The Advantages of Running Applications on Windows Vista
Summary: Details improvements in the Windows operating system with the release of Windows Vista, and describes new features in security, performance, and reliability/management. (17 printed pages)
For the past several years, Microsoft has been moving toward the vision of software as a service, where applications are exposed through services that communicate via message-based protocols. One of the foundations for this goal is a managed runtime with tooling to rapidly build applications and services that interact using these protocols. The initial release of the .NET Framework in 2002 signaled the approach of this vision. The release of the .NET Framework 3.0 signals its arrival.
The .NET Framework 3.0 builds on the foundation of earlier framework versions by adding new capabilities around differentiated user experience, enterprise service-oriented communication, declarative business process modeling, and heterogeneous identity management.
At the same time, a new, powerful version of the Windows operating system has been under development. Windows Vista will be Microsoft's most compelling operating system release in over a decade. Windows Vista offers substantial new capabilities in security, performance, reliability, and manageability. It is also the first operating system released with the .NET Framework 3.0 in mind, and the first client operating system to include the .NET Framework 3.0 as a part of its own installation. With full knowledge of the .NET Framework 3.0, Windows Vista an ideal hosting platform for .NET applications, as well as non-.NET applications.
Some of the innovations offer direct enhancement opportunities for applications, such as the Windows Process Activation Service, Crypto Next Generation, and Application Recovery APIs. Other new features like User Account Control, the Mandatory Integrity Control infrastructure, and I/O Prioritization simply provide for a more secure, highly performing, reliable, and manageable environment for applications that run on Windows Vista. Whether the improvements are functional or environmental in nature, the bottom line is that running applications on Windows Vista presents a considerably richer, more secure, faster, and more manageable solution than running them on previous operating systems.
This paper examines the most relevant improvements in the Windows operating system with the release of Windows Vista, and offer a suite of compelling reasons to prefer Windows Vista over previous operating systems as a deployment platform for your applications. New features are divided into three categories: security, performance, and reliability/management.
The Security Development Lifecycle
Reputations are a tough thing to shake, particularly in the software industry. While Microsoft Windows has enjoyed great market share, particularly in the desktop OS space, their position in the industry has made them a target for hackers across the world. Years of attacks have exposed numerous holes in previously released operating systems, and ultimately fostered a reputation for being a less secure platform. Justified or not, the perception carries weight, and the leadership at Microsoft recognized the need to develop a new approach to security engineering that was built to withstand scrutiny across the Internet.
About four years ago, Bill Gates released the now famous Trustworthy Computing memo at Microsoft, signaling a dramatic shift in focus toward security, specifically in the way Microsoft builds software. Security has been infused into the entire software development lifecycle, and a secure development methodology emerged called the Security Development Lifecycle (SDL). Since 2003, this methodology has evolved and matured into a rigorous process that penetrates design, coding, testing, review, and response around all Microsoft products that live in the enterprise, handle sensitive information, or communicate with the Internet in any way.
The release of Windows Vista represents the first desktop operating system that embodies this significant shift in philosophy at Microsoft, as it is written entirely under the control of the SDL methodology. Although SDL has been retroactively applied to Windows XP via Service Pack 2, Windows Vista is built from end to end with security at the forefront of the project.
In Windows Vista, all components have been designed and thoroughly reviewed for security risks and mitigation. Microsoft assembled a Secure Windows Initiative Attack Team (SWIAT), which spent considerable time evaluating threat models, attack surfaces, and risk mitigation factors for Windows Vista. The team also checked Windows Vista for vulnerabilities that had been discovered in Windows XP, patching both operating systems at the same time when needed.
The development team used source code analysis tools throughout the development process, in order to find the types of classes of errors that might evade a typical compiler. They annotated all functions containing buffers. Additionally, they fuzz tested (a process of injecting random input data) any component that received un-trusted input. As a side note, many of the test tools that were internally developed to aid with the SDL process (such as FxCop) have now been made available to the public.
The role of SDL in the development of Windows Vista is clearly making it a more secure operating system, and beta testing thus far has shown it to be significantly more robust than previous operating systems during beta testing. When your applications interact with Vista, they interact with the most secure version of Windows that Microsoft has ever built.
Data Execution Protection Support
Along with the SDL enhancements, Windows Vista includes Data Execution Protection support, which allows you to "tag" portions of your data segment as *Do Not Execute*. Since hostile code often rears its head via instructions in the data segment, this support blocks that threat, making your code less vulnerable to these kinds of attacks. While also available in XP with Service Pack 2, it is enabled in Windows Vista out of the box, alleviating the potential additional setup requirements to take advantage of it.
The new User Account Control (UAC)
Typical PC users in today's world do a variety of tasks on their machines during any given day. While not all of the tasks would be deemed critical, many of them require administrative privileges on the local computer in order to execute. It's a well known security principle (Principle of Least Privilege) that applications should run at the least possible privilege level, in order to limit the harm that any malicious, or even well-intentioned but exploitable, application can achieve. However, many applications in use today were designed at a time when the industry as a whole was less security conscious, and thus are built to require full Administrator privilege to run. System administrators are forced to make some tough decisions about the privileges they allow for their users.
On one hand, they can let local users have administrator privileges, and hope they don't do something bad to their own machine. In a larger organization, it is inevitable that users will make some unapproved changes, and ultimately drive up the total cost of ownership. They must also hope that the users don't stumble into malware, which can do very bad things with their administrator privileges.
On the other hand, they can lock down the account, and not have the local users run as administrators. This keeps the computer safer, but can significantly limit the productivity of a typical user, as many of the applications they normally use will not work correctly without administrative privileges. Things like connecting to a wireless network may become an issue for non-administrators. Neither option is ideal. This is the specific problem space that User Account Control addresses.
The idea behind User Account Control is to have all users run as a standard user, but with the ability to intentionally elevate privileges temporarily if needed. UAC avoids surreptitious use of user credentials by malware, or even unintentional changes by the user. Reducing privileges ultimately reduces attack surfaces, and by allowing an explicit elevation of privileges, you can potentially get the best of both worlds.
Even administrators can (and should) run with reduced levels. The UAC's Administrator Approval Mode, which is the default configuration, will allow most applications to run in a standard user mode, even when the user is an administrator. When the administrator privileges are needed, the UAC prompts the user for consent. While this is an effective way to reduce the attack surface, it does not provide the same level of control or security as using a standard user account.
The real purpose of User Account Control is to separate the true Administrator-level tasks from the standard tasks, and apply the Principle of Least Privilege to the currently logged in user. It is a part of Microsoft's defense-in-depth strategy that provides multiple levels of protection in Windows Vista.
With UAC, standard users can now do a handful of tasks that were formerly limited to administrators, such as:
- Change the time zone and view the calendar and clock
- Connect to secured wireless networks
- Add printers and other devices (if the printer driver is already installed)
- Install approved ActiveX controls
- Install critical Windows updates
- Create and configure a VPN connection
Also, there are some basic UI modifications to visually indicate tasks that require elevated privileges. For example, since changing the system's date and time would require elevated privileges, the button is visually augmented by a shield icon:
Simple visual cues such as these will help users grasp this concept more quickly, and will add more clarity to solutions that are deployed to Windows Vista. Application developers can factor the design of their applications so that in normal usage, applications run at standard privilege level, and use UAC to request elevation only for the specific operations that require administrator privileges.
File System and Registry Virtualization
Another feature designed to let applications run at standard user privilege is File System and Registry Virtualization. The purpose of this feature is to allow legacy applications that request write access to protected resources to continue working under the new reduced privileges in Windows Vista. With this feature, when applications do not have sufficient privileges to write to protected areas of the File System and/or Registry, instead of failing, Windows creates a private copy of the resource, and writes to the private copy. This copy is stored under the user's local profile on the machine. Then, subsequent requests are routed to the private copy if a newer value has been written.
This provides an excellent workaround for applications that attempt to perform file and registry writes above their privilege level. Early testing with legacy applications has been promising. It is not a cure-all solution, as some developers may be tempted to continue to write applications that behave in a non-ideal way (after all, it still works). Also, file/registry writes that used to apply to all users will now only apply to the individual user. So, while it is not a miracle solution, it does provide an alternative to keep legacy applications working, even when they behave in ways that are not considered ideal.
Mandatory Integrity Control Infrastructure
Another strong security addition with Windows Vista is the Mandatory Integrity Control (MIC) Infrastructure, which assigns integrity levels to users and securable objects, allowing an additional security distinction beyond privilege level. When any resource reaches out to a securable object, the integrity level of the caller is compared to the integrity level of the object. If the caller's level is lower than the object's level, no writing or deleting is allowed. This check occurs prior to the Access Control List (ACL) checks, which are enforced normally, and in addition to the MIC limitations placed on the interaction. Even if the ACL policy would allow higher privileges, the MIC check will prohibit the action if the MIC integrity levels show that the caller is *lower* than the object. It is merely another layer of enforcement around the Principle of Least Privilege, and will better protect solutions deployed to the platform.
MIC defines four levels of Integrity: low, medium, high, and system. The default for most applications is medium. There are exceptions, though. For example, an application that is an email attachment is given an integrity level of low, as it came from an un-trusted source.
Another example of this is Internet Explorer 7 running in Internet Explorer Protection Mode (IEPM). IEPM is the way Mandatory Integrity Control manifests itself in Internet Explorer 7. The IEPM process and extensions run with low integrity, and have very limited write privileges. Also, all the IEPM process's written files are marked as low integrity. This is another layer of protection over any type of persisted malware. Since your desktop runs at medium integrity, shatter-style attacks (a privilege-escalation exploit based on code injection to different processes in the same session) will no longer work, as IE is unable to send messages to the higher integrity object. This protection is sometimes called User Interface Privilege Isolation (UIPI). The File System and Registry Virtualization allows some functionality in this case, re-routing some writes to isolated areas as described before.
Crypto Next Generation (CNG) Services
For developers wishing to create and exchange documents and other data in a secure fashion using Windows Vista, the Crypto Next Generation (CNG) services provide new power and flexibility for cryptography. CNG is highly flexible, enabling new algorithms to be added to Windows Vista for use in Secure Socket Layer/Transport Layer Security SSL/TLS and Internet Protocol Security IPSec. CNG will also include Elliptic Curve Cryptography, an emerging standard among cryptographic algorithms.
Windows Vista will also include a Base Smart Card Cryptographic Service Provider (Base CSP) in the platform. This will make smart cards more accessible, as vendors will no longer have to deal with writing complex CSPs. There will also be a smart card Key Storage Provider in the new CNG infrastructure.
The Windows Process Activation Service (WAS)
Windows Process Activation Service (WAS—note that the P is both silent and invisible) is a request-to-process broker that manages the routing and activation of requests to services/applications. An HTTP-only version of a listener was originally part of IIS with Windows Server 2003, as a way to take HTTP requests and spin up worker processes as needed to service the calls. That concept has been generalized to service additional request types and baked into the Vista platform as WAS.
WAS has support for health-monitoring and failure recycling, as well as poison-queues for messages that cannot be processed. By having an activation service in place, there is less need for custom activation services. This yields fewer high privilege services on a box, which ultimately reduces the attack surface on the machine.
WAS is not technically part of the .NET Framework 3.0, but it offers great flexibility to .NET applications by enabling you to use TCP, Named Pipe, and MSMQ activation in Windows Communication Foundation (WCF) Services. This is in addition to the HTTP activation that is available both on Windows Vista and previous operating systems. Your applications can only take advantage of WAS by deploying on Windows Vista. WAS is not supported on previous versions of Windows.
64-bit Security Features
Among the security features in Windows Vista, there are a couple of new items that are specific to 64-bit systems. Included in that list are some of the security enhancements around kernel patch protection and mandatory driver signing.
Of all the malicious software attacks, few are more dangerous than those that manipulate the kernel. These kinds of attacks can leave malicious software running unnoticed on a system, and then serve as a cloaking agent for bots and spyware. In addition to the obvious issues with this scenario, it can damage the stability and performance of the entire system, including every running program on the computer.
Because drivers have not traditionally been signed, it can be hard to deal with this issue. Microsoft is working with security vendors to come up with alternative solutions, but this is a difficult problem in the 32-bit space, due to both historical precedence and sheer number of vendors.
In the 64-bit space, however, the solution is more achievable. The historical precedence and number of vendors are both less than the 32-bit world, and this makes it much easier to enforce the more secure practices around drivers. With Windows Vista, the 64-bit world has two additional protections: Driver signing, and PatchGuard.
Driver signing allows users to identify driver vendors, and has been an available feature since Windows 2000. The idea has grown in popularity since then, but network administrators are hesitant to add group policies to block unsigned drivers, simply because there is such a large installed base of them in existence. Additionally, prior to Windows Vista, there was no kernel load-time check, allowing already-installed malicious kernel software to run amok on a system in most cases.
Windows Vista addresses this directly by requiring all kernel-mode drivers to be signed. Signing not only identifies the vendor, it maintains integrity on the code. This means that if a driver has been tampered with, it will not load. This feature greatly reduces the attack surface, by effectively freezing the bytes of all kernel-mode drivers once installed. Vendors are free to offer upgrades of the drivers, as long as they are properly re-signed.
A second benefit of driver signing stems from the ability to identify the vendor. When a driver causes a system crash, it is much easier for Microsoft to determine the responsible vendor, and help them resolve the issue. System administrators have a better view into the state of their machines, with the ability to inventory their drivers by vendor.
PatchGuard is Microsoft's kernel patch protection technology for 64-bit versions of Windows Vista. It is designed to prevent unauthorized and unsupported access to the kernel. It prohibits all software from performing unsupported patches. Although this has been met with some initial resistance from vendors, modifying the kernel was never an intended behavior, and Microsoft is committed to limiting access to it. Protecting the kernel from unsupported access (even well-intentioned access) greatly improves the security of Windows Vista.
Trusted Platform Module chips and BitLocker
In addition to all the previously mentioned security features of Windows Vista, there are a handful of items of note that don't really fall into a specific category, but are relevant to any security discussion around Windows Vista. One such item is the support for dedicated Trusted Platform Module (TPM) chips.
The technology that takes advantage of TPM chips is called BitLocker. BitLocker offers security for the information on your computer in the case of theft. TPM chips are smart chips that are soldered to the motherboard, and contain keys that are used to encrypt/decrypt data on the hard drives. Using the BitLocker technology, all the data on your hard drive is completely encrypted, and if someone steals the hard drive, they will still be left with the sizable task of decrypting the data before being able to use it. The TPM chip can be guarded with a PIN on boot, so that without the PIN, the TPM chip is unusable.
BitLocker technology works with TPM chips, but it also supports storage of keys on USB drives. This means that as long as you maintain possession of your USB drive, it doesn't matter who gets your hard drive, the data remains safely encrypted. The downside of using a USB drive is that if the drive is left in the computer, it is analogous to leaving a car unlocked with the keys inside.
The details of BitLocker and of TPM chips in general are available elsewhere, but the Windows Vista implementation has an install strategy, a recovery strategy, and a variety of options for key management. Its additional layer of protection is another way that Windows Vista offers more benefits for your applications than previous operating systems.
Windows Firewall with Advanced Security
One of the best ways to keep harmful code from accessing to your data is to keep them from getting into your machine at all. While this is not always possible, a well-configured firewall is a vital tool in protecting your machine from unwanted visitors.
Microsoft has learned many lessons about firewalls over the years. When Windows XP was approaching release, customer feedback was largely in favor of turning off the firewall by default, for fear of existing applications no longer working. Microsoft relented, but after living through a variety of worms, viruses, and Trojan horses, public opinion about firewalls has changed strongly.
With Windows Vista, the firewall is on by default, and includes both inbound and outbound filtering. One nice feature in the Windows Vista firewall is a restriction on operating system resources when they abruptly begin to behave in abnormal ways. This kind of behavior is almost always the sign of newly-arrived malware. There is also support to block peer-to-peer sharing or instant messaging applications, if needed.
Network Access Protection
Network administrators have an unenviable job at times. Among all their daily tasks of setting up and tearing down networks, administering systems, and sending out updates, they also have to deal with new machines showing up in the network that are not up to date. While it is not possible to completely control someone bringing a new machine into the office, Windows Vista provides a network access control system called Network Access Protection (NAP), which lets administrators ensure that only healthy machines can connect to the network (the term healthy refers to machines that have daily virus updates, enabled firewall, no malware, etc.). It also allows unhealthy machines to get updated before they gain access to the rest of the network.
The NAP client in Windows Vista makes this easy to enforce. Organizations can set requirements for machines to be updated, and move them to quarantined areas, or automatically update them if they are found to be out of date. It is also an extensible platform, with an API and infrastructure for policy enforcement. NAP will allow your applications to run in a more protected state on Windows Vista then they would on previous operating systems.
Optimized next generation user interface
One of the great new performance enhancements in Windows Vista is the support for the new Windows Display Driver Model (WDDM). WDDM is specifically optimized for next generation user interfaces. Previous operating systems have been based on code written for hardware that is long since outdated. In many cases today, the Graphics Processing Unit (GPU) sits idly by as business applications run without taking advantage of it.
WDDM treats the GPU as a scheduled resource, one that can be assigned prioritized rendering tasks; much like Windows prioritizes CPU time across multiple applications today. This GPU scheduling strongly improves performance and quality when multiple high end user interfaces are in use, and is a clear advantage over running the same code under the existing Windows XP display driver model. Because of the way WDDM uses the GPU, it also isolates the resources of one application from another, a requirement for protected high-definition (HD) content playback. Current Windows XP display drivers do not have such facilities, and are therefore limited in the types of HD content they can playback.
Another benefit that applies specifically to running Windows Presentation Foundation applications on Windows Vista is that WDDM has new APIs that enable developers to easily interact with the GPU, providing non-gaming applications with rich, user-friendly interfaces. This is not an option on Windows XP, where you are limited to traditional Win32 resources.
Driver stability in Windows Vista
One aspect of performance is stability, and drivers have traditionally had issues in this area. The display drivers in Windows XP are typically large and complex, and in some cases contribute to system instability. Because they execute in kernel mode, crashes almost always force a system reboot. Windows Vista addresses this issue in a couple of ways.
WDDM display drivers have two components: a streamlined kernel-mode driver (KMD), and a user-mode driver which actually does most of the heavy lifting. This protects the kernel by moving most of the executing code out of kernel mode. Moving the executing code to user mode significantly reduces the chances of a blue-screen during a driver failure.
Another issue with display drivers that WDDM addresses is driver hangs. Windows Vista provides fault-tolerance around display drivers, and is able to detect system hangs and restart the display driver again without having to reboot the system.
Finally, display drivers have been greatly simplified in the area of device driver interfaces. In Windows XP, drivers support a variety of device driver interfaces that have been introduced over the years. Windows Vista implements a single interface for new drivers, while ensuring that legacy drivers are recognized and can still function optimally.
Desktop Window Manager
In Windows XP and earlier operating systems, applications draw their graphics directly on the screen asynchronously, which occasionally leads to inconsistent displays. In order to eliminate some of the issues generated in this scenario, Windows Vista includes a Desktop Window Manager (DWM). The DWM is effectively a Direct-3D application that controls the display and update of windows on the desktop by aggregating screen content (sometimes called compositing), and then drawing it as a finished image on the user's display.
DWM brings two primary enhancements to Windows Vista, both enabled through WDDM. One of them is an overall improvement in quality, and the other is a signature user experience, called Windows Aero.
As mentioned earlier, Windows XP applications update the screen directly, and this happens asynchronously with respect to the monitor's refresh rate. Having multiple applications update the same screen in close proximity can result in the user seeing windows tearing, or occasional images that appear incorrectly or slowly. By drawing the entire image from one place, DWM eliminates both issues, giving a very high quality desktop experience. The user has a much leaner experience, and a more responsive system.
Windows Aero is Windows Vista's highest performing desktop experience. The DWM makes the experience possible, and requires a machine with appropriate graphics, including WDDM support, and one of the appropriate Windows Vista product editions. Aero features include Live taskbar thumbnails for running applications, DPI scaling, Windows Flip and Flip 3D, and the transparent glass design on the displayed windows on the desktop. Aero gives the user an outstanding user experience, putting a stylish effect on the UI of any application, and is particularly complimentary with Windows Presentation Foundation applications.
Operating System Tuning
In addition to the WDDM technology described above, Windows Vista has many other compelling performance features. There are a suite of operating system features that improve performance of the PC, including Sleep, Windows SuperFetch, Windows ReadyBoost, Windows ReadyDrive, and a few others. All of these features, while not necessarily directly interacting with, contribute to a significantly better user experience than on previous operating systems.
Sleep is a new power state with Windows Vista that takes the best aspects of Standby and Hibernate, and combines them. Sleep allows you to quickly and temporarily stop your computer, without going through a full shutdown, while still preserving your data. Resuming takes only a couple of seconds, and the one-click on and off experience conveniently reduces power consumption and helps protect your data. Sleep actually has distinct behavior on a desktop versus a laptop computer.
On Desktops, conserving battery life is not an issue. As such, when you enter Sleep mode, all your in-use documents, applications, and data are saved both to RAM (similar to Windows XP Standby) and to the hard disk (similar to Hibernate). The data saved to RAM is opened when the computer is resumed, and the data saved to hard disk is effectively a backup copy, just in case there is power loss.
On laptops, since battery life is often an issue, the documents, applications, and data are immediately saved to RAM only. As battery power begins to get low, data is quickly written to the hard disk to keep it safe. Using this technique, Windows Vista allows you to resume use of your computer very quickly, without compromising the safety of your in-use data.
Windows SuperFetch is an updated memory manager in Windows Vista that allows applications and files to load much more quickly than on Windows
SuperFetch marks a decided advantage over Windows XP's PreFetch, which took the files used by an application and grouped them close together on the hard disk. Grouping the files reduces access times when running the application. While PreFetch does provide performance improvement, SuperFetch is decidedly faster, and offers yet another reason to prefer Windows Vista over Windows XP as a destination for your applications.
One of the best ways to improve the performance of a machine is simply to add more memory to it. This may be ideal in theory, but upgrading memory is often an issue. You need to understand what type of memory your machine needs, and when you open your chassis to add the memory, it often invalidates your support agreement with the PC manufacturer. Windows Vista offers ReadyBoost, an alternative to merely adding more RAM to a system.
Windows ReadyBoost lets users insert a removable USB drive, and use the memory on the drive as a write-through cache for the machine. Because access to the flash memory on the USB drive is faster than access to a hard drive, your PC responds faster. When used with SuperFetch technology, the improvements in performance and system responsiveness can be significant.
Windows ReadyBoost is reliable, and will protect the data stored on your device by encrypting it. Also, removing the device at any time does not harm the system, although performance will return to the level it was prior to using the device. ReadyBoost is a compelling feature of Windows Vista, as Windows XP does not have an equivalent technology.
Windows ReadyDrive is a similar technology to Windows ReadyBoost, but it specifically targets mobile PCs with a new type of hard disk called a hybrid hard disk. Hybrid hard disks have integrated non-volatile flash memory in addition to the standard mechanical hard disk. ReadyDrive enables these machines to boot up faster, resume from hibernate in less time, preserve battery power, and improve hard disk reliability by taking advantage of the flash memory on the disk.
ReadyDrive initially writes your data to the flash memory, saving work for the mechanical hard disk, and saving battery life. The flash memory has faster data retrieval rates, which helps Windows Vista resume faster from Sleep. It also reduces the risk of hardware problems on the mechanical disk by reducing its overall usage.
Windows Desktop Search
Finding information on your computer has become increasingly complex in recent years. Traditional folder storage has some limitations, and users often find it challenging to keep the content well-ordered and easily located. Additionally, relating emails to documents has usually been limited to copying and pasting their contents into yet another document, and saving it in proximity to the original set of content.
Windows Vista expands on the concept of a directory system by exposing two distinct types of folders. Physical folders offer the traditional file organization, with the ability to manage physical location and lifetime of content. Search folders represent sets of query results, as aggregated views of the content on your computer. Search folders are logical rather than physical, so deleting a file in a Search folder does not physically delete the file. This new Search folder capability is the result of the Windows Desktop Search (WDS) technology in Windows Vista.
WDS is a desktop indexing platform that is integrated into Windows Vista to provide a single, unified mechanism to search and organize all the content on your computer. This enables users to move from a self-managed set of raw data to an organized, metadata-driven searchable set of content.
Search is integrated directly into Explorer, and is programmable via ADO.NET using the OLE-DB Provider. You can build queries to search over a variety of metadata properties, as well as extend the metadata to include custom properties. Of course, you can still search based on contents of documents as well. The extensible model offers a unique capability to query and retrieve related content, making your file system considerably friendlier to running applications that need to discover stored data.
Another interesting optimization in Windows Vista involves prioritization of the I/O requests to the disk. There have been a lot of great innovations in the performance optimization space for PCs in the last decade or so. Multithreading, memory enhancements, CPU cores, and such have all contributed to faster performance of PCs. However, one place where innovation has been neglected is in disk access prioritization.
The problem is that while processes and threads have priority levels, the I/O requests they make do not. As such, a lower priority thread could issue a series of I/O requests that effectively block I/O requests of higher priority tasks. Windows Vista addresses this by adding a series of I/O prioritization strategies, including hierarchical, idle, and bandwidth-preservation. Details of these strategies may be found elsewhere, and are beyond the scope of this paper. However, the bottom line is that responsiveness is considerably better for I/O-heavy applications running on Windows Vista.
Next Generation TCP/IP Stack
Windows Vista also has a completely rewritten its implementation of the TCP/IP protocol stack. The network stack used in Windows XP and Windows Server 2003 has been around for almost 15 years, and has been patched, updated, and enhanced numerous times along the way. Although the code is still functional, there are numerous well-known issues with it, and the new network stack is a welcome arrival to Windows.
The new features in the TCP/IP stack include a dual IP layer architecture for IPv6, replacing the single IP layer that existed in the earlier version. Also, the new stack includes some additional security and packet filtering APIs, easier kernel mode network programming, additional scaling support on multi-CPU machines, reconfiguration without restart, and a host of other features to numerous to enumerate in this paper, but clearly documented here.
The audio and video stacks have also been tuned in Windows Vista to address glitches (brief interruptions in playback). There are a variety of graphics-related initiatives that focus on this, including hardware "flip" buffering, which allows playback to get several frames ahead, then provides elasticity around delays. Although this has a slight latency effect and memory increase, the performance gain clearly outweighs the small cost. Other initiatives include dynamic feedback on the GPU and CPU, and the policy-based I/O prioritization mentioned previously in this paper.
System Performance Rating (WinSPR)
One final item of note with the performance enhancements of Windows Vista is the new Performance Center that helps manage and troubleshoot performance-related issues. When you perform advanced tasks, the hardware performance is very important. While most users don't understand the details around CPUs, memory, graphics cards, and such, Windows System Performance Rating (WinSPR) is a simple, numeric rating system that gives an overall measure of how your PC performs. This gives users an easy-to-understand bottom line of how well their machine can perform, and it gives software vendors a rating system to describe the bottom line hardware capability needed for their product to run well on a Windows Vista machine.
As you can see, there are numerous significant performance enhancements with Windows Vista, ranging from highly improved graphics, to much-needed task prioritizations and stack changes, to a whole suite of new tools to improve the user's experience on a daily basis. With all the new performance features, Windows Vista is an attractive target platform for your applications.
Improved imaging and deployment
Traditionally, any time you needed to deploy a new client operating system, it could be both complex and time-consuming. There was time spent evaluating compatibility with existing applications, user and machine policy decisions, security considerations, and determination of how to physically move the new images out to the machines. With Windows Vista, Microsoft has simplified these steps to help minimize cost around imaging and deployment. Two obvious improvements to the process include modularization and the Windows Imaging Format (WIM).
Modularization of the Windows Vista components means that they are separate but still inter-dependent. This makes it much easier to tailor Windows Vista, and simplifies the addition of optional components to the system.
WIM is an imaging format that is file-based rather than sector-based. Windows Vista provides a built-in imaging tool called ImageX, which builds images with the WIM format. Because it is hardware-independent, you can use one image to deploy to many different hardware configurations. It also lets you store multiple images in a single file, and mark images as bootable. With the images, you can service them offline, adding or deleting drivers and components without creating another image.
Both of these technologies (modularization and Windows Imaging Format) represent significant enhancements to deployment for Windows images. Together, they enable you reduce administrative and engineering costs considerably, and ease the historical pains around creation and deployment of new images to PCs.
Improved data integrity
Windows Vista also includes a built-in backup capability that makes shadow copies of files and folders daily. This is something that was available on the server with Windows Server 2003, but with Windows Vista, it is now available on client machines. In the event of an accidental change or deletion, you can merely revert to any previous version of the file or folder, restore from a previous version, or make a copy of a previous version. No server is needed as a repository. The backup option (called Previous Versions) is on by default, but you can turn it off using the System control panel.
Redesigned event logging infrastructure
The event logging infrastructure has been overhauled in Windows Vista, in an effort to give better visibility and control for the desktop environment. Event descriptions now contain more information to help identify the root cause of a problem. Tighter standards ensure that events are easier to understand and act upon. Event information in Windows Vista conforms to an XML schema, and the XML representing an event is accessible. You can even construct XML-based queries against the event logs.
There are other improvements with eventing as well. Many components that used to log information in text files with previous versions of Windows now add events to the event log. Event forwarding lets administrators centrally manage events from anywhere on the network. This helps both proactively identify problems, and correlate problems that span multiple machines in the network.
Finally, the Event Viewer itself has been rewritten, and has a completely new look and feel. It has a new Event Logs Summary, and allows users to create custom views, easily associate events with tasks, and remotely view logs from other machines. Views can be named and saved, to keep administrators from repeating the same filtering steps each time they want to revisit a previous view.
Redesigned reliability and performance monitors
Windows Vista offers great improvements around performance monitoring with the Windows Reliability and Performance Monitoring Snap-In. This replaces both the Windows XP Performance Monitor and System Monitor with a single dashboard for analyzing real-time performance data. New features include the ability to suggest groups of counters for analyzing different types of problems. It also automatically generates a diagnostic report that shows both the problem and the source of the problem. In Windows Vista, the Reliability and Performance Monitor's user interface is improved, allowing administrators to drill down to more detailed performance data. And there is better flexibility for performance analysis since scripts and applications can directly access capabilities of the Performance Monitor.
Asynchronous I/O cancellation
When applications freeze, it often leads to system reboots, and very frustrated users. Many times, the cause of a frozen application is a pending I/O request. When the source of the hang is driver-related, there is almost always a need to reboot the system. Windows Vista has enhanced the Windows I/O Manager with capabilities to cancel certain I/O requests, including create requests, specific I/O request packets (IRPs), and even synchronous IRPs from another thread. Driver writers and manufacturers can now greatly reduce the number of driver-related hangs in Windows Vista by honoring the I/O completion/cancellation guidelines discussed here.
Policy-based Quality of Service (QoS)
Modern software is becoming more and more distributed, and as distributed software permeates corporate environments, network traffic is rapidly rising. Given the issues around competition for bandwidth, some method of prioritization is needed. This is precisely what Quality of Service (QoS) addresses. Prior to Windows Vista, it was possible to get at QoS functionality through the Generic QoS (GQoS) API, but applications had to be written or modified to use this API for prioritization.
With Windows Vista, IT departments can apply QoS to their network traffic, prioritizing and managing send rates for any networking application, and can do so via policy rather than programmatically. With Vista, you can prioritize or manage the send rate based on the sending application, source or destination IP version addresses, protocol, and ports. This means that you can configure your more critical applications to get a larger slice of the bandwidth when needed, without having to disturb the binary image of the application. This is a distinct advantage over previous operating systems.
Improved power management
Windows Vista has also incorporated numerous changes to the power management infrastructure. This is largely in an effort to minimize power usage, maintain integrity and optimal behavior during sleep transition, and reliably respond to common power events. New features extend battery life in laptops and reduce desktop power consumption by enabling optimal energy-saving features by default. When laptop users close their machine lid, or when desktop users power off, they can be confident that applications, services, and drivers will not block the sleep transitions. Users can easily change these settings as desired. Developers writing software that interacts with power management should follow the best practices as outlined here.
Most users are familiar with the frustration of having to reboot their machine after application installations and/or updates. Windows Vista addresses this with a new feature called Restart Manager. Restart Manager knows which applications and services are using which files, and can coordinate saving the data, closing the specific application(s) or stopping the service(s), updating the file, and reopening/restarting the item. This can be done in most cases without having to reboot the machine. Restart manager works with Microsoft and Windows Update, the Microsoft Software Installer, and Microsoft Systems Management Server to detect which processes have updated files in use, and can manage the stop and restart while keeping the system itself online throughout the process.
When applications are written to take advantage of Restart Manager, they can be restarted and returned to the same place, and reloaded with the same data, as before the restart. If there is a requirement to reboot, Windows Vista effectively takes a snapshot of the state (what is running, and how it is displayed), then it updates, and performs a smart re-launch, and restores the running applications to the previous state and display.
Windows Vista also offers an interesting way to recover from application crashes, in the unfortunate event that they happen. You can register your application with Vista, and in the event of an application crash, your application can be restarted. In addition, you can have any data you are working with saved at specified intervals, so that if there is a crash, the lost data will be minimized. There are a handful of methods in the API to pull in settings, set callback points, and examine the state of recovery. The feature could prove highly valuable for those applications where extensive data entry is involved.
Transacted file system and registry
When working with databases, the justification for transactions is obvious. The idea of transacting file and registry access is less intuitive. However, anytime data is being manipulated, there is potential for transactional processing to occur. In Windows Vista, both the file system and the registry can be addressed in a transacted fashion, meaning data can be manipulated as a unit, and rolled back if necessary. This serves to protect the integrity of the information on disk and in the registry in the event of unexpected failure. It also makes your code easier to write and maintain, since you no longer have to provide compensating transactions when later events fail and force you to roll back changes. It is just one more innovative step in the advancement of the Windows operating system with Windows Vista.
Windows Vista offers a suite of powerful new features in delivering industry-leading technology. It presents new ways to share information, integrate it with other applications, and present it to users. New security features such as User Account Control, Mandatory Integrity Control Infrastructure, Crypto Next Generation, 64-bit driver signing and PatchGuard, and BitLocker make Windows Vista the most secure operating system Microsoft has ever built. Technical advances like Windows Display Driver Model, Desktop Window Manager, I/O Prioritization, and SuperFetch make it the best performing operating system Microsoft has ever released. And innovations like Windows Imaging Format/ImageX, I/O Cancellation, and Policy-based Quality-of-Service will make Windows Vista the most reliable and easily managed operating system Microsoft has ever shipped.
Windows Vista has also been designed and developed with full knowledge of the .NET Framework 3.0, and many of the enhancements such as the Windows Process Activation Service present specific benefits to .NET applications. The presence of the .NET Framework 3.0 with the operating system, combined with all of the new available features, make Windows Vista the preferred choice as a target hosting platform for both .NET and unmanaged applications.
- Trustworthy Computing at Microsoft Corporation
- Security Development Lifecycle (SDL)
- Fuzz Testing
- FxCop home page
- BitLocker and TPM chips
- I/O prioritization information
- The new TCP/IP Stack in Vista
- I/O completion and cancellation guidelines
- Power management best practices
- Jeremy Mazner's Blog
- Trustworthy Computing at Microsoft
- Windows Vista Security
- Windows Vista: User Account Control
- Windows Vista: User Account Control Overview
- Jerry Ham's Blog
- TechNet: First Look at New Security Features in Windows Vista
- Steve Riley's Blog
- Internet Explorer Blog on MSDN
- Patching Policy for x64-Based Systems
- BitLocker Drive Encryption: Executive Overview
- Graphics Hardware and Drivers for Windows Vista
- Windows Vista Display Driver Model
- James Senior's Blog
- Windows Vista: Performance Features
- The Windows Vista Developer Story: Search and Organize
- I/O Prioritization in Windows Vista
- The Cable Guy: Next Generation TCP/IP
- ImageX and WIM Image Format
- Windows Vista Deployment Features and Improvements
- Selected Scenarios for Maintaining Data Integrity with Windows Vista
- Windows Vista Management Features
- Windows Reliability and Performance Monitor
- Reducing Support Costs with Windows Vista
- I/O Completion/Cancellation Guidelines
- Quality of Service in Windows Server "Longhorn" and Windows Vista
- Application Power Management Best Practices for Windows Vista
- Vista Developer Center: Make It Reliable
Thanks to the following people for providing additional technical insight for this article: Jeremy Mazner, Thom Robbins, Steve Busby, Mark Smith, Ami Vora, Jon Flanders, Kent Tegels, and Jay Roxe.