Vista Took One for the Team

I’m coming to the belief that Windows 7 is basically Vista 1.5 – a notably upgraded, but not substantially different, product. But the passage of time and “work” done by Vista has freed Windows 7 from the disrepute of its predecessor.

My sense of the complaints about Vista is that the two biggest ones had to do with UAC (User Access Control) and lack of support for devices. Microsoft compromised some on UAC in Win7 (that compromise led to some controversies-I think they caved in to bad PR, they see it differently) but the basic principle of UAC in Windows 7 is the same.

The real problem that UAC tries to solve is when third-party software requires privileged access. In almost all cases, there are ways to do what the software needs to do without requiring privileged access or, in the alternative, segregating the privileged components into a service and communicating securely with it. This is, for instance, how Automatic Updates works on your system without requiring you to provide administrator credentials.

People at Microsoft have told me that the main point of UAC was to nag ISVs (independent software vendors) into making their software more secure by complying with these designs. More than two years after the release of Vista a lot of this has happened. Consider Andrew Garcia’s observation of his own last week of Vista use: six UAC prompts, all when he intentionally upgraded software. My own experience is similar. I run as a standard user and I appreciate the prompts and there aren’t a whole lot of them.

Same with device drivers. New versions of Windows usually bring changes in device support which themselves bring about a period of unpleasantness, during which some devices work badly, or not at all. Users are nervous about whether vendors will update the drivers for their old devices for the new OS. I remember HP refused to issue Vista drivers for many-an-old printer. For shame!

But many vendors did update their drivers, and devices sold since Vista came out are highly likely to have Vista drivers. This is less of a problem than it used to be, and therefore it will be less of a problem for Windows 7. Microsoft has said that Windows 7 will not change the Vista device driver model. Drivers that work on Vista should work unmodified in Windows 7. That’s not an absolute guarantee, since device drivers can do just about anything, including things which are OS version-specific; but any well-behaved Vista device driver should work in Windows 7. Therefore, when Windows 7 hits the scene it will enter a hardware environment in which it has broad support.

You can make an argument that Win7’s UAC is better than Vista’s, but the real changes have come from ISV adoption of techniques which don’t invoke UAC. In this instance, and with respect to device drivers, it’s not that there’s anything better about Vista, it’s just that Win7 has come after Vista (and Vista users) did the heavy lifting. In a way, if Win7 ends up well-received, it’s a vindication of Vista after all.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s blog Cheap Hack.