Security Vista is certainly the most security-conscious Windows release to date, and the first Windows client to ship in the wake of Microsoft's much-heralded Trustworthy Computing initiative. Vista's security story begins with the systems new UAC feature, which encourages IT organizations to turn from the too-common practice of configuring regular users accounts with administrative permission.
Running regular users with admin rights is certainly more convenient, but doing so places in users' hands the power to modify fundamentally-and, in many cases, imperceptibly-the systems on which they run. Previous versions of Windows did a lousy job of enabling appropriate user rights. Vista changes things by expanding the sorts of operations that regular users can carry out, by making clear which operations require admin rights and by bringing up an authentication prompt when users attempt to perform an operation that requires elevated rights. For more on Vista's new security features, click here. One of the most interesting aspects of UAC is that users with administrative rights actually run as standard users and must click "allow" in the pop-up authentication dialog to carry out operations with admin rights. In this way, organizations that wish to grant users full control over their systems can still ratchet up the protection for these users. In some cases, we encountered operations that did not bring up a prompt where required, but we could typically right-click on commands to run them as administrator where Vista failed to prompt us automatically. We also encountered strange performance issues while running a test version of the Thunderbird mail client. We attempted to use Thunderbird's built-in update facility to update our installation, but the update wouldn't take. We then ran Thunderbird as an administrator via right-click, as we've described, and the update worked. After that, however, Thunderbird triggered a UAC prompt each time we launched it. There's a compatibility option within Vista for running applications automatically as administrator, but we had not enabled it for Thunderbird. While we've had mostly smooth sailing with UAC in our tests, we expect to see error situations like these surface while Microsoft and application developers work out hidden kinks.
Along similar lines, individual services in Vista run under accounts with rights profiles that have been tailored to their needs, rather than running as all-powerful system users. This rights-tailoring should help limit the damage that these services can do to a system in the event that they become subverted.
Internet Explorer 7, itself a common target for subversion, runs under Vista in a "protected mode," in which the operations that IE is allowed to carry out and the file locations to which IE is allowed to write are tightly constrained.
The version of IE 7 included with Vista has a few capabilities that arent found in the version that runs on Windows XP. Click here to read more.
We'd like to see Microsoft provide facilities through which IT administrators could similarly sandbox any application of their choosing.
Vista also ships with built-in spyware detection software, the aforementioned Windows Defender and a new firewall that filters outgoing traffic in addition to the incoming traffic that the XP SP2 firewall filtered.
Next Page: Diagnostics.