Tool helps programs befriend Vista
Microsoft aims to help other software makers make sure their products don't stumble on new security features in Windows Vista.
The software maker has released a new tool for developers that checks if computer programs will work with User Account Control, Chris Corio, program manager for UAC, said Wednesday. The Vista feature runs a PC with fewer user privileges for security reasons.
"Test your applications and understand how they work on Vista," Corio said in a session at Microsoft's Windows Hardware Engineering Conference here. "Understand the difference UAC makes; it can be traumatic for you if you've never designed for the standard user."
Reducing user privileges is a major change for Windows. At an early point in the development of Vista, Microsoft found that more than 50 percent of the applications it runs to test compatibility wouldn't run with it, Corio said.
The new "Standard User Analyzer" tool should help make sure people get applications that work when Vista ships, he said.
Running Vista with fewer privileges should improve the security of Windows. Malicious code that makes its way onto a Vista PC won't be able to do as much damage as on a PC running in administrator mode, which is a typical setting for Windows XP.
With Windows computers around the world under repeated attack, Microsoft has made security one of its top priorities for Vista. As a result, the update will be less vulnerable than any prior Microsoft operating system, Mike Nash, the corporate vice president of Microsoft's Security Technology Unit, said in a session with reporters here.
Microsoft has looked at some 1,400 different threat models and hired penetration testers to try to break into systems running the next version of its flagship operating system, Nash said. Still, attacks will remain a fact of life, he said. "Windows will continue to be an area of interest among everyone," he said.
Some of the security woes can be solved by educating people about the importance of security messages delivered by Windows. But Microsoft says it knows that the biggest factor is how many of these messages people encounter. The goal is to reduce the number of alerts the operating system displays over time.
Changes are already visible in the latest Vista test release. In the February preview, nearly every action in the configuration panel required people to attain full privileges, indicated with a shield icon below the feature. In the Vista beta released this week, only a few actions need elevated privileges, Corio said.
UAC will be front and center in Vista. Another lower-level security feature is only gradually making its way into the operating system.
One requirement will appear first in the 64-bit edition of Vista. That version will require signed kernel mode drivers, which run hardware such as the hard disk drive and network interface card.
"This is how rootkits get into the OS," Nash said. "I think this will go a long way toward making it harder for people to write malware," or malicious software.
Customers will be able to switch on the requirement for signed drivers on 32-bit versions of Vista, Microsoft representatives said at WinHEC.
Historically many hardware products have shipped with device drivers that don't verify where they came from.
Other security features in Vista include protection against spyware and an improved firewall. It will also include a new version of Internet Explorer that will run in "protected mode" to prevent silent installs of malicious code, Microsoft has said.
Microsoft's Standard User Analyzer is available on Microsoft's Download Center Web site, Corio said. An earlier tool, called LUA Buglight, while also potentially useful for Vista developers, was really meant mostly for developers on Windows XP, he said.
CNET News.com's Joris Evers reported from Seattle, and Ina Fried reported from San Francisco.