Vista's smarter security
Trends and technologies that affect the way government does IT
- By Brad Grimes, Joab Jackson
- Sep 20, 2006
There was a time during the development of Microsoft Windows Vista
when a user had to ask permission to delete a shortcut from his Vista desktop. A shortcut! And if you wanted to simply view your current firewall settings, the new operating system's User Account Control feature intervened.
'We were pretty draconian,' said Greg Sullivan, Microsoft group product manager for Windows marketing communications. Sullivan was explaining to GCN what many Vista beta testers discovered early on'that UAC, which has been designed to make Vista more secure than previous Windows versions, was actually hypersensitive. Too many prompts, too many pop-up windows. 'Windows was requiring escalation when it didn't need to,' Sullivan explained.
Last June, Steve Hiskey, the lead program manager for UAC, blogged that his team was aiming to reduce the number of UAC prompts by the time Vista reached Release Candidate 1. Apparently, he was true to his word. When Sullivan brought us copies of RC1 this month, he was able to tick off the ways in which Microsoft had made UAC smarter. Now administrators can delete shortcuts. Users can also see their firewall settings without permission. Plus, connecting to a network and updating signatures for Windows Defender no longer require extraneous UAC intervention. That's all good news.
Also good news: Vista RC1 now includes a new ActiveX installer service so systems can load ActiveX controls without needing admin privileges. Until now, UAC was set up to prevent ActiveX controls on standard user systems in an effort to block malware from loading. If a user got an ActiveX prompt, he or she had to elevate the issue to an admin, who in turn had to enter a password to allow the control through. Pain in the backside.
The new ActiveX installer service lets a network admin create a group policy and white list of approved ActiveX controls so that those controls can load automatically. This is a critical addition to Vista, because it should help ensure that agencies' Web-based applications run smoothly. It will require ongoing maintenance'admins will need to inventory ActiveX controls and keep on top of their policies'but it's a big improvement over the previous UAC treatment of ActiveX in the enterprise.
In non-UAC Vista news, Microsoft officially renamed its WinFX development tools. They're now called the .Net 3.0 Framework and they're installed by default. 'If you have a .Net app, you used to have to go and get the disk,' Sullivan said. He said Microsoft was hoping more developers would use the new APIs for their programs. 'For example, only gamers use the DirectX 10 graphics stack. Everyone else is using 15-year-old APIs and rendering graphics with just the CPU and not the [graphics processing unit].'
Provided agencies' desktops can run Vista, with its steeper system requirements, more graphical, interactive apps would be a welcome advance.
Joab Jackson is the senior technology editor for Government Computer News.