadyBoost can employ USB flash drives to add to system memory. The SuperFetch utility tracks which applications are used most frequently and preloads them into memory for faster start-up. ReadyDrive improves performance if you have compatible hybrid hard drives in the computer.

The overall effect of these improvements is faster, steadier performance with fewer stalls.

Lure for administrators: Security, security...and easier management

Vista’s protection against hackers and viruses is a significant argument for agencies and departments to consider making the upgrade.

The most significant security enhancements are under the hood. Microsoft developers have thoroughly redesigned the operating system and hardened core services to reduce the potential damage in the event of an attack. The operating system employs a new TCP/IP stack that is more secure than Windows’ previous version. Routing compartments and tables are more difficult to crack and corrupt. And new packet filtering application programming interfaces promise greater security. In addition, Vista’s implementation of IP Security (IPSec) promises to let administrators create more effective security policies and more easily distribute them across the network. We also like the implementation of domain and server isolation in the IPSec model.

Only time — and the efforts of hackers and virus writers — will tell how effective these measures will be.  

In addition to a more secure architecture, however, Microsoft has also added a number of new security-enhancing features that will definitely reduce vulnerabilities.

One of the most effective features is Vista’s context-sensitive User Account Control. In previous versions of Windows, most users could simply log in with administrative privileges to install or configure programs. That meant that if hackers could access your computer, they also would have full administrative privileges.

With User Account Control, however, you can log in as an administrator, but Windows will treat you as an ordinary user until you need administrator privileges. When you try to access something that requires administrator privileges, Vista will prompt you for permission. That’s a simple but effective way to block a remote hacker from causing more serious damage.

Administrators have more new security tools at their disposal in Vista, at least in the Business, Ultimate and Enterprise versions of the operating system. Windows BitLocker drive encryption protects the Windows system volume in the event that someone loses a PC or a thief steals it. Likewise, the new Encrypting File System encrypts files and folders on client computers. 

Finally, Vista provides stronger tools for administrators to enforce policies and audit user access to systems and services. The administrator may, for example, specify that users must have up-to-date antivirus signatures and application patches or the system will deny access.  

Getting the goods to users
Most users won’t care, but system administrators will welcome the new tools Vista provides for deploying the new operating system. The tools will streamline IT management chores  and help minimize the costs of deploying Vista.

For starters, a new Windows Imaging format allows administrators to maintain different deployment configurations in a single file. The images are modular, which makes for easy reconfiguration. Those features could greatly reduce management headaches and save disk space on servers.

The bottom line
We give Vista a thumbs up — at least pending the acid test of attempts by hackers and virus writers to locate and penetrate the operating system’s vulnerabilities.

If your agency or department has a pressing need for greater security, you should move to Vista as soon as possible.


Click here to enlarge the Microsoft Vista score card (.pdf).

chart

 

On the downside for usersThere are a few issues — though surprisingly few — that users may find bothersome about moving to Microsoft’s Windows Vista operating system.

One involves the new User Account Control. It’s one of the strongest security enhancements in Vista, but it requires users to frequently respond to queries from the operating system. Although this measure protects the system against hackers and malware’s unauthorized actions, it can annoy users because of the repeated interruptions.  

Also, although most devices and applications that worked with Windows XP will work well with Vista, some will not. In some cases, the program makes assumptions about administrator privileges on the user’s part, and those assumptions no longer work with Vista’s User Account Control. To ensure that the programs work properly, you may need to change account settings in ways that leave your system vulnerable.

We’ve also experienced problems with the way some applications access files across the network. While using Adobe Dreamweaver on a Vista client, for example, we experienced repeated application crashes when trying to open files on a server. It will take some time before Microsoft and various device manufacturers can track and fix all of those compatibility issues.

The new Vista interface is fun, but users will need time to learn their way around the operating system.

On the downside for administratorsThere are a lot of points on the plus side of the scale for those weighing a move to Microsoft’s Vista operating system. The disadvantages that systems administrators face mostly have to do with dollars.

As operating systems go, Vista — which is priced comparably to earlier versions of Windows — isn’t cheap. And if you already have a system that runs well in your agency or department, the cost of moving to Vista may appear daunting.

Although Vista will run on most systems that can currently run Windows XP, the full experience of the new interface requires a graphics adapter that supports DirectX9 and Desktop Windows Manager (DWM). Vista will run on a graphics adapter that supports only DirectX9, but you won’t be able to get the special effects — transparent Windows and the like — without serious degradation in performance.   

Microsoft says the minimum configuration Vista requires is a modern processor — at least 800 MHz — 512M of system memory and a graphics processor that is DirectX 9-capable. But we found that to be on the low side.

The recommended configuration is a 1 GHz processor, 1G of system memory and a DWM-compatible graphics processor with 128M of graphics memory. We tested the 64-bit version of Vista on an MPC Computers PC with a 3 GHz Pentium 4 processor, 1G of system memory and an ATI Radeon graphics adapter, which supports DWM. 

You must evaluate the capabilities of your systems and, if necessary, be ready to upgrade or buy new ones if you must provide Vista to your users.

Finally, administrators should prepare to spend a fair amount of time training users and help-desk employees. 

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above