How to Read This Book

This book is short, and if you are planning or presently writing software to target Windows Vista, then you really should read the entire book - if for no other reason than to give you a good feel for the new security defenses and technologies Microsoft has added or improved in Windows Vista.

Each of the chapters is relatively self-standing, except for the first three which all developers building software for Windows Vista should read.

Chapter 1, “Code Quality” describes many of the changes that were made to Windows Vista at a code level to remove potential security bugs. There is much the software industry can learn from what Microsoft did to help secure Windows Vista, and there is nothing more we’d love to see but for other developers to learn from what we have learned.

Chapter 2 “User Account Control, Tokens, and Integrity Levels” and Chapter 3 “Buffer Overrun Defenses” should be read because the technologies described in these two chapters affects every other feature in Windows Vista.

Most if not all developers will write networked applications, so they should digest the contents of Chapter 4, “Networking Defenses.”

Those developers writing services should read Chapter 5, “Creating Secure and Resilient Services,” as we offer guidance to make your services more resilient to attack and making it easier to create services that run with the lowest possible privilege.

If you create code for Internet Explorer, such as browser helper objects, toolbars or ActiveX controls, then you should read Chapter 6, “Taking Advantage of Internet Explorer Defenses.” Internet Explorer 7 in Windows Vista has a number of architectural changes and defenses that will affect how your code will run.

If your software uses cryptographic functions, then you should read Chapter 7, “Crypto-graphic Changes in Windows Vista” because we have included a newer crypto architecture named Cryptography API: Next Generation (CNG) as well as adding updated algorithms and certificate revocation and validation.

Enterprise developers will get the most benefit from Chapter 8, “Authentication and Authori-zation” which outlines the authentication and, ACL in Windows Vista.

The final chapter, “Miscellaneous Defenses” is admittedly a catch-all of new defenses added to Windows Vista that do not fit in any other chapter. You should spend some time perusing this chapter to determine if any of the features and defenses apply to the software you are creating.