Allchin: Buy Vista for the security

By Joris Evers
Posted on ZDNet News: Jan 27, 2006 11:22:00 PM

If new features won't get you to upgrade to Vista, security enhancements should, Windows chief Jim Allchin has urged.

Microsoft has already touted the bells and whistles it is putting into Windows Vista, the operating system successor to XP that's due out by the end of the year. There will be flashy new graphics, a spiffed-up user interface and advanced search features. Other changes include improved touch-screen support and a Windows sidebar that can display all kinds of information such as upcoming appointments, just-in e-mail messages and a clock.

But if none of that strikes your fancy, Vista will still be worth getting, thanks to its better defenses against phishing attacks, spyware and other malicious code, Allchin said.

"Safety and security is the overriding feature that most people will want to have Windows Vista for," the co-president of Microsoft's platform, products and services division said in an interview with CNET News.com. "Even if they are not into home entertainment or in any of the specialty areas, they are just going to feel safer and more secure by using it."

"Safety and security is the overriding feature that most people will want to have Windows Vista for."

--Jim Allchin, group vice president, Microsoft

That said, Allchin maintained there are plenty of new things to try out in Vista, pointing to a chart filled with added features. In particular, he demonstrated a collaboration tool that uses a "People Near Me" feature, which searches over a Wi-Fi connection for other Vista users nearby and then sets up a peer-to-peer network with them. The tool is meant mostly to enable laptop users to share applications and files, among other things.

During the meeting, Microsoft also showed off new parental controls in Vista. These not only limit which Web sites can be visited, but log activity and restrict when and for how long children can be online.

All of these features shipped in the latest preview version of Vista, which Microsoft released in December. "There are literally thousands of features in this product," Allchin said.

But one of the features Microsoft wanted to include was a bit too much for some of its beta testers, the software maker found. It is reversing its plan to add virtual folders that contain all the files that match specific criteria, such as "created by Michelle" or "images," no matter where they are on the PC. Originally, Microsoft wanted virtual folders to replace standard views, which show the physical location of files on a hard disk drive, but it has backpedaled on that decision.

In the next preliminary Vista release, due in the next couple of months, virtual folders will be in the background. "The default view will be the physical storage space, and then you can create virtual folders on top of it," Allchin said. That should make it easier for people to migrate from Windows XP, he added.

The software maker had already scaled back on planned features for Vista, leaving some out so it could meet a ship date in 2006 for the update.

On the security front, Allchin said that Vista should be a significant leap forward, just as Service Pack 2 was a big improvement on the original Windows XP.

A standard Windows XP computer can get hacked the moment it is connected to the Internet, Allchin said. Service Pack 2 significantly increased security, in large part thanks to automatic security updates and a firewall that is enabled by default. Vista will go much further in protecting consumers, he said.

"If we ever find something trying to open a port that the developer said it should not be opening, it is immediately shut down."

--Allchin

Microsoft is following updated development practices to prevent security bugs and is using new approaches to analyze source code, Allchin said. Additionally, the innards of the operating system are being designed to ward off attacks. "We have put features into the product to double-check itself," he said.

As an example of double-checking, Allchin said Microsoft has marked the OS services to know what network ports they should open and what OS functions they should call. Then, another part of the OS verifies the process. "If we ever find something trying to open a port that the developer said it should not be opening, it is immediately shut down," he said.

Additionally, Vista aims to offer improved security by letting people run their PC with fewer privileges, which control how a particular person can interact with the software. In Windows XP most users have "administrator" privileges, which could be abused by malicious software to install itself on a computer. In Windows Vista, the default will likely be "protected administrator," a new privilege level that Microsoft is introducing with Vista, Allchin said.

If the system is set to protected administrator, people will have to change it to full administrator level to perform certain tasks, such as installing an application. The operating system will warn the person when full privileges are needed.

In the upcoming Vista preview, any action that requires full privileges will be displayed with a shield around it, Allchin said.

Vista will also offer a "standard user" mode, which has the fewest privileges. The standard user mode has been improved from Windows XP--people won't have to call IT to change their PC clock, for instance--but it won't allow a user to install applications, for example. Businesses will probably have software users run in this least-privileged mode, Allchin said. Another security change at the operating system level involves Internet Explorer. In Vista, IE 7 will run in protected mode by default, Allchin said. This mode will prevent silent installs of malicious code by stopping the Web browser from writing data anywhere except in a temporary files folder without first seeking permission. "We sandboxed all of IE," he said.

On systems with 64-bit processors, Vista will require digital signatures to run kernel-mode software such as device drivers, Allchin said. This is an attempt to block unwanted software such as rootkits from nestling deep into the PC.

Microsoft also has updated the security software in Windows Vista to help fend off threats. The firewall has been updated and now looks at incoming as well as outgoing traffic--in XP SP 2 only incoming traffic was watched. Also, Microsoft has made its anti-spyware tool, Windows Defender, part of the operating system.

"The first step is protection from doing things inadvertently or warning you about the level of impact it could have," Allchin said. "Then, if you let something in, Defender is there to (warn you) and you can undo it. If the thing gets in and has really done some awful things, using the equivalent of System Restore in Windows XP you can back up time and undo it," he said. Microsoft doesn't yet have a new name for System Restore, he said.

Videos

Microsoft Vista coming your way
Microsoft's Jim Allchin speaks about Vista.

A vista of Vista
CNET News.com's Ina Fried asks Microsoft's Jim Allchin questions from readers.

Does Vista mean business?
CNET News.com gets a look at Vista's office functions.

Other security features in Vista include BitLocker Drive Encryption to protect data on computers when lost or stolen. The encryption feature is designed to work with a chip called the Trusted Platform Module, which offers protected storage of encryption keys, passwords and digital certificates. BitLocker is the one remnant of Microsoft's grand hardware-based security plan originally envisioned for Vista.

For businesses, Vista will offer tighter control over removable storage devices by letting administrators centrally block the installation of, for example, USB (universal serial bus) flash drives and external hard drives. This feature is designed to help prevent intellectual property or sensitive data from being compromised or stolen.

IDC analyst Al Gillen said that Microsoft has taken much-needed steps with the operating system, such as the USB-blocking abilities.

"Those kinds of things are incremental improvements that really were pretty important," Gillen said.

But, like any software, Vista isn't hack-proof. In fact, Microsoft has already had to issue a security update for the operating system. The patch fixed the same vulnerability related to the processing of Windows Meta File (WMF) images found in earlier versions of the operating system. "That torqued me," Allchin said.

Microsoft was in the process of checking the parsing of all kinds of files and hadn't made it down to WMF yet, according to Allchin. "We would have caught it. It was on the list; we didn't get to it" in time, he said.

"At no time am I saying this system is unbreakable," he added. "Security is going to be an issue for the industry in all pieces of software, not just the OS."

SponsoredWhite Papers, Webcasts, and Downloads

Implementing Software RAID on Dell PowerEdge Servers Dell Software RAID is an inexpensive storage method offering fault tolerance ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now

Talkback
Most Recent of 142 Talkback(s)

Thread View
Flat View

Oh Brother is right!: Who wrote that review? Bill Gates (Read the rest); Posted by: billthedj@... Posted on: 01/23/07 You are currently: a Guest | Log in | Terms of Use

Vista IS rock solid... Mike Cox | 01/27/06

You sound like an infomercial Artstar | 01/27/06

I think... TimeBomb | 01/28/06

No, No... you don't understand.... It's Mike Cox shawkins | 01/30/06

Jonathan Swift Lives! jnonneman | 03/17/06

7 Linux User 147560 | 01/27/06

So is viagra if you swallow enough of it. HypnoToad | 01/27/06

landed another Scott W | 01/30/06

that IS right: security in Vista is as UNREAL as in all previous os's wink

nt michael_t | 01/27/06

VIista rock solid - about time Microsoft got got something right??? efreedom | 01/28/06

and another Scott W | 01/30/06

Windows Says This About Every New Product EBathory | 01/28/06

Of course! It's the carrot on the stick LoCal | 01/28/06

8... Nix_0S_Fan | 01/28/06

10 for "...the security is unreal." :-D nt LoCal | 01/28/06

9.8 s_gamgee | 01/29/06

God love us evilmike | 01/29/06

Didn't they ever tell you... bill@... | 01/30/06

Thanks for the tip evilmike | 01/30/06

Windows XP was touted for it's security , I'm Ye, the MS SHILL . | 01/30/06

THEN they wouldn't SUCK Spikey_Mike | 01/30/06

8.5 bill@... | 01/30/06

8.5 Linux_4u! | 01/30/06

The boat is getting full shallow_diver | 01/30/06

8.5 (Well done) shawkins | 01/30/06

I want to know if Mike and his rep "got it on after dinner PaddyOmaddy | 01/30/06

I want to know if Mike and his Rep "got it on" after dinner. PaddyOmaddy | 01/30/06

To Mike Cox LegendsOfBatman | 01/31/06

A man who knows batman that doesn't understand satire. osreinstall | 01/31/06

8.2180

tomg98@... | 07/24/06

That's what they said about XP Moe Szyslak | 01/27/06

They are saying they ain't gona (or can't) fix XP or 2000 DonnieBoy | 01/28/06

Just like "Buy windows 2000 because Win95 crashed all the time" HypnoToad | 01/27/06

Actually... bill@... | 01/30/06

However, it still Yagotta B. Kidding | 01/27/06

George, NonZealot, No_Ax, Anton Richard Flude | 01/27/06

I'm going to BLOW your mind Richard!! NonZealot | 01/27/06

Yum! s_gamgee | 01/29/06

Thnx's NonZealot ... Linux_4u! | 01/30/06

It's par for the course bportlock | 01/28/06

You've just proven your ignorance NonZealot | 01/28/06

Completely different OSes rhavyn | 01/29/06

Yes, different enough NonZealot | 01/30/06

WindowsUtilitySafetyETC mageistere22@... | 01/31/06

I believe his point was Chad_z | 01/30/06

Point by point crushing of your post NonZealot | 01/30/06

Assuming MS copied that technology correctly... which I doubt. HypnoToad | 01/28/06

what the hell toxicfreak | 01/27/06

Vista is go! William_Black | 01/27/06

Oh brother NonZealot | 01/27/06

Oh Brother is right! billthedj@... | 01/23/07

Vista is passe efreedom | 01/28/06

Efreedom I totally agree with you. RicD_ | 01/28/06

1.0 for the *basic* concept +2 for the fish; LoCal | 01/28/06

You do realize that statement... Grayson Peddie | 01/28/06

You work for Cox?? (nt) s_gamgee | 01/29/06

Vista is Gold mageistere22@... | 01/31/06

how You after reinstall the vista??? CannabisQ | 10/27/06

Oh, my god, Windows Vista exceed NSA security kbigley7 | 01/27/06

And the beat goes on... Knorthern Knight | 01/27/06

Vista for Security xyz10_z | 01/27/06

Security? BS! ITTech001 | 01/27/06

But then what would be the "compeling" reason to switch michael_t | 01/27/06

The Carrot on the Stick LoCal | 01/28/06

Great new features tombalablomba | 01/28/06

Head explodes Yagotta B. Kidding | 01/28/06

Strangely tombalablomba | 01/28/06

Good post NonZealot | 01/28/06

Unfortunately the last time tombalablomba | 01/29/06

Micropoly... Nix_0S_Fan | 01/28/06

Microsoft needs to be bombed.. Jeff Spicoli | 01/28/06

Glad someone spoke. s_gamgee | 01/29/06

Last time I trusted Allchin's word on MS products mobrien_12@... | 01/28/06

great CobraA1 | 01/28/06

First of all, buuuuuuuwaaaaaahahahahah at... Nix_0S_Fan | 01/28/06

Off topic bold truth...check it out... Nix_0S_Fan | 01/28/06

Have you ever posted on topic? No_Ax_to_Grind | 01/28/06

Your pro... Nix_0S_Fan | 01/28/06

No! Grayson Peddie | 01/28/06

Stay out of this Grayson... Nix_0S_Fan | 01/28/06

Message has been deleted. Jeff Spicoli | 01/28/06

Stay in, stay out mageistere22@... | 01/31/06

Excellent paragraph #### SouthernPride | 01/29/06

Fix XP TimeBomb | 01/28/06

indeed zijiang | 01/28/06

How long should they keep supporting the old? csa0307 | 01/30/06

Well, maybe I will buy Vista... as any patriot would support his country. HypnoToad | 01/28/06

Re: Well, maybe I will buy Vista... as any patriot Nix_0S_Fan | 01/28/06

I am still using win2k too JasonL31 | 01/28/06

You don't have to buy a laptop with Windows on it... Linux User 147560 | 01/30/06

Preferences, Linux and Unix and Solaris and Mac mageistere22@... | 01/31/06

Security via Bandaids ??? No_Ax_to_Grind | 01/28/06

And mark my words... Nix_0S_Fan | 01/28/06

Actually CobraA1 | 01/28/06

Unfortunately no.. No_Ax_to_Grind | 01/28/06

Fortunately, yes balsover | 01/28/06

Trust me,,, No_Ax_to_Grind | 01/28/06

Perhaps that are not that smart balsover | 01/28/06

So they are hiring yoiu as the head of R&D then... No_Ax_to_Grind | 01/29/06

Out of step Yagotta B. Kidding | 01/30/06

There's nothing simple about it. CobraA1 | 01/29/06

How about launching Win32 but it cannot go onto the WAN. osreinstall | 01/28/06

name one (nt) CobraA1 | 01/29/06

Is there something you know that the people at Microsoft don't? B.O.F.H. | 01/29/06

Let me help ya little one... No_Ax_to_Grind | 01/29/06

Did someone tell you that you were smart? B.O.F.H. | 01/29/06

You... Nix_0S_Fan | 01/29/06

Wow Unemployed IT Guy | 01/30/06

Yur txts 31jan06 mageistere22@... | 01/31/06

VM-based security? Robert Crocker | 01/28/06

More like... Spikey_Mike | 01/30/06

Ain't gonna happen Yagotta B. Kidding | 01/30/06

Oh my f/n girdle! sixit | 02/09/06

what about privacy? JasonL31 | 01/28/06

Wasn't Allchin supposed to be retiring? balsover | 01/28/06

Phunnie nalyd357 | 01/28/06

Loverock and Crybaby_Has_Ax_to_Grind are... Nix_0S_Fan | 01/28/06

N.W.O.R. No_Ax_to_Grind | 01/29/06

You just proved your hypocrisy again... Nix_0S_Fan | 01/29/06

Still N.W.O.R. No_Ax_to_Grind | 01/29/06

What would explain your blatant anti-microsoft stance then zmud | 01/30/06

FORGET "VISTA"!!! GO OSX!!! Jeff Spicoli | 01/28/06

wait for the media centre intel mac mini hipparchus2001 | 01/29/06

Dont be decieved Anthony S. | 01/29/06

THIS JUST IN: Microsoft is so worried about iPod... Nix_0S_Fan | 01/29/06

The above story is real, I saw it on my local news... Nix_0S_Fan | 01/29/06

Typo correction: should be "buy an Apple computer"... Nix_0S_Fan | 01/29/06

why microsoft is so worried: hipparchus2001 | 01/29/06

I'll probably get it preinstalled when I get the next laptop in 3 years hipparchus2001 | 01/29/06

Machts nichts Yagotta B. Kidding | 01/30/06

but why get a high end pc with good hi def video and 3d? hipparchus2001 | 01/30/06

Vista Sales based on Security = ZERO sales realitycheck101 | 01/29/06

Bad marketing. johnsmith222 | 01/30/06

Better security? tero_t_vaananen@... | 01/30/06

Buy Vista for security ? realitycheck101 | 01/30/06

Crybaby_Has_Ax_to_Grind & Loverock work for ZDNet AND... Nix_0S_Fan | 01/30/06

mafia tactics ecbpro | 01/30/06

version 5.2 or 6.0 Spikey_Mike | 01/30/06

You get to BUY your antivirus protection Chad_z | 01/30/06

Vista Promises are worrying me. mageistere22@... | 01/31/06

Don't Jump The Gun with Vista inverted_2000 | 12/12/06

What do you think?

White Papers, Webcasts, and Downloads

Implementing Software RAID on Dell PowerEdge Servers Dell Software RAID is an inexpensive storage method offering fault tolerance ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
Can your business work smarter? Learn more about Lotus Symphony
Learn how to work smarter and optimize cost using the IBM Smart SOA approach Download the eBook
Smarter ways to make smarter products Read the brief from IBM

Allchin: Buy Vista for the security

SponsoredWhite Papers, Webcasts, and Downloads

What do you think?

White Papers, Webcasts, and Downloads

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads