Vista's User Account Control (UAC) marks the first time that Microsoft has attempted to create an operating system on which the user is supposed to run with limited local rights rather than with administrator credentials. 

Central administrators can dictate two UAC modes: Users can be denied the rights to administrative functions, such as installing software and changing system settings, or they can be warned in a secured interface whenever an administrative action is being initiated. 

Run in the latter mode, UAC generates enough warning messages that users will likely become inured to the messages' contents—likely clicking "yes," "yes," "yes" by rote. IT managers who figured out the ins and outs of LUA (Least User Privilege) on XP- or Windows 2000-based systems will likely not subject their users to this and will run UAC in the first mode described. 

We like the leap of thinking Microsoft has taken with UAC, acknowledging that users should not be running with administrative privileges 100 percent of the time. But UAC provides measures that diligent IT departments should have taken—and hopefully did take—long ago. 

BitLocker encrypts all the contents of the system drive—operating system and data files alike. (Available only on Enterprise and Ultimate versions of Vista.)

Ideally, the decryption key is stored on a chip on the motherboard, which automatically decrypts the hard drive upon boot. Administrators can configure BitLocker to require a user-entered PIN code as well, as an embedded key can prevent a data thief from performing an offline attack from another boot drive but not an online brute force attack once the drive is automatically loaded. 

Corporations that plan to use BitLocker need to plan for it from the Vista get-go: System hard drives need to be partitioned in such a way that the boot manager and boot images are stored on a partition separate from the rest of the operating system, applications and data files. Although it is possible to repartition the drive on an existing installation, the process is not straightforward. Also, administrators need to ensure that a computer's BIOS is Vista-ready, and that it has either an on-board TPM (Trusted Platform Management) chip or supports access to a USB stick under preboot conditions. 

Vista marks the first Windows operating system to provide an integrated two-way firewall, which we found to be satisfactory overall.

Vista comes bundled with the Windows Defender Anti-Spyware program. In previous tests, we've found Windows Defender to be an adequate solution for detecting, removing and preventing spyware, and that legacy continues in Vista. 

 

How User Account Control Works: From: Paul Thurrott's Supersite for Windows - WindowsITPro http://www.winsupersite.com/reviews/winvista_05b.asp "Reviled during the beta process, User Account Control (UAC, previously called User Account Protection, or UAP, and Limited User Account, or LUA) has proven to be one of Windows Vista's best features. Indeed, the fact that something very much like UAC has been available for some time in both Linux and Mac OS X is telling: This is user security at its most basic. UAC is about protecting users from themselves. In previous Windows versions, virtually all users set up administer-class user accounts for themselves, ensuring that they could make any change to the system they wanted, including installing applications, software updates, and drivers, modifying key system settings, and so. In fact, Windows users are so used to this level of control that most of them don't even understand how unsafe this is. In the UNIX world--a paradigm followed, again, by both Linux and Mac OS X--typical user accounts either don't have administrative privileges at all or are severely limited by default. Any time you need to make a change to these systems, you have to authenticate yourself to prove that you are in fact you. Typically, this happens via an authentication-type dialog where you provide the user name and password of an administrator-class account (or, in the UNIX world, the root account). In Windows Vista, Microsoft is finally adopting this approach. On a non-domain system, Windows Vista now provides exactly two types of user accounts: Administrator and Standard User (previously and perhaps more accurately called Limited User). By default, the first user account you configure on a Vista system (typically during Setup) is an Administrator-type account. Subsequent user accounts (typically configured by going into the User Accounts control panel) are flagged as Standard User accounts by default, though you can of course change that during the creation process. This doesn't sound so different from Windows XP until you realize that both administrators and standard users, as we'll call them, are both beholden to UAC. Anytime you need to make a change to the system, install an application, game, or non-critical security update, or perform any other task that might harm the PC, Windows Vista will blank the screen and display an authentication dialog that you have to deal with before moving on. The types of authentication dialogs you'll see, however, will differ depending on which type of user account is currently being used. Administrators will see what's called a consent, or approval, dialog. This dialog simply requires the user to click a Continue button in order to resume the requested task. Standard users, meanwhile, will receive a credentials dialog that forces them to enter the password for the one of the administrator-class accounts that's configured on the system. Regardless of the type of user account currently being used, you will see other UAC-related dialogs. When you attempt to run an unsigned application (as you will see sometimes when trying to install an application), for example, you'll see a bigger, more prominent UAC dialog warning you of the dangers of running applications with unknown origins. In use, UAC can be annoying, and while you can turn off this feature from within the User Accounts control panel, I advise you not to do so. UAC's predecessors on other systems prove the worth of this type of protection, and the truth is, you won't really see UAC rear its ugly head all that often once your applications are all installed and your system is fully configured. The occasional minor irritation is definitely worth the peace of mind: Thanks to UAC, spyware and other malware will have a harder time silently installing themselves on your PC. In managed environments, UAC can be configured to specifically block certain applications as well. This means that IT administrators can prevent users from running applications that are known to be dangerous, of course, but they can also filter out applications such that might be undesirable at work, such as instant messaging, file sharing, and digital media solutions."

 

Should I upgrade to VISTA?

Is it really needed?

Will it be another "Windows ME? (Bad choice in historical perspective)"

 

It's Quite Possible That Vista Is Going to Be Another Victim of Bad Timing
January 29, 2007 Source

With Microsoft's latest operating system barely out the door, it may seem a little presumptuous to talk about the next major upgrade for Vista. But the question that many IT organizations will be wrestling with over the next few months is whether it's worth it to embrace Vista today or wait for the future major upgrade that might be less than 18 to 24 months away. 

According to Microsoft CEO Steve Ballmer, Microsoft still has plenty of work to do in the operating system space, specifically around the areas of support for multicore processors, better TCP/IP integration, improved file system management, enhanced graphics and video, better systems management and greater enablement of software as a service. And perhaps most significantly, he's also promising customers that they won't have to wait another seven years between major upgrades of Windows. 

The question this brings up on a corporate level is whether Windows XP is good enough today for the vast majority of users and therefore whether they should skip Vista all together in anticipation of something better down the road that might, contrary to past Microsoft experience, come sooner than later. 

The primary corporate drivers for a Vista upgrade are lower operation costs thanks to better management tools, a more secure platform and increased productivity thanks to better search and visualization capabilities. But a lot of customers already rely on third-party applications that they have installed to lower operation costs and that provide more security. And while productivity is an interesting argument, it's one of those soft benefits that typically defy any hard return on investment analysis. Furthermore, killer applications that really take advantage of the visualization capabilities of Vista are most still a year away. 

In addition, the much anticipated Longhorn version of Windows Server is also likely to be a 2008 upgrade phenomenon for most companies, which begs the question about whether it's worth upgrading to Vista in the absence of the server upgrade that is really designed to drive the next generation of Windows clients. 

Furthermore, in addition to Ballmer's pledge to deliver the next-generation client operating system upgrade sooner than later, it seems probable that changing user application scenarios are going to push Microsoft to roll out the next-generation client operating system as fast as it can. 

Today according to Advanced Micro Devices, people are already on average keeping eight applications open on their systems at a time. And as video and audio become a bigger part of the typical user experience, demand for a more robust client that is really optimized for multicore processors and better integrated video and graphics is likely to bring a lot of pressure to bear on Microsoft's Vista upgrade timetables. 

In addition, Microsoft will have to start backing up a lot of its "Smart Client" verbiage sooner than later because as quad processors become common in server environments, the amount of intelligence that will be available on the server is going to make the client look comparatively stupid unless Microsoft can get the next-generation client platform out by early 2008. 

All of this may combine to essentially orphan the Vista offering that Microsoft is just now getting up a head of stream. No matter how you cut it, an operating system that was first conceived of five to seven years ago is not going to be in lock step with either the processing power that will be available in the next 12 months or user demands that are shifting more towards the PC being a delivery vehicle for multimedia than a platform for locally running applications. 

In this business, timing is everything and as much as Vista represents an improvement over Windows XP, you can't help but wonder if at least this version of Vista is going to be a victim of, well, bad timing. 

 

"The biggest problem I have run into with Vista is support for 3rd party hardware and software. I have been running it on a few machines for the past month or so and have had to purchase new versions of certain software and hardware so it would run. Not to mention that a lot of the software vendors that develop the products we use don't have any support or upgrades available yet so we can even run their apps. So previously used apps are left useless until the rest of the world plays catch up. At least with Windows 2000 and XP, they were designed around the old NT architecture that allowed older versions of software to still operate." Posted by Anonymous | January 29, 2007 1:05 PM Source

 

Experts: Don't buy Vista for the security
New Microsoft operating system is a leap forward in security, but few people familiar with it say the advances justify an upgrade. 

By Joris Evers Staff Writer, CNET News.com January 30, 2007 Source

Summary: "Windows Vista is a leap forward in terms of security, but few people who know the operating system say the advances are enough to justify an upgrade. 

Microsoft officially launched Vista for consumers Tuesday. The software giant promotes the new operating system as the most secure version of Windows yet. It's a drum Microsoft has been beating for some time." 

Now that Vista is finally here, pundits praise the security work Microsoft has done. However, most say that is no reason to dump a functioning PC running Windows XP with Service Pack 2 and shell out $200 to upgrade to Vista. 

"As long as XP users keep their updates current, there's generally no compelling reason to buy into the hype and purchase Vista right away," said David Milman, chief executive of Rescuecom, a computer repair and support company. "We suggest people wait until buying a new machine to get Vista, for economic and practical reasons." 

Most of the security enhancements touted in Windows Vista don't appear in the Home Premium and Basic editions. What is there is already available within windows XP with Service Pack 2 and security configuration set for strong security, using a Limited User Account. Skip the $200 upgrade unless you want the Ultimate Vista using Bitlocker which probably necessitates a system board upgrade to take advantage of firmware encryption at boot up.  User Comment 1: "Yesterday (2-19-2007), I upgrade-installed Windows Vista Ultimate Edition after I went out and spent $105.00 to buy a gigabyte of RAM to add to the 256 mb of RAM that was already on my computer. Microsoft told us that 1 gigabyte of RAM would be all we would need to run everything there is on even the Windows Vista Ultimate Edition. The install ran without any kind of hitch, and booted up ready for use finally without much out of the ordinary. THAT was when the "fun" began. Whatever security Windows Vista Ultimate Edition supposedly has was non-existant as far as I could see, and it did not even search for and install an update for Internet Explorer 7 that is necessary to protect it from an already-known security breach. I did not run any kind of a "custom" installation; just a simple no changes upgrade from Windows XP Service Pack 2. This upgrade was done on my home computer, so I had made sure that I had everything backed up; often in duplicate and triplicate. I do not as a rule turn any of the security settings off for any reason, but when Windows Vista Ultimate Edition was finally ready to run on my computer, all the Microsoft security stuff (like Windows Defender) that I had on my home computer while it had Windows XP Service Pack 2 were nowhere to be found. I did a full file search for them, but I could not find these security items. Even worse, when Windows Vista Ultimate Edition was fully running on my computer after the upgrade-install was fully completed, the video was too dark, and set to such a high resolution that things were hard to see. But when I opened the Control Panel, to make adjustments I was sure would rectify this, the display controller icon was missing, so I was not able to change the display settings at all. Now don't get me wrong. The graphics in Windows Vista are AWESOME! The home screen was an image of a beautiful lakeside setting, and it was crisp and clear. But I was never able to make adjustments to help me see things better, or to to make the video brighter. I have a program on my computer that requires lot of RAM to run right, or it runs SLOOOOWWWW. Even its makers state that this program requires a minimum of 256 megabytes of RAM to fully run, and my computer originally came with only 256 megabytes of RAM in it. When I added that gigabyte of RAM to my computer (It was still running Windows XP Service Pack 2 at the time), this program ran smooth as silk and very fast. But when I ran it on Windows Vista Ultimate Edition, it ran SLOOOWWW again. I realized from what I saw, that the graphics in Windows Vista Ultimate Edition (That Windows Aero I presume) was using so much of the RAM on my computer that there was less RAM left than the 256 megabytes needed for that program I am mentioning to run right. So, after all these hassles, I finally but reluctantly decided to put Windows XP Service Pack 2 back on my computer, and put off upgrading to Windows Vista for the time being. In retrospect, I conclude that Mr. Vamosi is right in all that he says. Despite all the hassles endured when you upgrade Windows XP to Service Pack 2, once this service pack is successfully installed, you have a huge amount, even the overwhelming majority, of what Windows Vista has to offer as the latest thing in computer operating systems. If you want such advances as Windows Media Player 11 and Internet Explorer 7, you don't have to buy a copy of Windows Vista to get these, you can download them from Microsoft, and install them as upgrades to the previous versions of these two programs that came with Windows XP. As far as the graphics are comcerned, you can't beat Windows Vista in this regard, but once you get past that, the rest of what Windows Vista has is not enough of a reason to get this operating system for your computer unless or until it is massively improved in all the other areas. If you have Windows XP Service Pack 2, and all of your updates are current, you ALREADY have most of what is in Windows Vista, except its unbeatable graphics." User Comment 2: "You don't have to be a genius to realise that (this time) Microsoft has got it completely wrong.In every way.I believe in giving my computer instructions,not the other way round. XP Pro SP2 is on my system until Microsoft decide to rewrite this appalling "program" OS. Bill Gates should be thoroughly ashamed of himself for allowing this so called OS to be marketed. I purchased Vista Ultimate 1 week ago (11 February) and it would not install until I was told to remove 2Gb of Crucial memory. After installation,finally,everything about it(vista)was sluggish,slow heavy on resources,no matter what I attempted to do. And for anything I attempted to do I had to ask permission !The ultimate insult!! It cost me £303 UK stirling ($590 US). Then there was the cost of a new hard drive as it would not uninstall or format.The cost of a new sound card as Creative Audigy is not compatible.The graphics card from ATI (AX700) is also incompatible as are their respective drivers. Mr Gates is quite correct when he says Windows OS is the most secure to date.EVEN THE OWNER CANNOT GAIN ACCESS. My own personal advice is.....Leave Vista alone.....don't touch it......yes,it's very pretty to look at but that is all. Vista should not have been allowed out of the door for at least another year." User Comment 3: "If you are like me and have a home system that is 5 years old and running XP you will be thrilled with Vista. The main reason is Windows Media Center. With Vista I will be streaming Hi-def live and recorded TV for free (sorry TiVo) to my XBOX 360 in another room. An expensive XP service pack...hardly. Great job MS." User Comment 4: "Gates should be paying people to use it."

 

Which version of VISTA to purchase?

The chart above and many other great comparison charts about Vista versions can be found at: http://www.winsupersite.com/reviews/winvista_02.asp

Get Vista Cheaper:
I just got Ultimate through http://www.ecost.com for $ 199.00. They also have Premium for $ 115.

 

Symantec: Vista UAC Is Still Too Chatty
1/12/07 By Matt Hines http://www.eweek.com/article2/0,1895,2082910,00.asp

In positioning itself to provide aftermarket applications for Microsoft's Vista operating system, anti-virus market leader Symantec is highlighting some shortcomings it believes to exist in the new platform's own security tools. 

Among the conclusions of a presentation delivered to the media during the week of Jan. 8 by Symantec Vice President of Engineering Rowan Trollope is the software maker's finding that the UAC (User Account Control) feature of Vista, a security innovation highly touted by Microsoft, remains unwieldy and confusing to users. 

UAC is designed to help Vista limit malware's ability to escalate an individual PC's user privileges, a common technique used by code writers to spread their viruses from one machine to another. 

Integrated with Vista's other onboard security technologies, the system is set to prompt users whenever a program attempts to change its status on their machines, thereby lowering the chances of hidden threats to operate on PCs running the OS. 

Symantec, based in Cupertino, Calif., contends that UAC is too disruptive and hard for common users to understand, as well as a potential new headache for corporate IT administrators. This echoes criticism leveled at the feature when Vista was still in the beta development phase during early 2006. 

Trollope said that the problems that remain with UAC—namely that it produces too many pop-up security warnings that use overly complex technical language—will give Symantec an opportunity to build products that help manage the system for Vista users. 

"What we've heard from our customers is that UAC is pretty noisy, that it comes up with a lot of messages for end users," said Trollope. "People generally don't have a lot of experience with it yet, but when we talk to anyone using the [Vista] betas, they tend to think it's somewhat onerous." 

Beyond hassling people too frequently, and potentially creating new help desk requests in the corporate setting, Trollope said UAC might be so difficult that it defeats its very purpose in protecting end users. 

"The danger with this is that if you are asking people these questions too often, and doing so in terms they may not understand, they tend to tune the feature out and turn it off," Trollope said. 

"We know people are doing this, and it presents a concern because you don't want a door lock that's left open because it's too hard to unlock." 

Unlike the controversy that raged between Symantec, rival McAfee and Microsoft over the level of kernel access the OS maker would grant its security partners in Vista 64-bit, the UAC issues are being positioned by Symantec as a business opportunity versus a fundamental flaw in the product. 

Symantec is pitching its ability to add an "extra layer of intelligence" to UAC in yet-to-be-developed security applications that it said will be developed in cooperation with Microsoft. 

Symantec's approach to the alleged Vista shortcoming may signal how the company will market its future products' abilities to augment Microsoft's platforms now that the OS giant has built its own security tools and is moving aggressively into Symantec's home turf. 

And rather than Microsoft taking a combative tone with Symantec, as it did in the early days of the kernel patch protection debate of 2006, the software giant's response to the UAC criticism appears to defer arguments over the limitations of the feature to avoid further in-fighting. 

"We believe UAC is a good solution to help limit the impact of malware attacks, installation of unauthorized software, and unapproved system changes by making it easier to use Windows without administrator privileges," said Stephen Toulouse, senior product manager with Microsoft's Security Technology Unit. 

"If the user decides they do not want to run UAC and they would rather run a third party solution that provides similar functionality, they do have the choice to disable it." 

One of the first people to highlight potential issues with UAC was Andrew Jaquith, analyst with Boston-based Yankee Group. In May 2006, Jaquith published a research report that suggested some enterprises might delay adoption of Vista until Microsoft had improved the feature. 

After the report was widely publicized, Microsoft officials pledged to tone down the frequency and complexity of the user prompts generated by UAC, but the analyst said that despite making improvements to the feature, it will be hard for some people to get used to the tool. 

"Microsoft has taken a lot of the early feedback to heart and made some very good improvements, but, any interruption to user experience, no matter how infrequent, is still something different than what most users are comfortable with," Jaquith said. 

"How much chatter is too much or too little won't be figured out for a while, UAC clearly needed to be improved, and Microsoft did that, but they will probably need to do more." 

Others industry watchers agreed that some users are complaining that Vista UAC remains too noisy, and observed that such issues will provide opportunities for companies like Symantec to market security applications that build on Vista features. 

And while Microsoft and Symantec will likely become even more heated rivals in the security space as they mature their respective products, it is important for users installing Vista to have the companies remain on good terms, said Natalie Lambert, analyst with Forrester Research, Cambridge, Mass. 

"Microsoft is going to push further into the security arena just as Symantec is going to push further into the desktop management space, but they need each other, at least for today," Lambert said. 

"Today Microsoft's security products are at a severe functional disadvantage, but Symantec's applications will always run on Microsoft's software; at the end of the day they will increasingly compete for the same dollars, but for now everyone has to play nicely." 

 

How to Upgrade to Vista?

Microsoft has already laid the groundwork for confusion over the release of Windows Vista, with their announcement that the new operating system will come in as many as six different versions. A few of these can be discounted for most users, such as the crippled Starter Edition designed for delivery to third-world markets, and the Enterprise Edition which will typically find itself in the big Fortune 500 office. This still leaves four different skus: Home Basic, Home Premium, Business, and Ultimate.

Home Basic is functionally equivalent to XP Home, and Home Premium adds Media Center features among others. Business is the equivalent of today's XP Pro, and Ultimate is the superset of all of them. So with four versions, how do upgrades work from XP Pro and XP Home? Microsoft has kindly produced a chart to sort everything out.

In short, users of XP Home can do an upgrade install to any of the four Vista versions. However, XP Pro users can only perform upgrade installs to Business or Ultimate. Windows 2000 and Windows XP Pro x64 users can do no upgrade installs at all, and must perform clean installs (either on a fresh hard drive or an empty hard drive partition) for any Vista version.

Note that the requirement for clean installs does not mean that the user is required to purchase a full version of the operating system. XP Pro, XP Pro x64 and Windows 2000 users will still be able to purchase the "upgrade edition" of any version of Vista. They just won't be able to upgrade with their existing files and settings in place.

Users of Windows versions prior to 2000 will not be eligible for the upgrade version of Vista and must both purchase a full version and do a clean install.


Vista Update Eligibility
You can upgrade from your current edition of Microsoft Windows XP or Windows 2000 (including Windows XP Professional, Windows XP Home, Windows XP Media Center, Windows XP Tablet PC, Windows XP Professional x64, Windows 2000) to a corresponding or better edition of Windows Vista by purchasing and installing this upgrade copy of Windows Vista. Depending on which edition of Windows you are running and the edition of Windows Vista you would like to install, you have two options for the installation process: You can upgrade in-place, which means you can install Windows Vista and retain your applications, files, and settings as they were in your previous edition of Windows or you can do a clean install. If you are currently using Windows 2000 Professional or Windows XP Professional x64, you are eligible for an upgrade copy to a corresponding or better edition of Windows Vista, but a clean install is required. For versions of Windows earlier than Windows 2000, upgrade copies are not available. These earlier versions of Windows require you to install a full copy of Windows Vista.


Vista activation process
http://www.microsoft.com/presspass/features/2006/oct06/10-04SoftwareProtection.mspx
Users of non-genuine Windows Vista software will be notified if their copy of Windows Vista is determined to be non-genuine with the appearance of a persistent statement in the lower right hand corner of their desktop space that reads, “This copy of Windows is not genuine.” 

Another important change with Windows Vista has to do with the activation process. As with Windows XP, Windows Vista systems must activate with Microsoft with a genuine product key within 30 days. Failure to do so will result in the system operating in reduced functionality mode until a genuine product key is used to activate and a successful validation occurs.

Today, many victims of counterfeit software have software running with stolen product keys that originally were issued to organizations or large businesses. These victims may find out long after they have purchased their PC and installed the operating system software that it is not genuine when they try to get add-ons through the Microsoft Download center, Windows Update or other Microsoft service. With Windows Vista, a user will likely know that they have an installation with an unauthorized key much more quickly. If the software is discovered to be counterfeit or non-genuine, the user may be asked to reactivate their copy of Windows. Product keys can be blocked for a number of reasons, including if the product key is abused, stolen, pirated or seized as a result of anti-piracy enforcement efforts. Product keys can also be blocked if they are beta or test keys and have been disabled, if there were manufacturing errors in the keys or if the keys have been returned. Microsoft has call centers that can aid customers who have questions if they are told they are using non-genuine software.

Q: Does “reduced functionality” mean Microsoft will turn off people’s PCs running non-genuine Windows Vista software?
A: No, Microsoft anti-piracy technologies cannot and will not turn off your computer. In alignment with our anti-piracy policies we have been continually improving the experience for our genuine customers, while restricting access to ongoing Windows capabilities for those who choose to use counterfeit software. Reduced functionality mode has been a part of the initial Windows XP product activation process for retail and OEM (original equipment manufacturer) installations since its launch, and, similarly, Windows Vista will have a reduced functionality mode but one that is enhanced. Reduced functionality mode in Windows Vista will allow the user to use the browser after the reduced functionality mode has begun. Reduced functionality mode can occur as a result of failed product activation or of that copy being identified as counterfeit or non-genuine. In most cases customers will be able to correct this situation quickly with the options provided.

Customers will be able to easily determine the status of their Windows Vista installations. In the System Properties panel of the Windows Vista Control Panel, Windows Vista will display the genuine status of the installed copy of Windows Vista. From there, and from any screen notifying users of a failed validation, a user will be able to obtain more information on why the copy of Windows is not genuine, as well as resources for getting a genuine copy.

http://www.microsoft.com/Windowsvista/

See great site of comparison  of Vista versions: Source