Windows Vista®

Windows Vista® is the name of the next major version of Windows, and the successor to Windows XP. You have to choose Vista from four editions-

1. Windows Vista Home: For basic home needs such as e-mail and Internet access.
2. Windows Vista Home Premium: For the best home computing and entertainment.
3. Windows Vista Business: For small and mid-sized organizations
4. Windows Vista Ultimate: For work and entertainment, this is the most complete edition.

Features:
Security: Windows Vista® builds on the security features in Windows XP with Service Pack 2 (SP2) and Windows Server 2003 with Service Pack 1 (SP1) and adds some deep-seated security improvements that will finally make the Windows platform competitive with Linux and Mac OS X from a security standpoint. With Windows Vista, the system will inform users about security and privacy choices so they feel more confident that they are as secure as possible, and that their privacy is protected.
User Account Control: User Account Control is a new infrastructure that requires user consent before allowing any action that requires administrative privileges. With this feature, all users, including users with administrative privileges, run in a standard user mode by default, since most applications do not require higher privileges. When some action is attempted that needs administrative privileges, such as installing new software or changing system settings, Windows will prompt the user whether to allow the action or not. If the user chooses to allow, the process initiating the action is elevated to a higher privilege context to continue. While standard users need to enter a username and password of an administrative account to get a process elevated (Over-the-shoulder Credentials), an administrator can choose to be prompted just for consent or ask for credentials.
UAC asks for credentials in a Secure Desktop mode, where the entire screen is faded out and temporarily disabled, to present only the elevation UI. This is to prevent spoofing of the UI or the mouse by the application requesting elevation. Any application requesting elevation has to have focus before the switch to Secure Desktop occurs. Else its taskbar icon blinks, and when focussed, the elevation UI is presented. Since the Secure Desktop allows only highest privilege System applications to run, no user mode application can present its dialog boxes, so any prompt for elevation consent can be safely assumed to be genuine. Additionally, they can also help protect against shatter attacks, which intercept Windows inter-process messages to run malicious code or spoof the user interface, by preventing unauthorized processes from sending messages to high privilege processes. Any process that wants to send a message to a high privilege process must get itself elevated to the higher privilege context, via UAC.
Windows Defender: Windows Vista includes Windows Defender, Microsoft's anti-spyware utility. According to Microsoft, it was renamed from 'Microsoft AntiSpyware' because it not only features scanning of the system for spyware, similar to other free products on the market, but also includes Real Time Security agents that monitor several common areas of Windows for changes which may be caused by spyware. These areas include Internet Explorer configuration and downloads, auto-start applications, system configuration settings, and add-ons to Windows such as Windows Shell extensions.
Parental Control: Windows Vista includes a range of parental controls. An administrator can apply parental control restrictions to other users on the computer.
Facilities include:

• Web content blocking, including the ability to limit web browsing to "kids websites", as well as blocking particular categories of content such as "Pornography", "Drugs", "Web e-mail", "Web chat", and so on. File downloads may also be disabled.

• Time limitations on when the account may be used.

• Restrictions on what kind of games may be played.

• Restrictions on what programs may be executed.

• Activity reports to monitor what was done under Parental Controls.

Digital Rights Management: Microsoft is introducing a number of Digital Rights Management and content-protection features in Windows Vista, to help digital content providers, corporations, and end-users protect their data from being copied.

• Protected User Mode Audio (PUMA)

• Protected Video Path - Output Protection Management (PVP-OPM)

• Protected Video Path - User-Accessible Bus (PVP-UAB)

• Rights Management Services (RMS)

Application isolation: Windows Vista introduces Mandatory Integrity Control to set integrity levels for processes. A low integrity process can not access the resources of a higher integrity process. This feature is being used to enforce application isolation, where applications in a medium integrity level, such as all applications running in the standard user context can not hook into system level processes which run in high integrity level, such as administrator mode applications but can hook onto lower integrity processes like Windows Internet Explorer 7.
Service hardening: Windows Service Hardening prevents Windows services from doing operations on file systems, registry or networks which they are not supposed to, thereby preventing entry of malware by piggybacking on system services. Services are now assigned a per-service Security identifier (SID), which allows controlling access to the service as per the access specified by the security identifier. Services can also use access control lists (ACL) to prevent external access to resources private to itself. Services in Windows Vista also run in a less privileged account such as Local Service or Network Service, instead of the System account. Services will also need explicit write permissions to write to resources, on a per-service basis. Only those resources which have to be modified by a service give it write access. So trying to modify any other resource fails. Services will also have pre-configured firewall policy, which gives it only as much privilege as is needed for it to function properly.
Network Access Protection: Network Access Protection, (NAP) which makes sure that computers connecting to a network or communicating over a network conform to a required level of system health, as has been set by the administrator of the network, has been upgraded significantly in Windows Vista. Depending on the policy set by the administrator, the computers which do not meet the requirements will either be warned and granted access or allowed a limited access to network resources or completely denied access. NAP can also optionally provide software updates to a non-compliant computer to upgrade itself to the level as required to access the network, using a Remediation Server. A conforming client is given a Health Certificate, which it then uses to access protected resources on the network.
Other Security Features:

• Windows Resource Protection: prevents "potentially damaging system configuration changes", by preventing change to system files and settings by any process other than Windows Installer. Also changes to registry by unauthorized software are blocked.

• Protected-Mode IE: Internet Explorer runs in a separate, low-privilege process, protecting the user from malicious content and security vulnerabilities, even in ActiveX controls.

• Windows Firewall: has been upgraded to support outbound packet filtering and full IPv6 support. A new MMC-based interface has been introduced which offers much more advanced control over the firewall.

• Session 0 Isolation: Previous versions of Windows ran System services in the same login session as the locally logged-in user (Session 0). In Windows Vista, Session 0 is now reserved for these services, and all interactive logins are done in other sessions. This is intended to help mitigate a class of exploits of the Windows message-passing system, known as Shatter attacks.

• Full support for the "NX" (No-Execute) feature of modern processors. This feature, present as NX (EVP) in AMD's AMD64 processors and as XD (EDB) in Intel's processors, can flag certain parts of memory as containing data instead of executable code, which prevents overflow errors from resulting in arbitrary code execution. This feature was introduced in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1.

• Address Space Layout Randomization (ASLR): to prevent Return-to-libc buffer overflow attacks.

• BitLocker Drive Encryption: Formerly known as "Secure Startup", this software utilizes a Trusted Platform Module (compliant with the 1.2 version of the TCG specifications) to improve PC security. It ensures that the PC running Windows Vista starts in a known-good state, and it also protects data from unauthorized access through full volume encryption. Data on the volume is encrypted with a Full Volume Encryption Key (FVEK), which is further encrypted with a Volume Master Key(VMK) and stored on the disk itself.

• Windows Vista can use Smart Cards or Smart Card/Password combo for user authentication.

• Windows Vista can use smart cards to store Encrypting File System (EFS) keys. This makes sure that encrypted files are accessible only as long as the smart card is physically available.

Internet Explorer 7: Internet Explorer 7 adds new security and privacy features. Also it comes with new features such as tabbed browsing, inline search, and shrink-to-fit printing.

Performance: Windows Vista comes with new features like Sleep, Windows SuperFetch, Windows ReadyBoost, and Windows ReadyDrive

User Interface Feature: Windows Vista has a user experience that can scale depending on hardware configuration.
Windows Vista Basic UI: All versions of Windows Vista, from Starter on up to Ultimate, can utilize the Windows Vista Basic UI, though it will not be the default unless your video card is incapable of displaying Windows Vista Standard or Windows Aero. Windows Vista Basic is based on the same interface technologies used by the Windows XP user interface, and it therefore suffers from the same instability issues that can sometimes afflict that system.
Windows Vista Standard UI: On Windows Vista Home Basic only, which is artificially limited for marketing purposes and does not include the beautiful Windows Aero UI, users will see a rare Vista UI option called Windows Vista Standard. This UI visually resembles Windows Aero, but offers none of the associated graphical effects, including translucency, Windows Flip 3D, and Live Taskbar Thumbnails. From a technological perspective, Windows Vista Standard provides only software-based rendering, so it offers none of the performance or stability benefits of Windows Aero.

Windows Vista Aero UI: Most Windows Vista users will simply get the Windows Aero user interface, which is the default on all Vista product editions (aside from Vista Starter and Home Basic). This UI offers the stunning glass-like effects you've seen in most Windows Vista screenshots, including the glass-like chrome on floating windows, the translucent Start Menu and taskbar, Windows Flip 3D, and Live Taskbar Thumbnails. And because Windows Aero takes advantage of your video card's GPU, it provides better performance and stability than does a software-based UI, which requires the PC's microprocessor to do all the work.
Aero is an environment with an additional level of visual sophistication, one that is even more responsive and manageable, providing a further level of clarity to Windows users.
Windows Classic UI: For corporations that don't want to retrain their users on the new Windows Vista UI types, Microsoft still provides a Windows Classic UI, that somewhat resembles the UI in Windows 2000. However, there are many differences due to some of the massive changes Microsoft made to Windows Explorer in this version. For this reason, it's going to take users a while to get used to the new system even when Windows Classic is enabled.
Windows Flip 3D: In addition to Windows Flip, Microsoft now supports a new 3D task switcher called Windows Flip 3D. This mode, which is enabled with the WINDOWS KEY + TAB keyboard shortcut, or via a new "Switch between windows" icon in the Quick Launch toolbar in the taskbar, puts task switching in a new dimension.
Windows Flip 3D requires Windows Aero.

32-bit & 64-bit: Virtually every Windows Vista product edition (with the exception of Starter) ships with both 32-bit (x86) and 64-bit (x64) versions on the same DVD. Microsoft expects the computer buying public to switch to x64 during Vista's lifetime. There will not be an Itanium version of Windows Vista.

Live Taskbar Thumbnail: When you mouse over a taskbar button, you'll see a thumbnail pop-up, showing you the window you'll see if you should click that button.
Live Taskbar Thumbnails require Windows Aero. If you are running a different user interface, you'll see tooltips when you mouse over taskbar buttons, as you do in previous Windows versions.

Kernel Patch Protection: The Kernel Patch Protection feature (also known as "Patchguard") on 64-bit versions of Vista that locks down the OS kernel has been criticized by computer security company McAfee who claim that since PatchGuard also prevents third-party security companies from getting inside the OS, they cannot activate crucial security measures in their software to protect the OS from intruders. Microsoft's argument is that this will keep miscreants out of the OS and prevent the incidence of attacks, and it is something for which customers have been asking. Security vendor Kaspersky Lab claims that it is not more difficult in Vista for anti-virus software to work, and that it would not make sense for Microsoft to stop working with security companies because it would make their system more vulnerable to attacks. Sophos adds that Microsoft does not need to open PatchGuard for third party developers, instead, they should use the APIs Microsoft supplies them.

Digital Rights Management: Another common criticism concerns the integration of new forms of Digital Rights Management into the operating system, specifically the introduction of the Protected Video Path (PVP). This architecture is designed such that "premium content" from HD-DVD or Blu-ray discs may mandate that the connections between PC components are encrypted. Devices such as graphic cards must be approved by Microsoft. Depending on what the content demands, the devices may not pass premium content over non-encrypted outputs, or they must artificially degrade the quality of the signal on such outputs or not display it all. There is also a revocation mechanism that allows Microsoft to disable drivers of compromised devices in end-user PCs over the Internet.

Hardware Requirements:
Windows Vista Capable PC: A new PC that carries the Windows Vista Capable PC logo can run Windows Vista.
A Windows Vista Capable PC includes at least:

• A modern processor (at least 800MHz¹).
• 512 MB of system memory.
• A graphics processor that is DirectX 9 capable.

Windows Vista Premium Ready PC: To get an even better Windows Vista experience, including the Windows Aero user experience, ask for a Windows Vista Capable PC that is designated Premium Ready, or exceeds the premium ready requirements.
A Windows Vista Premium Ready PC includes at least:

• 1 GHz 32-bit (x86) or 64-bit (x64) processor.
• 1 GB of system memory.
• Support for DirectX 9 graphics with a WDDM driver, 128 MB of graphics memory (minimum), Pixel Shader 2.0 and 32 bits per pixel.
• 40 GB of hard drive capacity with 15 GB free space.
• DVD-ROM Drive.
• Audio output capability.
• Internet access capability.

Longhorn Server: Currently codenamed Longhorn Server, will be called Windows Server 2008. It will definitely not be called Windows Vista Server. Longhorn Server was being developed concurrently with Windows Vista, but will ship in late 2007.