Allchin: Buy Vista for the security

Windows chief Jim Allchin says stronger defenses are a key selling point for Microsoft's new OS.

If new features won't get you to upgrade to Vista, security enhancements should, Windows chief Jim Allchin has urged.

Microsoft has already touted the bells and whistles it is putting into Windows Vista, the operating system successor to XP that's due out by the end of the year. There will be flashy new graphics, a spiffed-up user interface and advanced search features. Other changes include improved touch-screen support and a Windows sidebar that can display all kinds of information such as upcoming appointments, just-in e-mail messages and a clock.

But if none of that strikes your fancy, Vista will still be worth getting, thanks to its better defenses against phishing attacks, spyware and other malicious code, Allchin said.

"Safety and security is the overriding feature that most people will want to have Windows Vista for," the co-president of Microsoft's platform, products and services division said in an interview with CNET "Even if they are not into home entertainment or in any of the specialty areas, they are just going to feel safer and more secure by using it."

"Safety and security is the overriding feature that most people will want to have Windows Vista for."
--Jim Allchin, group vice president, Microsoft

That said, Allchin maintained there are plenty of new things to try out in Vista, pointing to a chart filled with added features. In particular, he demonstrated a collaboration tool that uses a "People Near Me" feature, which searches over a Wi-Fi connection for other Vista users nearby and then sets up a peer-to-peer network with them. The tool is meant mostly to enable laptop users to share applications and files, among other things.

During the meeting, Microsoft also showed off new parental controls in Vista. These not only limit which Web sites can be visited, but log activity and restrict when and for how long children can be online.

All of these features shipped in the latest preview version of Vista, which Microsoft released in December. "There are literally thousands of features in this product," Allchin said.

But one of the features Microsoft wanted to include was a bit too much for some of its beta testers, the software maker found. It is reversing its plan to add virtual folders that contain all the files that match specific criteria, such as "created by Michelle" or "images," no matter where they are on the PC. Originally, Microsoft wanted virtual folders to replace standard views, which show the physical location of files on a hard disk drive, but it has backpedaled on that decision.

In the next preliminary Vista release, due in the next couple of months, virtual folders will be in the background. "The default view will be the physical storage space, and then you can create virtual folders on top of it," Allchin said. That should make it easier for people to migrate from Windows XP, he added.

The software maker had already scaled back on planned features for Vista, leaving some out so it could meet a ship date in 2006 for the update.

On the security front, Allchin said that Vista should be a significant leap forward, just as Service Pack 2 was a big improvement on the original Windows XP.

A standard Windows XP computer can get hacked the moment it is connected to the Internet, Allchin said. Service Pack 2 significantly increased security, in large part thanks to automatic security updates and a firewall that is enabled by default. Vista will go much further in protecting consumers, he said.

"If we ever find something trying to open a port that the developer said it should not be opening, it is immediately shut down."

Microsoft is following updated development practices to prevent security bugs and is using new approaches to analyze source code, Allchin said. Additionally, the innards of the operating system are being designed to ward off attacks. "We have put features into the product to double-check itself," he said.

As an example of double-checking, Allchin said Microsoft has marked the OS services to know what network ports they should open and what OS functions they should call. Then, another part of the OS verifies the process. "If we ever find something trying to open a port that the developer said it should not be opening, it is immediately shut down," he said.

Additionally, Vista aims to offer improved security by letting people run their PC with fewer privileges, which control how a particular person can interact with the software. In Windows XP most users have "administrator" privileges, which could be abused by malicious software to install itself on a computer. In Windows Vista, the default will likely be "protected administrator," a new privilege level that Microsoft is introducing with Vista, Allchin said.

If the system is set to protected administrator, people will have to change it to full administrator level to perform certain tasks, such as installing an application. The operating system will warn the person when full privileges are needed.

In the upcoming Vista preview, any action that requires full privileges will be displayed with a shield around it, Allchin said.

Vista will also offer a "standard user" mode, which has the fewest privileges. The standard user mode has been improved from Windows XP--people won't have to call IT to change their PC clock, for instance--but it won't allow a user to install applications, for example. Businesses will probably have software users run in this least-privileged mode, Allchin said.

Featured Video