Vista Turns Out to Be More Than Just a Pretty Face. Who Knew?

What did I mean when I said that my "head exploded?" It all started like this….

I've played with the various Vista betas since the early pre-beta ("technology preview") Microsoft released in 2003, and to be honest I'd not been impressed. It seemed to me that Vista mostly offered neat new stuff for programmers. The new "Aero Glass" desktop seemed like pretty eye candy, but my inclination with GUIs is turn off all of the visual effects immediately anyway-I've got plans for those CPU cycles that fading menu would suck up!-and so a look at one of my Vista desktops might lead the casual observer to guess that I was running Server 2003 rather than Vista. Yes, there was great stuff coming in Windows, I'd heard…but the version of Windows delivering that great stuff was Windows Server 2007, "the operating system formerly known as Longhorn," rather than Vista.

In the first half of 2006, however, that all changed. The Vista betas started strutting their stuff, and I was surprised to discover that a lot of that "stuff" turned out to be many of the features that I'd originally told would not appear until Server 2007. From that point on, I started spending a lot more time with the Vista betas and customer technology previews. But playing with a beta only reveals the things that the OS designer exposes through the GUI and the built-in applications; it usually doesn't reveal all that much about any changes to the OS's internals. That's why it was possible to surprise me so significantly at the June 2006 show.

I'd already sat in several sessions about new security technologies in the Vista. Some of what I was hearing was, to be honest, sort of disquieting. A new laptop protection technology named "BitLocker" would protect your laptop so well that you if you weren't careful, losing your password might mean losing your data. When installed, Vista appeared not to have a built-in Administrator account anymore, just a kind of "junior administrator" who seemed unable to do many basic administrative chores. Bunches of security tweaks in the file system and the Registry might render tons of XP-compatible applications useless. Every time you wanted to do something vaguely administrative, Vista annoyed you with an "are you sure?" sort of dialog box.

All of this new security stuff was starting to sound like it'd be a source of new chores for us admin types, and I can't say that made me eager for Vista's arrival. Then, to make matters worse, the speaker said something about "mandatory integrity control" or MIC-later renamed "Windows integrity control" and for all I know, they'll change it again before it ships-a new layer of security in Vista that I'd already heard about but hadn't really considered. My attention was drifting until I heard the speaker say "and a side effect of this is that there could be files on Vista that no one, not even an administrator, could delete." At that moment, I realized why MIC had seemed kind of familiar; you see, it's based on a method of securing files that's been incorporated into operating systems for decades…but only on military computers.

That was what triggered the brain combustion.

Why on earth, I asked myself, would we want an operating system like this? Good lord, I'm not running a blasted missile silo or storing national secrets on my own confounded computer!

But, after Krazy Glue-ing my head back together, I remembered some things. Things like the fact that in the past couple of years, I have removed truly scary spyware, keystroke loggers, and even a rootkit from virtually every single computer that I've been asked to look at by friends and family. And if you're a fellow admin type, then I'll bet your reaction to that wasn't shock or amazement. No, I'd guess that you were nodding your head in recognition as you read that; I'd imagine that every XP techie out there has had experiences like mine. Nor are those friends and family dummies; they're mostly smart people who aren't computer experts, and every one of them had picked up something potentially lethal, because there are so many new ways to pick up something bad.

That led me to also remember all of the fake security alerts that I've gotten from financial institutions that I'm not even a member of, the "phishing" attacks that use social engineering to trick people into giving random servers their names, passwords, and account numbers. I've never been taken in by one, but I wouldn't ascribe that to any genius on my part; no, it's probably because I don't use a PayPal account, and they seem to be the biggest phishing target. Additionally, as a writer I have something of a secret weapon: I'm a bit more likely to notice the spelling and grammatical mistakes endemic to 99 percent of the phishing messages out there than the average bear. There's the constant assault on my privacy from websites that want me to click some graphic and hit a monkey or claim my free iPod, all with the same desire: to put the links in place necessary to track my every move on the Internet and sell it to people who can then plague me with spam. (Why do you think Google gives away e-mail accounts?)

And then it dawned on me: I guess it's true that my computer can't launch ICBMs and doesn't contain any national secrets…but it does hold personal secrets like my passwords, personal business affairs, and financial information, and if the bad guys were to get that, then I could be in some serious trouble money-wise.

The world of malware-viruses, worms, bots, Trojans, rootkits, phishing, you name it-has changed drastically in just the past few years, and not everyone understands that. Yes, jerks have been writing malware for years, but the motivation to write the malware has changed. Not that long ago, viruses and the like were written by pathetic wannabes who mostly just sought bragging rights about how many systems they'd infected. Nowadays, the dweebs are gone, and the goal of the new malware authors isn't bragging rights: it's your bank account. There are truly bad people out there, thousands and thousands of them, they want to hurt you, and, worst of all, they live in your neighborhood. (The Internet, that is.) We're at war with a much tougher enemy than we faced just a few years ago when viruses were the worst thing we ran into, and we're under siege…so adding a few Cold War notions into our OS is, unfortunately, probably not such a bad idea.

Think of it this way. In the late 1990s, our foes were essentially nothing more than annoying kids who liked to break into houses when people were away just to do it. Putting locks on doors that had never had them, remembering to actually lock those locks when leaving the house, and perhaps installing a simple burglar alarm were sufficient for most people's needs. Nowadays, in contrast, we're up against an intelligent, highly motivated army of thieves with automatic lock picks and vacuum cleaners that can leave an account as empty as a politician's promise, and do it in seconds. That sort of enemy calls for more powerful defenses, like bulletproof walls, guards, fences, and smart cards as well as better keys. That means more work and new things to learn…but the alternative is losing the fight. Vista provides a lot of those new weapons, and you need to understand them.

With that said, here's a more specific explanation of why I felt that this book needed to be written, and written as soon as possible. Vista changes a lot of things, and that makes sense because Vista is the first completely new OS that Microsoft has created since they "got religion" about security. And yes, I know that Server 2003 shipped after Bill Gates had his big security epiphany in early 2002, but I'm not counting 2003 as the first "post-religion" OS. I think Microsoft still had a few lessons to learn after 2003 appeared in April 2003. They understood that security was a big deal, but they weren't yet ready to sacrifice much of anything in the way of backward compatibility to achieve it. But it seemed to me that the Blaster worm in August 2003 was the final nail in the "security's important, but only so long as we can still run 1992 programs" way of thinking.

Blaster was incredibly embarrassing to Microsoft, and from what I've heard it was the seminal event that led Microsoft to basically throw away all of the Vista work that they'd done to that point and start from scratch. I don't have access to either XP or Vista's source code, but I'm told that a very high percentage of Vista's programs are all-new code, and I can believe it from the multitude of things that run just a little differently under Vista.

Anyway, the fact that so much of Vista is new and security-centric means that I could point to dozens or perhaps hundreds of things in Vista and say, "these are very different, you should know about them," and in fact our wider-focus books Mastering Windows Vista Professional and, in 2007, Mastering Windows Server 2003 will cover all of those topics. But there are a few things that I felt that every Windows admin needs to know about, but that there's little available about, or little accurate information on.