Windows Vista Security Looks Promising
Modernizing Authentication — What It Takes to Transform Secure Access
For several years, especially since Windows XP Service Pack 2, Microsoft has been tightening security in Windows and Internet Explorer. It's hard to see at times, but I do think they have been making progress. Nevertheless, with a completely new version of Windows, Microsoft has the opportunity to do some radical things that should help a lot more.
Like Service Pack 2, these changes will break existing applications and require ISVs and device driver writers to make changes. Such is life, I say, and as with SP2, these people will have lots and lots of time to work on updating their software. With few exceptions, if a product doesn't work when Vista ships late next year (cross fingers) you can blame the ISV.
Many of these "new" features have been available in other operating systems or third-party products, but having them standard in Windows makes a difference. I'd like to focus on some of the important ones.
Corporate IT has known for a long time (and if they don't, they're incompetent) how to manage their Windows users with restricted permissions, both on the network and on the local computer. For the average home user it hasn't been hard to set up such accounts, but it's common to run into applications that require greater privileges that are provided on Windows XP for a Limited User.
The problem is changed in Windows Vista first by attitude. The word "Limited" is gone and a "User Account" is now limited. Getting an account with Administrator privileges is now the extraordinary case, but it's not generally going to be necessary. If you do something that requires admin privileges, such changing firewall settings, the system will offer you an opportunity to enter account credentials that have sufficient privileges, such as the Administrator account. So you can run normally as a non-Administrator. This is all called "User Account Protection," and in beta 1 it must be enabled manually.
This approach, of course, is straight out of Mac OS X, and Mac advocates like to point to it as the right way to do things, but there are definite limitations to how much it can protect you. Most spyware/adware installed on Windows is installed deliberately by the user out of carelessness. You want that cool toolbar and you know you're installing a program, so of course you are going to give it admin privileges or whatever it needs. You'd have to do the same to install a legit program. On the other hand, it should provide protection against silent drive-by downloads unless, once again, the user is stupid enough to let them proceed.
Another User Account Protection feature is that when programs write to protected areas of the file system and registry, these writes are actually stored in a separate area, maintained per user, called the Virtual Store. This is very similar to what is done on a Terminal Server, and in fact I wonder why the Virtual Store is stored in C:\Virtual Store rather than under each user's Documents and Settings folder as is done on Terminal Server.