May 24, 2006 5:20 PM PDT

Tool helps programs befriend Vista

SEATTLE--Microsoft is helping other software companies make sure their programs won't stumble on a new security feature in Windows Vista.

The software maker has released a new tool for developers that checks if computer programs will work with User Account Control, Chris Corio, program manager for UAC, said Wednesday. The Vista feature runs a PC with fewer user privileges for security reasons.

special coverage
WinHEC in view
All the latest Vista news and other coverage of the Microsoft confab

"Test your applications and understand how they work on Vista," Corio said in a session at Microsoft's Windows Hardware Engineering Conference here. "Understand the difference UAC makes; it can be traumatic for you if you've never designed for the standard user."

Reducing user privileges is a major change for Windows. At an early point in the development of Vista, Microsoft found that more than 50 percent of the applications it runs to test compatibility wouldn't run with it, Corio said.

The new "Standard User Analyzer" tool should help make sure people get applications that work when Vista ships, he said.

Running Vista with fewer privileges should improve the security of Windows. Malicious code that makes its way onto a Vista PC won't be able to do as much damage as on a PC running in administrator mode, which is a typical setting for Windows XP.

With Windows computers around the world under repeated attack, Microsoft has made security one of its top priorities for Vista. As a result, the update will be less vulnerable than any prior Microsoft operating system, Mike Nash, the corporate vice president of Microsoft's Security Technology Unit, said in a session with reporters here.

Microsoft has looked at some 1,400 different threat models and hired penetration testers to try to break into systems running the next version of its flagship operating system, Nash said. Still, attacks will remain a fact of life, he said. "Windows will continue to be an area of interest among everyone," he said.

Some of the security woes can be solved by educating people about the importance of security messages delivered by Windows. But Microsoft says it knows that the biggest factor is how many of these messages people encounter. The goal is to reduce the number of alerts the operating system displays over time.

Changes are already visible in the latest Vista test release. In the February preview, nearly every action in the configuration panel required people to attain full privileges, indicated with a shield icon below the feature. In the Vista beta released this week, only a few actions need elevated privileges, Corio said.

UAC will be front and center in Vista. Another lower-level security feature is only gradually making its way into the operating system.

One requirement will appear first in the 64-bit edition of Vista. That version will require signed kernel mode drivers, which run hardware such as the hard disk drive and network interface card.

"This is how rootkits get into the OS," Nash said. "I think this will go a long way toward making it harder for people to write malware," or malicious software.

Customers will be able to switch on the requirement for signed drivers on 32-bit versions of Vista, Microsoft representatives said at WinHEC.

Historically many hardware products have shipped with device drivers that don't verify where they came from.

Other security features in Vista include protection against spyware and an improved firewall. It will also include a new version of Internet Explorer that will run in "protected mode" to prevent silent installs of malicious code, Microsoft has said.

Microsoft's Standard User Analyzer is available on Microsoft's Download Center Web site, Corio said. An earlier tool, called LUA Buglight, while also potentially useful for Vista developers, was really meant mostly for developers on Windows XP, he said.

CNET News.com's Joris Evers reported from Seattle, and Ina Fried reported from San Francisco.

See more CNET content tagged:
Corio Inc., security feature, WinHEC, Microsoft Windows Vista, software company

18 comments

Join the conversation!
Add your comment
Deja vue all over again
1999: Microsoft wants to make Windows 2000 "the most secure version of Windows ever, both in terms of feature functionality, and system design,"
<a class="jive-link-external" href="http://news.cbsi.com/2100-1040-230632.html" target="_newWindow">http://news.cbsi.com/2100-1040-230632.html</a>

2001: WASHINGTON -- Microsoft's newest version of Windows, billed as the most secure ever, contains several serious flaws that allow hackers to steal or destroy a victim's data files ... - Washington Post Dec 20, 2001.

2004: Microsoft: To secure IE, upgrade to XP
"We do not have plans to deliver Windows XP SP2 enhancements for Windows 2000 or other older versions of Windows,"
<a class="jive-link-external" href="http://news.zdnet.com/2100-3513_22-5378366.html" target="_newWindow">http://news.zdnet.com/2100-3513_22-5378366.html</a>

2006: Vista "will be less vulnerable than any prior Microsoft operating system" - Mike Nash, Microsoft, 2006
Posted by rcrusoe (1305 comments )
Reply Link Flag
Deja vue all over again
1999: Microsoft wants to make Windows 2000 "the most secure version of Windows ever, both in terms of feature functionality, and system design,"
<a class="jive-link-external" href="http://news.cbsi.com/2100-1040-230632.html" target="_newWindow">http://news.cbsi.com/2100-1040-230632.html</a>

2001: WASHINGTON -- Microsoft's newest version of Windows, billed as the most secure ever, contains several serious flaws that allow hackers to steal or destroy a victim's data files ... - Washington Post Dec 20, 2001.

2004: Microsoft: To secure IE, upgrade to XP
"We do not have plans to deliver Windows XP SP2 enhancements for Windows 2000 or other older versions of Windows,"
<a class="jive-link-external" href="http://news.zdnet.com/2100-3513_22-5378366.html" target="_newWindow">http://news.zdnet.com/2100-3513_22-5378366.html</a>

2006: Vista "will be less vulnerable than any prior Microsoft operating system" - Mike Nash, Microsoft, 2006
Posted by rcrusoe (1305 comments )
Reply Link Flag
Will Vista's costs muscle out the Software Competition?
The degraded user rights requirement essentially will mean that most extant software will have to be discarded in the move to Vista. A clever way to extinguish the competition and make Windows Live PerpetualPay Webware look like a bargain, indeed.

It's important to understsand what the need for software makers to update apps means in practice. It means that if there are such updates to apps at all, they will likey be offered only with upgrades to the current app versions--for the typical per app upgrade fees if $130-$199 per app here in Canada.

Many SOHO users and small firms use a variety of apps that may already be 7-8 years old. In my case my office apps are Office 2000 Premium, PageMaker 7.01, Adobe Acrobat Pro 6, MS PhotoDraw 2, VB6 Pro, InstallShield Express 3.5x, Corel PhotoPaint 7, Word for DOS 5.5 (to print 80s-era docs as they were formatted etc), WordPerfect Office 11 Std Ed, Paragon HD Mansger 6, Ghost 2002, PartitionMagic 7, FrontPage 2000, etc.

Lots of people are gonna be soaked in the transition to Vista; many will just give up and go over to the Windows Live concept.

Vista is not just an OS; it is in one way a chanelling mechanism to drive users to web-based apps, achieving this direction by upping the desktop software transition cost dramatically.
Posted by PolarUpgrade (103 comments )
Reply Link Flag
That is such bull
Most software should run just fine under Vista, and most that won't will simply require a little config within the OS. I do this every day with locked down XP boxes; it isn't that hard(for the most part. There are exceptions), and by the looks of things, MS is attempting to make it as easy as they can.
And yes, we run lots of older apps just fine under limited accounts.

If you write software to specs (XP logo certified), you already have to run under a limited account.

Christ, if MS does nothing, they get bashed. If they do anything what so ever, they get bashed. Make up your minds.
Posted by catch23 (436 comments )
Link Flag
Will Vista's costs muscle out the Software Competition?
The degraded user rights requirement essentially will mean that most extant software will have to be discarded in the move to Vista. A clever way to extinguish the competition and make Windows Live PerpetualPay Webware look like a bargain, indeed.

It's important to understsand what the need for software makers to update apps means in practice. It means that if there are such updates to apps at all, they will likey be offered only with upgrades to the current app versions--for the typical per app upgrade fees if $130-$199 per app here in Canada.

Many SOHO users and small firms use a variety of apps that may already be 7-8 years old. In my case my office apps are Office 2000 Premium, PageMaker 7.01, Adobe Acrobat Pro 6, MS PhotoDraw 2, VB6 Pro, InstallShield Express 3.5x, Corel PhotoPaint 7, Word for DOS 5.5 (to print 80s-era docs as they were formatted etc), WordPerfect Office 11 Std Ed, Paragon HD Mansger 6, Ghost 2002, PartitionMagic 7, FrontPage 2000, etc.

Lots of people are gonna be soaked in the transition to Vista; many will just give up and go over to the Windows Live concept.

Vista is not just an OS; it is in one way a chanelling mechanism to drive users to web-based apps, achieving this direction by upping the desktop software transition cost dramatically.
Posted by PolarUpgrade (103 comments )
Reply Link Flag
That is such bull
Most software should run just fine under Vista, and most that won't will simply require a little config within the OS. I do this every day with locked down XP boxes; it isn't that hard(for the most part. There are exceptions), and by the looks of things, MS is attempting to make it as easy as they can.
And yes, we run lots of older apps just fine under limited accounts.

If you write software to specs (XP logo certified), you already have to run under a limited account.

Christ, if MS does nothing, they get bashed. If they do anything what so ever, they get bashed. Make up your minds.
Posted by catch23 (436 comments )
Link Flag
Taking insanity to a whole ne level.....
"At an early point in the development of Vista, Microsoft found that more than 50 percent of its own applications wouldn't run with it," - wow!

Microsoft is attempting to code away user stupidity. Everybody that thinks that has a chance in hell of working raise your hands.

Instead of concentrating on training people in the use of thier PCs (i.e. "don't run in Admin mode for everyday tasks") Microsoft has taken on the monumental task of saving the stupid from themselves.

To do so, they'll flood people with message boxes. And guess what.....people will do as they always do...they'll JUST CLICK GO after about the 10th box. They won't even try and understand what it says, they'll just look for the "Next" or "Continue" button and click until thier one brain cell is satisfied.

Not to mention that if there is a way to disable this feature they will.

You 've got to be wondering if Microsoft has "Michael Jackson Syndrome". You know - a modern day version of "the emporer has no clothes".

IMHO, they have so isolated themselves from the everyday users that they too think a single sparkly glove is what people want to see.

It's just sad.
Posted by Jim Hubbard (326 comments )
Reply Link Flag
Not insanity, but raising apps' barrier to entry
I'd say this development is less a new level of insanity than it is a carefully implemented leveraging of the point-of-sale OS monopoly.

Microsoft is raising the applications barrier to entry for Vista, essentially locking out a wide range of older applications.

Since we know that the majority of desktop computing ISN'T DONE with current versions of most software, vast numbers of in-use applications will have to be upgraded to new versions.

Since many many older apps today HAVE NO CURRENT version having been waylaid by mergers, takeovers and shutdowns, this means that many businesses and home users will be stranded, faced with having to buy anew a lot of NEW software.

What then? Well, those Windows Live services priced at say $19.95 a month PER FUNCTION (such as fax, WP, spreadsheet, Etc.) will start to look like an easier escape route compared to replacing thousands and thousands of dollars of software all at once. But of course the over-time hit will be higher in cost, and it all goes to MS, not to the once burgeoning third-party PC software market.

Moreover, the premium Windows that will likely be the only real Windows sold will also represent a major expense. Anyone want to bet that MS will offer Vista as rentalware? I'd say the chances are 100% that perpetual pay tithing on the OS and the apps will be phased in with Vista, slowly over time.

More significantly, MS is taking the PC market upscale with all this, and is also in effect shrinking the personal computing marketplace all by itself, because it suits MS to do that.

Other firms tried to do this in other sectors starting in the 1980s (as the upmarket is said to have deeper pockets and buys more with each buy), but tended to fail in so doing. That is because in most other sectors the upmarket may look very tempting, but it is also a very discerning market that paradoxically seeks great value from its purchases. While upmarket customers spend more per per purchase, they may actually buy less often, and there are a lot fewer upmarket buyers than geneeral consumers.

MS on the other hand can force the PC market upmarket as it is for all intents and purposes the only operating system maker for commercially viable consumer-useable PCs. IF MS doesnt't want people selling low-cost PCs; it can rejig the product pricing such that it is not economic to sell them.

That is happening now, I would humbly suggest.

The approach this time is very clever, almost a clean-room methodology of juggling the real dollar cost of lower end PCs is in use at arms length. I think it has potential to fail now, however, as the last thing one wants to do is BRAG about having no intention to really sell the low end Vista, and so draw attention to the method. On the other hand, we live in an age where as long as big business does it, it's considered okay.
Posted by PolarUpgrade (103 comments )
Link Flag
Taking insanity to a whole ne level.....
"At an early point in the development of Vista, Microsoft found that more than 50 percent of its own applications wouldn't run with it," - wow!

Microsoft is attempting to code away user stupidity. Everybody that thinks that has a chance in hell of working raise your hands.

Instead of concentrating on training people in the use of thier PCs (i.e. "don't run in Admin mode for everyday tasks") Microsoft has taken on the monumental task of saving the stupid from themselves.

To do so, they'll flood people with message boxes. And guess what.....people will do as they always do...they'll JUST CLICK GO after about the 10th box. They won't even try and understand what it says, they'll just look for the "Next" or "Continue" button and click until thier one brain cell is satisfied.

Not to mention that if there is a way to disable this feature they will.

You 've got to be wondering if Microsoft has "Michael Jackson Syndrome". You know - a modern day version of "the emporer has no clothes".

IMHO, they have so isolated themselves from the everyday users that they too think a single sparkly glove is what people want to see.

It's just sad.
Posted by Jim Hubbard (326 comments )
Reply Link Flag
Not insanity, but raising apps' barrier to entry
I'd say this development is less a new level of insanity than it is a carefully implemented leveraging of the point-of-sale OS monopoly.

Microsoft is raising the applications barrier to entry for Vista, essentially locking out a wide range of older applications.

Since we know that the majority of desktop computing ISN'T DONE with current versions of most software, vast numbers of in-use applications will have to be upgraded to new versions.

Since many many older apps today HAVE NO CURRENT version having been waylaid by mergers, takeovers and shutdowns, this means that many businesses and home users will be stranded, faced with having to buy anew a lot of NEW software.

What then? Well, those Windows Live services priced at say $19.95 a month PER FUNCTION (such as fax, WP, spreadsheet, Etc.) will start to look like an easier escape route compared to replacing thousands and thousands of dollars of software all at once. But of course the over-time hit will be higher in cost, and it all goes to MS, not to the once burgeoning third-party PC software market.

Moreover, the premium Windows that will likely be the only real Windows sold will also represent a major expense. Anyone want to bet that MS will offer Vista as rentalware? I'd say the chances are 100% that perpetual pay tithing on the OS and the apps will be phased in with Vista, slowly over time.

More significantly, MS is taking the PC market upscale with all this, and is also in effect shrinking the personal computing marketplace all by itself, because it suits MS to do that.

Other firms tried to do this in other sectors starting in the 1980s (as the upmarket is said to have deeper pockets and buys more with each buy), but tended to fail in so doing. That is because in most other sectors the upmarket may look very tempting, but it is also a very discerning market that paradoxically seeks great value from its purchases. While upmarket customers spend more per per purchase, they may actually buy less often, and there are a lot fewer upmarket buyers than geneeral consumers.

MS on the other hand can force the PC market upmarket as it is for all intents and purposes the only operating system maker for commercially viable consumer-useable PCs. IF MS doesnt't want people selling low-cost PCs; it can rejig the product pricing such that it is not economic to sell them.

That is happening now, I would humbly suggest.

The approach this time is very clever, almost a clean-room methodology of juggling the real dollar cost of lower end PCs is in use at arms length. I think it has potential to fail now, however, as the last thing one wants to do is BRAG about having no intention to really sell the low end Vista, and so draw attention to the method. On the other hand, we live in an age where as long as big business does it, it's considered okay.
Posted by PolarUpgrade (103 comments )
Link Flag
Stop password prompts
How do I stop Vista from prompting me for my password so often? I even had to enter my password to put a desktop shortcut in the trash... I mean come on... can I control that somehow??
Posted by fialkoff (4 comments )
Reply Link Flag
Stop password prompts
How do I stop Vista from prompting me for my password so often? I even had to enter my password to put a desktop shortcut in the trash... I mean come on... can I control that somehow??
Posted by fialkoff (4 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.