A new Vista for your office?

Security, usability are the best reasons to embrace new OS

Windows Vista Ultimate

Performance: B

Security: A+

Ease of Use: A

Features: A

Price: $399

Reviewer's comments: Beyond the bells and whistles, Microsoft Vista offers many substantial security and usability improvements. Even performance issues of this hefty new OS are addressed.


Microsoft Corp.

Redmond, Wash.

(425) 882-8080


With Vista, users can run mini-applications, called Gadgets, on their desktops.

ABOVE LEFT: Microsoft Vista lets users save results of search queries as seperate folders. ABOVE RIGHT: Perhaps feeling the heat from Google Desktop, Microsoft upgraded the search capabilities for Vista, providing an index that will help users find material instantly.

As the last congressional election showed us, sometimes traditionally fearful-of-change Americans actually embrace a new direction. That's not always the case when changing desktop computer operating systems, especially when people are already used to an older version.

But the newly released Microsoft Windows Vista comes with several security and usability improvements that really do trump good old Windows XP, making it attractive for installation on either government networks or traveling systems.

We went through the upgrade process from Windows XP Professional to Windows Vista Ultimate (there are also Home Basic, Home Premium, Business and Enterprise editions) to look for any quirks you might encounter and also to see what advantages the new OS offers. We found it offers plenty.

Our test system was a mid-level notebook PC with a 1.5-GHz Intel Pentium 4 processor and 128MB of video memory.

The first thing you probably want to do before even considering an upgrade is check on compatibility issues with your existing programs. Microsoft provides the latest information on program compatibility as part of its technical database (See GCN.com/726). From that link, you can also download a program that will check your applications for Vista compatibility.

Some programs may have to be run in XP compatibility mode, though they would have to be fairly obscure, as there are over 800 mainstream applications listed as fully Vista compatible.

Assuming you clear that hurdle, installing Vista is about the same as installing earlier versions of Windows, and might even run a bit more smoothly, since important files from your existing version of Windows are stored in a Windows.old folder and can be restored later if needed. You probably will want to delete the old files to save space once you have come to rely on Vista.

Installing Vista is as easy as booting from the CD. It takes about 15 minutes, and the two reboots required to move from XP are automatic.

The first time you run Vista, you will need to set certain security parameters, such as how you want to handle automatic updates. And as a nod to Section 508, you can also adjust the font size for larger, easier-to-read print, which will then replicate throughout Vista's programs.

XP security flaws fixed

Many of the security deficiencies with XP have been cleared up in Vista. Most of those holes had been plugged by third-party programs, but you were forced to purchase them and rely on another company. Now, a lot of security has been brought in-house.

One important feature is the BitLocker drive encryption. This encrypts the entire hard drive running Vista. This all-over encryption is good protection in case the drive itself is stolen, which can be a particular concern for notebook PC users.

It also could protect your agency if someone improperly disposes of old equipment.
BitLocker is not to be confused with the more robust File Encryption System, which comes with every version of Vista other than the Home version. This feature lets you encrypt individual folders or files by clicking one button. You can even store emergency recovery keys on your smart card, in case you forget your password.

An administrator could theoretically set up all the notebooks in an agency to allow folder-level encryption, but have a single smart card with the master key that could unlock all folders if needed. Of course, you would want to have your master key well-protected, perhaps going so far as to lock it in a safe.

In addition to encrypting files on your local hard drive, you can also set up encrypted folders on remote file servers, which makes sharing files more secure.

You could do the same thing with XP, but only by using expensive and somewhat complicated third-party software. We found it not much more difficult with Vista than working with the current local system.

Microsoft has also integrated into Vista its spyware scanning program, previously available as a separate download. Windows Defender offered XP users the ability to scan their systems and to recognize new spyware as it attempted to install.
It would even tag programs like Weather Bug, which some users might want on their systems but which had properties similar to spyware.

You did not have to delete everything Defender tagged but had that option after you read about a program. Now Defender comes standard with all versions of Vista, and in our testing worked as well as it did with XP, including automatically updating its profiles as part of the natural Windows Update process.

For your protection

But the most useful security enhancement is the fact that Vista runs in Protected Mode. This is probably the most compelling reason for upgrading to Vista. If you have experimented with Internet Explorer 7, you have already experienced this new way of dealing with security, since IE7 also uses this protocol.

In Protected Mode, not every program has the same access to the operating system, even when the user has administrator level access. A program is granted only a limited subset of privileges and permissions to execute. Whenever something out of the ordinary happens, Vista will pop up an explanatory window. The OS does a good job of saying exactly what is being attempted, and allows the process to be completed only with a user's permission.

We tested this with a program that tried to access the Internet and received a warning, and then another one when the program tried to access a different site. This feature was available through such third-party programs as Norton Utilities and McAfee Firewall, but Vista brings it into the realm of the OS itself, where it belongs.

Probably not quite as important as Protected Mode'but still another new piece of armor'are the advanced Group Policy settings, which now include USB devices. You can specify what types of devices are permitted on a system, or even what specific devices are allowed to connect. Perhaps your agency allows the use of encrypted key drives but does not want just any old drive without security to hook up. Setting this up is relatively easy.

There is also a neat security feature that you won't encounter unless you are a hacker. It's called Address Space Layout Randomization. What ASLR does is randomly assign Dynamic Link Library files and executable files to one of 256 possible memory locations each time the system reboots.

We tested this by identifying a specific DLL and using a utility to identify its memory location. After rebooting, ASLR scrambled the DLL locations and our target DLL was in a new place. This ingenious feature makes it a lot harder for malicious code to target exploits'a stack overflow attack, for example'since the location of the DLLs constantly changes. Their specific location in memory can't be preprogrammed.

While security is probably the main reason a government user might want to switch to Vista, the OS also offers a wealth of new features to make it easier to use. A lot has been written about the way you can flip through windows in 3-D and reduce movies to watch them play minimized in the taskbar. But the OS also comes with a number of features to ease life for the office worker.

Collaboration is easy using Windows Meeting Space. Any user except those with Home Basic can initiate a meeting and invite up to nine other people. This is very much like the Microsoft online collaboration software or even its main competitor, WebEx. You can use an existing network or wirelessly create a virtual network. We were able to create a very simple network using the wireless cards found in two notebooks. Once connected, you can share files and perform such useful tasks as group editing of documents. Although we did not test Vista Home Basic, Microsoft says Basic users can join other Meeting Space networks but not create their own.

In all other versions of Vista, there are no restrictions.

Easier-to-find features

Most of the newest usability improvements involve gathering into one place features already found in XP. Whether you want to change your screensaver, adjust brightness, check your network connection status or change the speaker volume, you can find it in the Mobility Center. If you want to do something with Vista that falls in the category of general status or customization, head over to the Mobility Center first.

Tablet PCs are all the rage in some sectors these days, and Vista pretty much eliminates the need for a special tablet PC version of the OS. A digital pen or even your finger can be used to navigate or annotate on a tablet PC screen. This is available in the Home Premium, Business, Ultimate and Enterprise editions. So even if you have a tablet PC running XP Tablet, you can still upgrade to Vista and not lose any of your tablet functionality.

Giddy up n' go

Considering that we were testing on a mid-level notebook, it is no surprise that performance took a hit moving from XP to Vista. Our tests with the GCN/Alterion benchmark showed a 200-point decrease in performance. However, this dip can actually be reversed using a couple of innovative performance features.

One is Windows SuperFetch, which is very much like the technology found on intelligent databases. Vista watches how you use your system and then uses that data to guess what applications you are likely to open. If you always open Word, for example, but seldom touch Adobe Photoshop, Word gets higher priority. What Vista will do is preload Word into memory so it opens like lightning when you need it. This does not slow down Photoshop one bit, but it makes frequently used applications work faster, much like a database server setting up frequent queries in easily accessible places. We worked with our test notebook for about a week before Vista started to catch on to our habits. After that, frequently used programs did load more quickly.

ReadyBoost is another technology that can speed performance. USB key drives are becoming more prevalent and growing in size, so Microsoft configured Vista to use key drives to boost system memory. Say Photoshop runs slowly because you only have 128MB of RAM. Simply activate ReadyBoost and plug in a key drive. The system will be able to use the extra flash memory as if it were system memory.

Running Vista with an extra gigabyte of system memory supplied by a USB key drive actually improved the GCN/Alterion benchmark score by 200 points over the same system running XP without the memory boost. Most people won't want to run their PCs or notebooks with a key drive permanently attached, but it makes a nice stopgap method of boosting performance when needed.

Buy or pass?

Overall, the performance and new features of Vista are impressive. The main reason to upgrade from XP to Vista right now is the security enhancements, particularly the easy-to-use File Encryption System and the fact that the entire OS runs in Protected Mode. Little features like scrambling the DLL locations on reboot are useful additions as well.

Had it not been for the advanced security features, we would have said Vista was a nice OS but not one that demanded to be installed immediately. But given how frequently users have suffered of late from high-profile data and system breaches, Vista offers a nearly irresistible package. Any OS that improves security without compromising ease of use or program compatibility should be a no-brainer purchase.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above