New to Vista? Wondering what's so special about Vista?

Jason — Fri, 08 Jun 2007 13:44:40 GMT

A new approach to Windows security

Over the years, much has been made of Windows' security or (perceived) lack thereof. Though Microsoft's record has certainly improved in recent years, many industry observers feel that the company could do more. So Vista does more, both to address old-fashioned security issues like buffer overflows and more recent "innovations." Especially significant is the modern phenomenon of spyware, and some of the much less modern phenomena such as rootkits that go along with it. Vista's most obvious, noticeable measures are aimed at just this kind of problem.

A user may install a program that appears innocuous enough—maybe a peer-to-peer filesharing program, or a cute purple animated character, or an audio CD—and then find that the browser has had its homepage changed, all actions on the Internet are recorded and distributed to third parties, and hidden software has been installed that prevents ripping CDs.

The big problem here is that many users, especially home users, have user accounts with Administrator privileges. To a certain extent, this is hard to avoid; they really are the administrators of the systems, so such privileges are not inappropriate. Though one could run as a non-Administrator in Windows XP, changing to an Administrator only when absolutely necessary, it's arguably not very convenient to do so. Programs might unexpectedly or unreasonably demand Administrator privileges due to poor coding. Many kinds of software demand Administrator privileges to install—many games, for example, require Administrator privileges so that they can install supposed "anti-piracy" drivers, meaning that the user has to change identity (logging in as someone else, using RunAs, etc.) quite often.

User Account Control

To address this issue, Vista has a feature called User Account Control (UAC). With UAC operational (which it is by default), anyone logged in as an Administrator has a kind of "dual login." The operating system maintains two sets of access rights and privileges—one set for a standard user, who has no special abilities, and one for the administrative user, with all the power that entails. By default, Vista uses only the first, unprivileged set of rights.

In this way, the user, even though logged on as an Administrator, isn't actually more powerful than a regular user. When the user does something that actually needs Administrator privileges, the screen goes dark, and a dialog box appears to say that a program requires permission to perform some action. Users can then cancel the operation or allow it to proceed. If they choose to proceed, then they will temporarily use the set of administrative access rights for the duration of that operation.

In this way, the user is generally protected against breaking the system (whether it be through deleting necessary files, reconfiguring important hardware, or installing something nasty) but has easy access to Administrator powers when needed.

Just how effective this is at safeguarding users remains to be seen. If users deliberately choose to download the installer to a program and run it, it seems likely that they'll be happy to elevate their privileges when prompted to do so. In this sort of situation, the UAC prompt asks them only to confirm what they've already chosen to do, and to install the program they have no choice but to accept the prompt. The entire motive behind UAC is to prevent the execution of un wanted process's.

Internet Explorer protected mode

Internet Explorer is, of course, a particularly vulnerable application. This is not to say it's badly written (it might be, it might not be, but it's not really relevant). Rather, Internet Explorer is exposed to an awful lot of potentially hostile code. If Word has a flaw (a buffer overflow, say), then sure, it's a problem. But if the only thing you do is type up a few letters that you print and send, it's more of a hypothetical problem. The bug is there, but your own Word documents aren't going to exploit it, so you'll be fairly safe. Not perfect—but okay.

Internet Explorer is different. In Internet Explorer you actively seek out pages written by other people. And so your browser is vulnerable, because any of those pages you visit could be owned by a bad person (or hacked by a bad person) and so could exploit flaws in your browser. You solicit all this input from other locations, and there's no real way of trusting any of it.

To that end, Internet Explorer Protected Mode creates for Internet Explorer an environment that's even less capable than the normal UAC environment. It can write to a handful of hard disk locations (primarily its cache), and it can write to a small number of registry locations and... that's about it. It has the access it needs to browse the web, but nothing more. What this means is that if some Internet Explorer flaw is found and exploited, it can't even harm the user. The browser may crash or otherwise go haywire, but if it's restarted, everything should be okay again, with no damage done. This should make Internet Explorer a great deal safer than it is today and perhaps the safest browser for Windows, at least until other browsers adopt a similar mechanism.

Virtualization

The use of virtualization is mainly a safe guard for old applications which still write to shared locations. As we all known writting data to a shared location not only exposes that user but the entire machine to any bad code/virus.

Vista seeks to mitigate this by virtualizing writes to these shared locations. If a program running as a regular user tries to write to a system location like Program Files, the write is silently redirected. The application believes that it has written to the system location, but it actually has written to an area in the user's profile. As far as the application is concerned, the action was successful. Vista provides the program with a unified view of the real location and the redirected location, so it appears that the changes have been made—but the changes are invisible to any other users of the system.

Address space layout randomization

The buffer overflow is one of the best known and most widespread classes of security flaw around. The infamous Morris worm used a buffer overflow to spread, and malicious code has been using buffer overflows ever since to compromise machines. Windows XP SP2 mitigated against most simple buffer overflows through the feature Microsoft calls "Data Execution Protection" (DEP), also called "NX" (Non-Execute) or "XD" (eXecute Disabled) protection.

With DEP, almost all the memory that makes up a process is marked "not executable"—generally, everything except the DLLs and EXEs that make up the process. This means that even if a buffer gets overflowed and malicious code is injected into a process by an attacker, that malicious code can't actually run; the processor can read it or write it, but it can't execute it.

A clever attacker can use a buffer overflow to move to one of those executable bits of code and, from there, launch his own malicious code. DEP has made it harder to exploit the buffer overflow, but it is not impossible. The attacker does, however, need to know the whereabouts of these bits of executable code in memory. Traditionally, each piece of code would be loaded into the same place in memory every time, so it was very easy for the attacker to know the location he had to go to.

With address space randomization it makes it near impossible for a hacker to guess this area in memory as it is randomized each execution, thus grealt reducing any chance of a buffer overlow.

Networking

Many parts of Vista have seen big overhauls that improve how things go on "under the hood" but don't have much visible impact on users. One example of this is the network stack. Vista's network stack sees a new, simpler driver model that should improve network performance while also making drivers easier for vendors to write.

The most important networking protocol that most computers use these days is IP, the Internet Protocol. This protocol forms the basis of the Internet (as the name might imply) and is also widely used on private networks such as LANs or telephone backbones.

Windows Vista has an IP stack that Microsoft claims to be all-new; they've named it the "Next Generation TCP/IP Stack." The rewritten stack supports greater hardware acceleration (a number of high-end network cards include built-in support for certain aspects of IP communication), is simpler to extend (for example, it's easier for third parties to write firewalling/filtering plugins), and includes support for new features of the IP protocol to enable better performance and reliability.

The IP stack found in Windows XP and 2003 has a number of parameters that many people tweak to improve the speed of their input connection. Vista's IP stack is designed to be self-tuning, so it will determine these numbers dynamically.

More significantly perhaps, the IP stack now includes IPv6 and enables it by default. IPv6 (see our overview) is the successor to IPv4, the network protocol that currently forms the basis of most Internet connectivity. IPv4 only allows 2³² IP addresses—about 4 billion—and not all of those 4 billion can even be used. Some are reserved for private networks, and others are lost for various technical reasons. With the massive growth of Internet-connected machines, this address space is becoming quite scarce. A consequence of this is that most ISPs give their users only a single IP address, and users wishing to attach multiple computers must usually rely on Network Address Translation.

The use of IPv6 in the future would lead to a router-less world where every PC has its own IP.

IPv6 allows 2¹²⁸ different addresses. With that many addresses, there aren't shortages any longer. Instead of most people being given only a single IP address, with IPv6, even home users could be given hundreds of trillions of addresses with no fear of running out.

Disks and storage

Processors are really fast, but hard disks... they're slow. The bit they're slowest at is seeking. Because they're mechanical devices and have to physically move the drive heads and then wait for the right part of the disk to spin past, seeking in hard drives, even fast ones, takes several milliseconds. In the worst case, when having to move the head from the innermost part of the disk to the outermost part (or vice versa) the delay can be tens of milliseconds. With processors that can perform millions of operations in those milliseconds, that's a big problem. The processor can zip along once a program is up and running, but it has to wait a lifetime to load the program in the first place.

SuperFetch, ReadyBoost, and ReadyDrive

Vista has a prefetching mechanism of its own, called SuperFetch. It's far more aggressive than XP's prefetching. Where XP would arrange files on disk to ensure that they can be read quickly, Vista will go ahead and read files into memory preemptively. For example, if it sees that at 9:00 AM on a Monday morning you log in and start Outlook to check your mail, Vista can preload Outlook; it will read all the programs and libraries that Outlook needs so that they're resident in RAM. This means that when you click Outlook's icon to start it, most of the data the operating system needs is already available in memory, so you no longer have to wait so long for the program to load. The downside to this? Vista shows much higher RAM usage numbers than its predecessor.

That isn't the only thing Vista does to try to get programs to load faster. It also allowed you to plug your USB drive into your computer and allow Vista to temporarily write commonly used files to. In order for a faster load time the next time. This new feature is called Ready Boosting!

Hard disk vendors have noticed the dual advantages of flash drives—zero seek times, low power usage—and are imminently to begin integrating flash storage into regular mechanical hard drives, thus producing "hybrid hard drives." These will hit the market soon, and Vista has something called ReadyDrive to make use of them. ReadyDrive is very similar to ReadyBoost, but because the flash can't be removed—it's part of the drive—the OS can be far more aggressive about how it uses it. For example, a system with a hybrid hard drive could hibernate to flash instead of having to spin up the disk, ensuring that hibernation can occur even with negligible battery life available.

I/O prioritization

These all address the same basic problem (hard disks are slow to seek), but that's not all Vista changes when it comes to disk I/O. Modifications have been made that attempt to resolve a number of widely experienced annoyances. One such issue is the sluggish performance often seen when returning to a PC that's been running some sort of idle task such as a defragger or spyware scan. When you leave the PC, all your running programs are resident in memory and hence quick to access; the idle task then reads the entire disk to scan it. This pushes the files you're actually using out of the file cache, replacing them with the files being scanned. Worse, the operating system may even write out the programs you have running to the page file in order to free up RAM for the file scan—after all, the programs haven't been used for a while (because you're not using your PC), so the OS thinks they're good candidates to write out to disk. When you return to PC all the files that you actually need then have to be dragged in from the disk, which is very slow.

To redress this, Vista can prioritize foreground applications over background tasks, even if the foreground applications are idle. The background tasks will still run correctly and still be able to use as much of the system's resources as they can get, but they'll no longer be able to drive foreground applications out of memory and onto disk.

More generally, Vista introduces the concept of I/O prioritization. The concept is the same as prioritizing processes/threads: if two threads are both ready to run, the one with the highest priority will get run first. This means that important tasks can ensure that they run before any less important/background tasks.

Windows I/O, on the other hand, has always been a free-for-all. A request to read a disk from a background task was treated just as important as a request from a foreground application that the user is actually working with. A long time problem w/ windows Xp.

Vista's I/O prioritization greatly improves the snappiness of foreground programs, which is an extremely important part of creating a pleasant user experience. Perhaps perversely, it also allows background applications to be more aggressive. This is especially helpful when it comes to playing things such as MP3, in order to not get that jagged stop-go playback when your CPU is doing other large computations Vista prioritizes the mp3 and allocates a specific chunck of power to it.

Encryption

BitLocker full-drive encryption in Vista provides a solution. Using the Trusted Platform Module (TPM) hardware increasingly found in modern PCs, in conjunction with either a PIN code or a USB key, the entire OS drive (including the pagefile) can be encrypted. In Vista only the OS drive will be encryptable with BitLocker. If you have separate data volumes, they'll still need to use EFS, but the encryption can be complete. The entire drive encryption adds for more secure data as in early version of Windows only a single file or folder were encrypted.

Search

Windows Vista re-invest the file search by using a thing called an Index. Indexing Service was originally created as a tool for developers to use to provide search features for web sites; indeed, the first version of Indexing Service shipped in the NT 4 Option Pack alongside IIS 4 and other server-oriented features. For those who knew how to enable it (by default it wouldn't index every file on the disk), Indexing Service in 2000, XP, and 2003 could be used to perform lightning-quick searches just like the desktop search applications were offering but years in advance of them.

Search via the Start Menu

Rather than giving Indexing Service the decent frontend it has long deserved, Vista has discarded it in favor of a new indexing engine. The reasons for discarding it aren't immediately clear; the old engine can be installed if it's needed, but it's not there by default. The new engine provides what's now pretty standard search-based functionality. Every Explorer window now gets a little search box for filtering the visible files, and there are magic "Search Folders" such as "All Music" or "All Pictures" whose contents are search-based.

One slightly unusual place where search has been integrated is the Start Menu. The concept in the Vista Start Menu is that instead of hunting through potentially dozens of program groups to find the program you want to start or document you want to open, you simply type the name of the program or document to launch it. The search results appear inline within the Start Menu, allowing instant access to programs. It takes a bit of getting used to—we've had eleven years of hunting through the Start Menu to find programs—but it actually works pretty well, especially if you've got scores of Start Menu icons.

The small things matter:

For example, fewer reboots should be needed when DLLs and drivers are upgraded, NTFS volumes can be shrunk on-the-fly, NTFS can repair corruption automatically in the background (eliminating the need to reboot to run chkdsk), and improved backups based on volume shadow copy can be made, along with many others. Together, these improvements make for an extremely compelling upgrade. Vista is not simply XP with a new skin; core parts of the OS have been radically overhauled, and virtually every area has seen significant refinement. In terms of the magnitude and extent of these changes, Vista represents probably the biggest leap that the NT platform has ever seen. Never before have significant subsystems been gutted and replaced in the way they are in Vista. As such, it's a hugely important release.

Sourced from: http://arstechnica.com

Modified/Added by: Jason Sinchak

Windows Vista Forum / Installation & Compatibility / Vista Technical / New to Vista? Wondering what's so special about Vista? / Latest Posts