While the IC’s research organization looks into adding security to cloud environments, in the here and now, intelligence agencies are sharing more data.
Is Vista really that bad? While researching this article I googled Windows Vista, searching for positive feedback, but it was surprisingly hard to find. Unanimously written off by the end-user community — and even by some IT pros, apparently — it’s hard to believe that an operating system that offers so many advantages for enterprise IT is so unloved.
Many enterprises held back on deploying Vista because of performance concerns, application compatibility and value. But the bottom line is, Vista is better suited to large organizations than any previous version of Microsoft Windows — even without advances in the soon-to-be-released Service Pack 2, improved third-party drivers and a superior foundation.
Problems with device compatibility caused many of the initial woes. Drivers from well-known hardware manufacturers were either unavailable or poorly written, resulting in performance and stability problems.
Since Vista’s launch, this situation has changed dramatically; high-quality drivers now exist for most recently purchased hardware. As of June 2008, Vista supported 79,000 devices — 47,000 more than when first released. Testing drivers is crucial for successful deployment.
In Vista SP1, Microsoft reduced the number of User Account Control (UAC) prompts when creating new folders in protected locations and added a new Group Policy setting for disabling the secure desktop when UAC prompts for elevation. All the components that make up UAC — including the ActiveX Installer Service, file and registry virtualization and IE Protected Mode — can be customized using Group Policy.
Also in SP1, the BitLocker utility can encrypt volumes other than the system drive. Microsoft also added support for the Secure Socket Tunneling Protocol (SSTP), which works with Windows Server 2008 to provide users with reliable remote access using HTTPS.
Vista SP2 improves on the standard power-saving profiles, with energy savings up to 10 percent greater than SP1. This will definitely be of interest to organizations with many notebook users and when implementing green initiatives, as SP2 also applies to Server 2008.
Other notable additions in SP2 include the Feature Pack for Wireless, providing support for Bluetooth 2.1 and Windows Connect Now updates. Windows Search has been upgraded to Version 4.0, which includes indexing of encrypted documents, extended Group Policy support and improved performance.
Since its release, an additional 200 enterprise applications have been deemed compatible with Vista, and further improvements are due in SP2. Even with all these gains, Vista introduced many architectural changes to the security model, driver framework and graphics engine, so there still may be compatibility problems with some applications. But the Application Compatibility Toolkit (ACT) can help resolve problems that the IT shop might encounter.
Microsoft Enterprise Desktop Virtualization (MED-V), a new component of Microsoft’s Desktop Optimization Pack, works in concert with Virtual PC to run applications in a normal program window as opposed to presenting a complete virtualized XP desktop. MED-V can be used for apps that are not compatible with Vista or when there isn’t time for comprehensive testing. MED-V also includes the ability to deploy and manage virtual images in a client/server architecture.
Vista was the first OS developed using Microsoft’s Secure Development Lifecycle. All 1,400 parts of the componentized OS underwent threat analysis during development. In conjunction with new security features, such as UAC, Vista has proved significantly more secure than XP. During Vista’s first year, 36 vulnerabilities were patched, compared to 68 for XP. Microsoft’s latest Security Intelligence Report (SIRv6) shows that, between July and December 2008, Vista SP1 suffered roughly 60 percent fewer malware infections than XP SP3.
Internet browsers continue to be one of the main entry points for malware. SIRv6 shows that, under Vista, Microsoft software endured 35 percent fewer attacks than software running under XP, suggesting that improvements in Vista have made it harder for hackers to compromise the OS and Internet Explorer, thereby shifting their attention to third-party software.
Vista is more consistent and reliable than XP, with automated background tasks to aid performance and troubleshooting, the ability to collect event-log data and built-in Windows Defender. Reliability and performance monitoring tools are great for troubleshooting problems caused by unwanted system changes. The new Task Scheduler can automate repetitive tasks with more granular control than was previously possible. An extra 700 Group Policy settings, including restricting access to removable hard drives, give systems administrators better control.
New to Vista are component-based servicing, which provides more reliable patching, and deployment features including hardware abstraction layer independence, making the OS easier to deploy and maintain.
Vista’s Backup and Restore Center uses a simple user interface to encourage small organizations and end users to back up their data on a regular basis. Complete PC Backup can create complete disk images. The Previous Versions feature lets users restore old versions of files from the desktop without calling the help desk.