Allchin: Buy Vista for the security

If new features won't get you to upgrade to Vista, security enhancements should, Windows chief Jim Allchin has urged.

Microsoft has already touted the bells and whistles it is putting into Windows Vista, the operating system successor to XP that's due out by the end of the year. There will be flashy new graphics, a spiffed-up user interface and advanced search features. Other changes include improved touch-screen support and a Windows sidebar that can display all kinds of information such as upcoming appointments, just-in e-mail messages and a clock.

But if none of that strikes your fancy, Vista will still be worth getting, thanks to its better defenses against phishing attacks, spyware and other malicious code, Allchin said.

"Safety and security is the overriding feature that most people will want to have Windows Vista for," the co-president of Microsoft's platform, products and services division said in an interview with CNET News.com. "Even if they are not into home entertainment or in any of the specialty areas, they are just going to feel safer and more secure by using it."

"Safety and security is the overriding feature that most people will want to have Windows Vista for."

--Jim Allchin, group vice president, Microsoft

That said, Allchin maintained there are plenty of new things to try out in Vista, pointing to a chart filled with added features. In particular, he demonstrated a collaboration tool that uses a "People Near Me" feature, which searches over a Wi-Fi connection for other Vista users nearby and then sets up a peer-to-peer network with them. The tool is meant mostly to enable laptop users to share applications and files, among other things.

During the meeting, Microsoft also showed off new parental controls in Vista. These not only limit which Web sites can be visited, but log activity and restrict when and for how long children can be online.

All of these features shipped in the latest preview version of Vista, which Microsoft released in December. "There are literally thousands of features in this product," Allchin said.

But one of the features Microsoft wanted to include was a bit too much for some of its beta testers, the software maker found. It is reversing its plan to add virtual folders that contain all the files that match specific criteria, such as "created by Michelle" or "images," no matter where they are on the PC. Originally, Microsoft wanted virtual folders to replace standard views, which show the physical location of files on a hard disk drive, but it has backpedaled on that decision.

In the next preliminary Vista release, due in the next couple of months, virtual folders will be in the background. "The default view will be the physical storage space, and then you can create virtual folders on top of it," Allchin said. That should make it easier for people to migrate from Windows XP, he added.

The software maker had already scaled back on planned features for Vista, leaving some out so it could meet a ship date in 2006 for the update.

On the security front, Allchin said that Vista should be a significant leap forward, just as Service Pack 2 was a big improvement on the original Windows XP.

A standard Windows XP computer can get hacked the moment it is connected to the Internet, Allchin said. Service Pack 2 significantly increased security, in large part thanks to automatic security updates and a firewall that is enabled by default. Vista will go much further in protecting consumers, he said.

"If we ever find something trying to open a port that the developer said it should not be opening, it is immediately shut down."

--Allchin

Microsoft is following updated development practices to prevent security bugs and is using new approaches to analyze source code, Allchin said. Additionally, the innards of the operating system are being designed to ward off attacks. "We have put features into the product to double-check itself," he said.

As an example of double-checking, Allchin said Microsoft has marked the OS services to know what network ports they should open and what OS functions they should call. Then, another part of the OS verifies the process. "If we ever find something trying to open a port that the developer said it should not be opening, it is immediately shut down," he said.

Additionally, Vista aims to offer improved security by letting people run their PC with fewer privileges, which control how a particular person can interact with the software. In Windows XP most users have "administrator" privileges, which could be abused by malicious software to install itself on a computer. In Windows Vista, the default will likely be "protected administrator," a new privilege level that Microsoft is introducing with Vista, Allchin said.

If the system is set to protected administrator, people will have to change it to full administrator level to perform certain tasks, such as installing an application. The operating system will warn the person when full privileges are needed.

In the upcoming Vista preview, any action that requires full privileges will be displayed with a shield around it, Allchin said.

Vista will also offer a "standard user" mode, which has the fewest privileges. The standard user mode has been improved from Windows XP--people won't have to call IT to change their PC clock, for instance--but it won't allow a user to install applications, for example. Businesses will probably have software users run in this least-privileged mode, Allchin said.

[hetzbh]

Yeah, Right...

Buy Vista!<br /><br />But before you buy, replace your PC, your graphics card, buy a new notebook..<br />Compatibility? Well.. some will work, most of them won't, upgrade your software..<br />Security.. haven't we heard the same song with XP SP2?<br />Hardware compatibility... some work, some will not. Your DVD-ROM is not fully RPC2? won't work. Your codecs are unsigned? no go..<br /><br />Yeah, sure, buy Vista.. AstaLaVista for your money!

[GrandpaN1947]

Underground XP next

If all we hear about this DRM Vista stuff is true, there just might end up being an XP underground. Or a big push for Linnux.

[bobby_brady]

Vista, infested with DRM

Why would I want to buy Vista, that is bloated with DRM, and, well, we know Microsofts track record with security.

[GrandpaN1947]

Hey, you deat me to this one

That was my comment. Why don't they call it like it is, "Windows DRM" and leave the phoney Vista part off. I'll take an insecure PC that does something to a "secure" PC that can't do crap, any time.

[Jonathan]

Umm you do realize that XP has DRM as well...

Right? And if you are talking about HDCP you can bet your *** that 10.5 Leopard will have it as well (If not you can kiss Hollywood's support for HD in OS X goodbye.) and while XP doesn't have it only means XP won't be able to view HDCP content. There has been a lot of FUD being thrown around about Vista. Some of it legit. Some of it not so much. This falls into the latter category.

[someguy389]

DRM is here to stay

Media standards that don't include some sort of DRM are going to be an increasingly hard sell in the industry. Content providers just aren't willing to adopt formats that don't include it. We can hope that in the future the technology will improve, becoming less of an irritant to the legal customer. I think we have to remember that with the current crop of DRM solutions we are still in the relative infancy of the technologies application to consumer products. <br /><br />Windows or not we will have a hard time freeing ourselves from content control. New media formats will require it, end of story. Unless you'd rather skip multimedia altogether, you're probably going to have to accept a little rights managment.

[MrDennmann]

Just think, it might, possibly be as good as OSX someday

People near me? isn't this called Bonjour?<br />Root disabled by default?<br />metadata search?<br />These, I already have. Malware free and liking it.<br /><br />Built on a Mac.

[NRecob]

another mac turd

if mac is so great, WHY are you wasting your time here trolling for people to "convert"?<br /><br />Idiot.

[FlashFreeze]

Message has been deleted.

Built on a Mac

It's odd that you'd say "built on a mac", considering Apple has basically conceded that it's better to be built on a 21st century X86 compatible PC. A PC that is slightly upgraded from the Compaq Presario X1000 notebook that I purchased back in 2003. Pentium M? Yes. ATI graphics? Yes. USB 2.0? Yes. ATA hard drive? Yes.<br /><br />Just think, OS X might possibly be as good as Windows XP and Vista someday, because Apple could get off its increasingly transparent high horse and sell me an operating system that will run on my existing hardware (like XP, like Vista). Windows NT and 2000 had hardware compatibility lists. It's not as if it's an impossible task to capture 50-75% of the existing hardware market based on support of NVIDIA/ATI/INTEL 8xx+ chipsets.<br /><br />*scoff* Yeah, right. It'll never happen.<br /><br />Mac OS X is like great Chinese literature. If you're fluent in Chinese, then kudos to you, but if you won't provide a translation for the rest of us, then it may as well not exist.

[Maccess]

As Good as OS X? Preview Vista's features here!

<a class="jive-link-external" href="http://tauquil.com/archives/2006/01/06/re-introducing-the-real-windows-vista/" target="_newWindow">http://tauquil.com/archives/2006/01/06/re-introducing-the-real-windows-vista/</a>

[MrDennmann]

"we know XP was crap, so please buy Vista, It's not so crappy"

Isn't this what their saying?<br />Linux has matured into a fantastic system for people to use. It's <br />DRM/spyware/virus free.<br />Or, go with a Mac, and get the best features in Vista NOW, and lose <br />all the problems with Vista.

[Thrudheim]

Here because

it is fun to read Microsoft officials talk about all the "innovative" <br />things they are bringing in Vista and comparing it to what we <br />already have, and have had for quite some time, in Mac OS X.<br /><br />For example, the article says Microsoft is "introducing" the <br />protected administrator privilege level. That sort of thing has <br />been around for a long time in other operating systems. And, <br />yes, I know XP has non-admin users, but there are lots of <br />problems with programs not running properly.<br /><br />People love to say that the Mac OS has security through <br />obscurity. Although small market share is no doubt helpful, Mac <br />OS X has been using "protected administrator" privileges for <br />years. If Microsoft is now touting this feature as being a big <br />security boost for Windows, then other operating systems that <br />have it already should be recognized for having superior security <br />architecture now.

[Mendz]

RE: "we know XP was crap, so please buy Vista, it's not so crappy"

Good summary of the interview. The essence is really captured there. :)

[DoohanOK]

Linux virus free? I think not.

And until tools like Macromedia Studio 8 and MS SQL Server 2005 are on Linux will never bother. Not to mention Delta Force: Xtreme!

[Seaspray0]

Linux even worse crap for idiots

On the contrary, XP isn't crap. It offers ease of use that isn't found in any other OS. If you want to say XP is the choice for idiots, then I will agree with you, but not how you would think. If I was to recommend an operating system for someone who knew nothing about computers, it would be XP since it is simple to set up and very easy to use. No other operating system provides a system that is as functional. Turn an idiot loose with Linux and the operating system won't even get installed in most cases. Even if the idiot managed to get the OS installed, he/she would be lost when it came to installing software or even understanding what the heck "root" is. It is not really designed for idiots. In that respect, it is by no means a "fantastic system for people to use." Up until the early 80's almost nobody had a computer in their house. Many still do not. Most people were born and grew up without them. Even today, most people only know how to do basic functions with computers and their operating system of choice is one that is designed to be the best for them... windows.<br /><br />You want to use linux? Fine. I'm not going to tell you it's crappy. But you can show me the same respect. I am so tired of hearing linux users badmouth everything but their choice. It's getting old. <br /><br />Why don't you do something novel like tell us what nice features linux has, how easy it is to do what you want to do, how simple it is to set up and load drivers. Tell us the wide selection of software available and how easy it is to install and configure. WHY DON'T YOU!?!?

[Terry Murphy]

Microsoft is funny

Buy Vista for "security???" <br /><br />That's like automobile manufacturer whose cars consistently have <br />the worst crash results year after year saying buy their latest model <br />- for "safety!"<br /><br />lol

[pjianwei]

Hey Bill quit!

Put yr MS shares into yr foundation. Appoint Torvalds as chief technological engineer, Jobs as chairman *** sales man. The world will in 1 stoke become paradise, heavenly. No more problems.<br />B4 u retire pls buy all the media companies so that they provide free music, movies, tv shows and softwares. That solves DRM issues. <br />perhap one day then people will put u in e leagues of Marx and Lenin. Imagine in 2100 people worshipping William H. Gates III and Gatesism.

[n3td3v]

News Just In / News Flash / Reality Check

Hackers in the underground already have found vulnerabilities for Vista, but are waiting for the official launch of the software before they stick the knife in. <br /><br />Enjoy your Vista Honeymoon period, it ain't gonna last. <br /><br />This article is aimed at the gullible and unsavvy web users, who are out of touch with the reality of software security. <br /><br />Please don't let this guy give you a false sense of security, purely based on words, than factual information on how secure the new Vista really is.<br /><br />Good day.

[Jonathan]

Maybe you should have done this when you updated NT to 2K

Buy no. Pirate yes. I don't buy an OS for a feature that should have been there 6 freaking years ago. When Microsoft revamped NT and started its consolidation efforts into one OS base it should have started this process then. <br />Instead Billy Boy has to get bit in the *** with 2K and XP security holes from heck to the extent that an e-mail "mandate" needs to be put out to the company that security comes first. Well duh. I'm not spending 3 figures on a software package just because MS got a clue late in the game. FU Microsoft.

[cagerattler]

Allchin, then and now

Well, CNET interviewed the same guy back in 2001 when XP came out ( <a class="jive-link-external" href="http://news.com.com/2008-1082-272357.html" target="_newWindow">http://news.com.com/2008-1082-272357.html</a> ).<br /><br />Maybe it's just me, but read the earlier interview and now this one, and let me know what you think.<br /><br />When I re-read that interview, and now this current one, I get that "AMWAY" feeling. You know, like I should put my teflon suit on or something so nothing will stick.<br /><br />On a positive note, I'm glad he stopped using terms like "super-happy" and "super-hard-core." <br /><br />Buying the VistaOS for security purposes when it also allows "People near me" to share app's and doc's? Excuse me? <br /><br />Microsoft will never solve the security issues because they're a target, and their culture invites people to target them. <br /><br />Security issues are always going to be an issue with a Microsoft OS. Even IF they eventually did solve the issues, could you ever completely trust that they did?

[scdecade]

Share files with unauthenticated but always friendly internet users?

&gt;&gt;&gt;Buying the VistaOS for security purposes when it also allows "People near me" to share app's and doc's? Excuse me?&gt;&gt;&gt;<br /><br />Hahaha! I thought the exact same thing. Meet the new OS same as the old OS.

[pythonhacker]

That is for Vienna

&gt;&gt; Buying the VistaOS for security purposes when it &gt;&gt; also allows "People near me" to share app's and &gt;&gt; doc's? Excuse me? <br />Wow! what a nice back-door for hackers! I am sure they will have a lot of fun with this one when Vista is out.<br /><br />Perhaps it was put their purposely by Microsoft marketing machine so that they could advertise for Vienna in the same way.<br /><br />"Yeah, I know that Windows Vista was slightly crappy with that PC sharing feature and all, but we have super-security in Vienna!"<br /><br />Hey, that is the way Microsoft do their business. <br />Put enough holes around so that they can be patched up in the next "Super OS - &lt;put some name here&gt;".

[Maccess]

It's here! Finally! Secure Windows! Great! Fantastic!

Oh! That's great! Windows is going to be secure!<br /><br />Wait, when did we hear that before? <br /><br />Oh, right, when we had Windows 95, <br />then when we had Windows NT,<br />then Windows 98, <br />then Windows 98 Second Edition,<br />then Windows Millenium, which can't really be used anymore if you need to run any decent software, then we heard it again with <br />Windows 2000,<br />then Windows XP. Got the Home version? Get the Pro version at twice the price for even greater security.<br /><br />The story of "improved, enhanced" Windows Security is getting old, Jim. <br /><br />Tell us more about your forthcoming retirement. <br /><br />Tell us what you'll be doing when your company launches Windows Vienna (the successor to Vista), which will be "even more than secure."<br /><br />What will you be using then, Jim? A Mac or Linux box to make sure your memoirs aren't obliterated by the next piece of malware charging through all those secure Windows boxes?

[themonkman]

Buy Vista for Security? Thats what we bought XP for

It looks like the mental midgets over at Microsoft are yet again trying to make fools out of all of it's users. Vista will be just more of the same; buggy and rushed production cycles, more critical security vulnerabilities that you can count on the combined fingers of an entire kindergarten class, and an entirely new false sense of security via obscurity. <br /><br />They figured by building the OS from the ground up that it would take crackers years to find new exploits to harass Vista users with. Oooh, but wait...look at all the shiny GUI's. We'll be too busy drooling that we'll never notice the next zero-day exploit that blasts Vista a new one.<br /><br />Look people. It's like politics. It's never going to change until the very roots of Microsoft changes. All the so called security that Windows users had been waiting for should've been there with Windows 2000, Windows XP, and 2003 Server. How long do you have to wait until the core mechanics of an OS are made responsibly? Why did we have to wait until now to finally rip Windows worst security liability (Internet Explorer) from being an integrated part of the OS? Why couldn't Microsoft fix all the exploits that spyware uses to install itself on your box with ninja like stealth? Why did you have to wait until now, or so Microsoft says? <br /><br />It's a simple answer. It's so they could make you buy into their new OS to make you "feel more secure". Notice that word, "feel". It doesn't say you WILL be more secure, just that you'll have the delusion of security. The delusion is what keeps the bankrolls at Microsoft fat and happy. It almost makes me smile everytime that delusion is shattered in headlines about an exploit that Microsoft new about all the way back with Windows 98 (WMF exploit), but never chose to patch.<br /><br />So, right now you must ask yourself several questions. Do you want to upgrade you OS to Vista that doesn't really promise more security (like Microsoft's ever been good on promises anyways), be restricted by DRM (Digital Rights Management) restrictions that could potentially control every aspect of how you manage your data ans systems with near Gestapo like abilities, and pay top dollar for it, too?<br /><br />There are many other OS solutions that will offer you the security, software, support, and community that actually cares about making good and usable software without limiting what you can do. There are other solutions that aren't driven by greed, propoganda machines. The good thing is that most of the software I speak about won't cost you a single dime, and it's legal.<br /><br />Sincerely,<br /><br />A Happy SuSE 10 Linux User<br />(and yes, it was actually easier to setup than Windows)

[Mendz]

Touchy...

I'm glad you're happy... :)

[paulsecic]

SECURITY????????????????????????????????????????????

Leo LaPorte the computer expert says Vista is a huge Service pack &#38; avoid it.

[Seaspray0]

Finally, a linux user with class

Mr Rogers, I compliment you on a well written response. You are the first Linux use I've seen who doesn't simply state "windoze sux". I agree with the security issues you mention. Microsoft in the past has been way too concerned with providing "features" that would allow unrestricted interaction with the internet without considering someone may use it for malicious purposes. Microsoft has also paid more attention to optimizing code for speed over security in the way it has handled stacks which has led to exploits that overflow the stack buffer. They've also designed the OS in such a modular fashion that has led to bloated code and an OS that takes up memory and hard drive space like no other. I will give Microsoft credit for recognizing they do have a security problem and that memo mandates they put security at the top. They have made alot of progress... and like you, I'd like to see the OS rebuilt from top to bottom with security and no bugs. That'll be the same day I stop receiving spam, right? Seriously, I doubt it'll be perfect as we all are human, but I am hoping.

[Mendz]

I like the fact that...

Microsoft learns from the other OSes, copies the good ones and markets the copied features as something new. For the sake of Windows customers... of course they're new.<br /><br />What do you expect? For Allchin to admit that they copied this from Linux and this from OS X? And for the sake of marketing, why even mention the competition in an interview?<br /><br />Some Microsoft articles did admit copying some security concepts from Linux/Unix for Vista. But there's no Microsoft article admitting they copied something from OS X. Who cares? It's obvious in Vista anyway... And I like them!<br /><br />:D

[cagerattler]

You really really like them?

You like them (the new features). OK.<br /><br />Have you really tried them yet? Are you a beta tester of the Vista OS? <br /><br />You know, it all sounds well and good, but we're really not going to be able to have an informed opinion on the Vista OS until we've actually used it.<br /><br />I use both OS' - XP and OSX. If I do upgrade to Vista, and if those Vista features don't work as efficiently as they do in OSX, I'm going to be frustrated everytime I use my PC.

[thebignoticeboard.com]

thebignoticeboard.com

you'd buy norton for the security. you should buy an operating <br />system for the whole package. in a word... tiger

[schubb]

Actually I did...

I bought it(and will most likely buy the next one) so that I could run the software I want. That removed Tiger from the running. It works for your needs, great, it doesn't work for mine.

[wbenton]

Let's review Microsoft's Security Track Record

Two years ago, Steve Balmer stood up in front of the world and boasted that Microsoft would improve security in their products. We've all seen the results of that farce.<br /><br />This is just the next Microsoft Brain Fart.<br /><br />You want security... DON'T CHOOSE Microsoft!!!<br /><br />Linux is much more robust and secure and they patch it a lot quicker too!<br /><br />I can't stand Macs, but hey... I'd still recommend them over Vista!<br /><br />Walt

[Bridger]

You've got that right.

I was sick of running spyware and virus scans every day, and also sick of clicking "Accept" on the firewall I had installed. Switch to Linux. Built in firewall (mine is guarddog) and virus scan (mine is clamwin), and you will never have to scan for spyware again. For beginners, may I reccomend SimplyMepis, or Ubuntu?<br /><br />(Sorry, I kept clicking submit under the wrong categories, this has got to be the fourth one of these comments. This is where I meant to put it)

[rcrusoe]

Vista has to prove it is secure

And that will take some time. Last year, if memory serves, Window <br />users were vulnerable all but six days. When Vista users can say <br />they have gone at least six months without a critical vulnerability <br />then MS will have some reason to say that Vista is more secure than <br />XP.<br /><br />But, IMO, when that day comes Microsoft will have to compete with <br />headlines like H*ll Freezes Over, and Pig's Fly.

[Bridger]

You've got that right.

I was sick of running spyware and virus scans every day, and also sick of clicking "Accept" on the firewall I had installed. Switch to Linux. Built in firewall (mine is guarddog) and virus scan (mine is clamwin), and you will never have to scan for spyware again. For beginners, may I reccomend SimplyMepis, or Ubuntu?

[Llib Setag]

RDF is alive & well in Jurassic Park

WOW! People think Steve Jobs has a Reality Distortion Field (RDF) <br />around him about future technologies...<br />Jim, Dude, get a clue....Microsloth "Security" is an oxymoron.<br /><br />When oh when will Billy "Bob" get his act together &#38; throw in the <br />towel.<br />Citizen Gates &#38; Big Brother Ballmer need to RETIRE like Paul <br />Seahawk Allen did years ago &#38; move on with their life.<br /><br />DOJ was right when they wanted to break MS into three <br />companies, that would made them agile &#38; competitive to solve <br />their technology &#38; legal problem &#38; actually BE INNOVATIVE. <br />Instead of endless beta programs sold as real program &#38; all of <br />us are their security holes &#38; virus riddled guinea pigs...<br /><br />Vista = Microsith's Last Hope.

[aabcdefghij987654321]

This is an early April Fools joke, right?

It is always fun to watch the MS clowns calls MS products secure.

Windows security

You want security with Windows? Shut the PC off.

[pythonhacker]

Windows CEMENT

The most secure Windows OS ever designed is not Vista! This was the legacy "Windows CEMENT" which sadly never made it out of the Microsoft labs!<br /><br />Windows CEMENT promised solid security like a block of cement - unbreakable. Its looks were made to adorn your sitting room- but it could not be switched on!<br /><br />Windows CE + ME + NT = Windows CEMENT, Rock Solid.

[Rangebz]

any more 15 year old bugs?

I am not 100% sure about this but didn't MS have to remove the metafile vunerabillity from vista when it was discovered last month? If they copied that 15 year old security vunerabillity how can they be so sure they haven't copied across all the other bugs?<br /><br />Oh and is it just me or that "people near me" feature looks like a major security problem waiting to happen? The fact the machine is willing to broadcast that its windows vista is a risk. If its on open wifi all some hacker has to do is sit in a cafe and when there is a security problem in vista (and there will be) they can get a nice list of windows vista machines to attack, such a useful feature. I suppose you could use it to send targetted adverts. Find all vista machines: "It looks like your using vista. You really need to buy spyware scanner, want to buy ours?" <br /><br />The real problem is soooo many people are allowed to get away with putting spware on machines becuase its in the EULA, or other such stuff.<br /><br />And whats worse is major companies SUPPORT using hostile tools on there customers machines. Look at sony, we want to stop piracy so we put rootkits designed to comprimise windows machines to people who bought our CDs. What idiots, didn't they release that thoose people BOUGHT THE CD. They wanna be stopping people who download pirate copies not annoy the people who are trying to do things legit.<br /><br />Oh and on the subject of anti-piracy, you guys REALLY have to drop all the registration stuff. My PC got hacked cause of registration! Windows was whining about it going to blow up if I didn't dial the internet or summit. As I was downloading updates and registering a damn virus got it. Ironicly windows update was proberly trying to update the fix for the flaw that let it in. Unfortunatly you can't get all the patches of dialup by the time a virus hits your machine :(.<br /><br />May I suggest hardened mode for connecting to the internet for downloading patches the first time?<br /><br />Oh and for securing IE, Get rid of it. Unfortunaly this is hard to do in XP because it is so tightly woven into the OS, which is proberly why IE bugs can comprimise a machine even when not using IE, yay.