Category Archives: vista

Microsoft’s Misunderstood Misunderstandings

Microsoft has revised its document describing Five Misunderstood features in Windows Vista.

I’m not going to analyse the revisions, as others have done that, though I will mention in passing that Adobe Acrobat’s Compare Documents feature does a nice job of showing the revisions:

 

However, I would like to highlight this comment to Steven Poole’s post, from Microsoft’s Brandon Paddock:

Those changes were made because the original article was written without the involvement of the engineering teams and so it contained a great deal of inaccuracy.

Quite a confession.

The trouble is, even fixing inaccuracies doesn’t rescue the document from its faulty presumption that Vista’s poor public image is all down to misunderstandings. That ain’t straight talking. That’s spin.

The irony is that some features of Vista are misunderstood – UAC especially. Here’s some real straight talking on the subject, from Marc Russinovitch:

The bottom line is that elevations were introduced as a convenience that encourages users who want to access administrative rights to run with standard user rights by default. Users wanting the guarantees of a security boundary can trade off convenience by using a standard user account for daily tasks and Fast User Switching (FUS) to a dedicated administrator account to perform administrative operations. On the other hand, users who want to forgo security in favor of convenience can disable UAC on a system in the User Accounts dialog in the Control Panel, but should be aware that this also disables Protected Mode for Internet Explorer.

Perfect.

Technorati tags: , , , ,

Microsoft wants to end the Windows release circus?

I’ve just received a press release summarizing what Microsoft is willing to say about Windows 7. Perhaps the most interesting comment is this one:

  • Microsoft’s goal looking forward is to focus on building Optimized Desktop infrastructures including an OS versus single point-in-time OS releases.

That sounds sensible. It also suggests that Microsoft is beginning to treat its client OS as mature, at least when it comes to the kernel and core. The problem with big OS releases, as we saw with Vista, is getting the drivers lined up and working properly. Treating OS upgrades more casually is fine as long as the drivers continue to work.

What else? Here are a few more snippets:

  • Windows 7 will ship around January 2010. Actually, the release says “approximately three years after the general availability of Windows Vista (January 30, 2007)”. Of course January is a terrible month to release a new OS; Vista ended up there by mistake. More likely is September 2009 (optimistic) or say  June 2010 (realistic).
  • Windows 7 will be available in both 32 and 64-bit.
  • Microsoft “will be baking touch right into the OS …the user interface is designed to make touch a natural part of the user experience – even on the smallest laptops.”
  • The goal with Windows 7 is that it will run on the same hardware as Windows Vista and that the applications and devices that work with Windows Vista will also be compatible with Windows 7.

News: Steven Sinofsky says nothing about Windows 7

I feel for CNET’s Inet Fried, who got an interview with Microsoft’s Steven Sinofsky to talk about Windows 7, but got nothing of substance out of him, even though he is the right person to ask. I quite enjoyed this bit of circumlocution though. Sinofsky is talking about how Microsoft “re-plumbed” the graphics in Vista:

The team worked super hard with the partners in graphics to really do a great job, but the schedule challenges that we had, and the information disclosure weren’t consistent with the realities of the project, which made it all a much trickier end point when we got to the general availability in January.

Who are the “partners in graphics”? Sinofsky is talking about third-party vendors of graphics cards, mostly ATI, NVIDIA and Intel. What is the relevance of “information disclosure”? Sinofsky is talking about how the information delivered by Microsoft to these vendors was insufficiently accurate, complete or consistent for them to create robust drivers in time. What is a “trickier end point”? Well, problems like this driver error I guess – an earlier post which has just clocked up its 244th comment.

So now we are getting a few confessions about Vista, but that does not tell us much about Windows 7; except that there will be less re-plumbing and more high-level changes. Maybe.

If you are still curious about Windows 7, there are always the rumours about Ribbon, Jewel, and the new “markup based UI and a small, high performance, native code runtime” to chew on.

WinFS reborn: SQL Server as a file system

Fascinating interview with Quentin Clark, who led the cancelled WinFS project at Microsoft. Jon Udell is the interviewer.

Clark talks about how technology from WinFS is now emerging as the Entity Framework in ADO.NET (part of .NET 3.5 SP1) and the FileStream column type in SQL Server 2008 – a connection I’d already made at the Barcelona TechEd last year. He also mentions the new HierarchyID column type that enables fast querying of paths, the concept of rows which contain other rows. He adds that a future version of SQL Server will support the Win32 API so that it can support a file system:

In the next release we anticipate putting those two things together, the filesystem piece and the hierarchical ID piece, into a supported namespace. So you’ll be able to type //machinename/sharename, up pops an Explorer window, drag and drop a file into it, go back to the database, type SELECT *, and suddenly a record appears.

Put that together with the work Microsoft is doing on synchronization, and you get offline capability too – something more robust than offline files in Vista. Clark says SharePoint will also benefit from SQL Server’s file system features.

Note that Live Mesh does some of this too. I guess SQL Server is there in the Live Mesh back end, but it strikes me Microsoft is at risk of developing too many ways to do the same thing.

The piece of WinFS that shows no sign of returning is the shared data platform, which was meant to enable applications to share data:

… all that stuff is gone. The schemas, and a layer that we internally referred to as base, which was about the enforcement of the schemas, all that stuff we’ve put on the shelf. Because we didn’t need it.

Misunderstanding Vista

Microsoft has posted a 9-page document on Five Misunderstood Features in Windows Vista. Apparently these “cause confusion and slow Windows Vista adoption for many folks.” Here they are:

  1. User Account Control
  2. Image Management
  3. Display Driver Model
  4. Windows Search
  5. 64 bit architecture

I thought I did understand User Account Control, but now I’m not so sure. I understand the long-term goal of UAC, which is to move Windows to the position enjoyed by Unix-like operating systems, where users run with limited rights. Fixing this means fixing applications that require local administrator rights; but making third-party app vendors change their practice is hard. UAC takes a multi-pronged approach. It makes it safer to run as local administrator; it makes it possible to run some applications that used to require admin rights without really having those rights; and it is sufficiently annoying that app vendors will feel under some pressure to fix their next release.

This statement caused me to pause:

Enterprises should not run as default in Protected Admin mode, because there are really no benefits—only the pain of prompts. Instead, strive to move users to a Standard User profile.

The highlighting is mine. If there are no benefits, it seems odd that most Vista installations I see are set up in this way. I realise that in this context UAC is not a security boundary. Nevertheless, I figure there are some benefits, in that the user is running most of the time with standard user credentials. If there are no benefits … why does the feature exist?

I’m not sure the Image Management is “widely misunderstood”; it mostly matters only to network administrators whose business it is to understand it. Windows Display Driver Model … again, not sure; I think it is Desktop composition which is misunderstood; people dismiss this as eye-candy, when in fact it “fundamentally changes the way applications display pixels on the screen”, as the referenced article explains.

Windows Search is an interesting one. I think it is misunderstood, but not in the way explained by this new paper. People have questions like, “why does it not index all my files?”

What about performance? In my view, this is far and away the primary problem users have with Vista. It is not in any sense a misunderstanding, however Microsoft spins it. It is bewilderment: why does my new machine, which should be fast, spend so much time spinning its little bagel when I want to get on with my work?

Here’s what this document says:

We’ve heard some of you say that Windows Vista runs slower than Windows XP on a given PC. So what‘s really happening here? First, we need to avoid comparing apples to oranges – Windows Vista is doing a lot more than Windows XP, and it requires resources to conduct these tasks.

It goes on to say that:

On machines configured with the appropriate specifications for their operating system, the speed of most operations and tasks between Windows Vista and Windows XP is virtually on parity. Which is pretty remarkable when you consider one key thing Windows Vista is doing that Windows XP isn’t: indexing for near instantaneous search results for desktop files, even embedded in email messages. The result is users can find information significantly faster (measured in minutes), increasing productivity far in excess of the loss in speed of operations (measured in milliseconds).

Microsoft is off-target here, despite the sleight of hand about “appropriate specifications”. First, search can be a big drain on performance; sorry, not just a few milliseconds. Second, Vista can be dramatically slower than XP, often thanks to poor configuration by OEMs. See Ed Bott’s discussion about fixing a Sony laptop.

There’s recently been discussion about Windows Server 2008, which performs very well, versus Vista, which tends to perform badly. It’s all to do with configuration and disabling unnecessary processes. This is the core of Vista’s problems, not a series of “misunderstandings”.

Update: the document is no longer online. Perhaps it will reappear with amendments?

Further postscript: The Guardian has posted the document here.

Is Vista more prone to malware than Windows 2000?

So says the research department of PC Tools, apparently.

I was intrigued as I’ve investigated security in Vista. I went along to the PC Tools site in search of more information. Unfortunately there is no relevant press release in the news section or other details. I did find an article on ars technica that asks the questions I wanted to ask, but no answers.

I also registered on the site as press in search of further information, and received my username and password back as a plain text email. Remarkable, for a security company.

I don’t mean to be cynical; I really am interested, but frankly stories like this are worthless without more information. I blogged three years ago about exaggerated claims made by a security company. These companies are unlikely to put out releases saying that we no longer need their products.

My question to these security folk: given that most PC users (that I see) have been scared into using their products, why have we not seen a corresponding reduction in malware infections? It is as if the industry is glad to brag about the failure of its products.

Technorati tags: , , ,

Napster crashed my PC

Oh dear. I’m writing an article on DRM and was trying out Napster. The way this works begins with installation of the Napster application. I ran setup on my Vista Business machine, and got a blue screen. Undeterred, I restarted and ran setup again. This appeared to work, although the PC demanded a restart and took ages to shut down. Unfortunately, when it did eventually restart, something was not right. I could log on, and the desktop appeared, but I could do nothing more than move the mouse pointer; even Ctrl-Alt-Delete could not pull up its menu. Solution: restart in safe mode, remove Napster, restart. All fine now.

I’m sure I was just unlucky; but it’s a nice illustration of why Apple owns this market – though iTunes can be problematic too.

Technorati tags: , , , ,

Buying a Microsoft code-signing certificate from Thawte? Don’t use Vista.

Here’s the problem. You go along to http://www.thawte.com and ask to buy a Microsoft authenticode certificate. It’s the right thing to do; signing code is increasingly important in these days of Internet delivery of applications; and unsigned code presents the user with dire warnings that may unnerve them.

So you go to buy a certificate. The way this works is in two stages. When you apply for the certificate, you are issued with a new private key, but not the certificate itself. Thawte then does its due diligence and checks out that you really do represent the organization for which you are requesting a certificate. Finally, you can go back and download the certificate and get on with signing your apps.

This process works differently on Vista than on XP. I got this wrong when I first tried it, because it is not obvious. To begin with, you have to relax IE’s security for the thawte site – ironic, for a security operation – and make sure it is not running in protected mode. Next, the first page of the application is a big form that has the details of the organization, how you are going to pay, and so on. If you complete this on Vista, and click Submit, you get a message saying “This web site is requesting a new certificate on your behalf”:

 

You complete the application, sit back and wait. A few days later you get an email saying your certificate is ready for download. You download it; it is a file called something like mycert.spc. You can right-click and choose Install Certificate, to place it in the Windows certificate store. You can even sign code with it. Just open a Visual Studio command prompt, type:

signtool signwizard

and off you go. You can select the new certificate from your certificate store, timestamp the code (recommended), and you’re done.

So what’s the problem? Well, what if you want to sign code on a different machine than the one on which you applied for the certificate? And what if you want to back up your certificate?

Did you realise when you made the purchase that you were irretrievably hooking the certificate to the actual Vista installation which you were using for the transaction?

It is all to do with the private key. To sign code, you need the private key, which was installed into your certificate store when that first page of the application was submitted. Unfortunately it cannot be exported; it is marked as non-exportable, which means the Export feature of Vista’s Certificate Manager will not allow the private key to be exported. Thawte cannot re-issue the private key; the only solution I know of is to get the entire certificate revoked reissued (fortunately this is a free service).

This problem does not occur on Windows XP. Here is the evidence. The screenshot below shows part of the application form on Vista:

Now, here is the same part of the form on Windows XP (still IE7):

Spot the difference? An additional section appears in XP, which lets you specify where to save your private key as a file with a .pvk extension. On Vista, you don’t get that choice and you don’t get a .pvk file. Once you have both the .pvk and the .spc files, you can backup or move the certificate wherever you want, with full signing capability. You can import the the certificate plus private key into your certificate store using this tool:

http://www.microsoft.com/downloads/details.aspx?FamilyID=F9992C94-B129-46BC-B240-414BDFF679A7&displaylang=EN

which is billed as a tool for Office 2000, but works fine for this purpose.

Now, I guess this is a security feature. If you have these private key files hanging around, they are easier to steal than if they are locked into your certificate store and marked non-exportable. Fair enough, but I’d rather make that decision for myself, than have it imposed by an obscure installation process.

Vista SP1 vs Server 2008 as a desktop OS: more comparisons

I’ve been intrigued by reports that Server 2008, suitably configured, makes a better desktop OS than Windows Vista. In my previous post on the subject, I reported some observations by others, suggesting that Server 2008 performs better than Vista with Service Pack 1, even though it is meant to have the same core components. I though it was time I took a look myself.

I have some free space on my usual desktop box, so I created two new partitions and installed Vista 32-bit with Service Pack 1 on the first, and Server 2008 32-bit on the other.

Aside: Both installs were smooth. The integrated Vista SP1 install works nicely, and few updates were required after the first boot. It is remarkable how much more pleasant it is to install Vista from scratch, instead of dealing with an OEM pre-install. Surely it should be the other way round?

I tried to make both installs usable desktops. On both operating systems, I installed the driver for my Terratec soundcard, along with Intel’s .INF installer for the motherboard, Management Engine Interface, and storage driver. I also installed a recent NVidia driver. The result was that all devices were enabled in device manager.

On Server 2008 I also installed the Desktop Experience and .NET Framework 3.0. I enabled the network, the audio engine, the Themes service, Windows Update, and Aero graphics. I created a new user account and logged in as that user, so that UAC (User Account Control) was active. I set it to optimize performance for programs rather than background services.

Next I ran the PassMark performance tests I’ve used before. Advantage Server 08 – but not by much. It scored 1118.3 vs Vista’s 1102.3. I doubt this is significant; there is also small variation between different runs, which could account for a difference like this.

Looking at the detailed results shows something intriguing though. On the Graphics 2D GUI test, which exercises Windows controls like listboxes, checkboxes and dropdowns, Server 2008 scored 149.8 operations per second, vs 119.2 on Vista – more than 25% faster. I hesitate to attach much significance to my simple tests, but that might account for a snappier feel in the user interface. I repeated this particular test several times; Vista never scored higher than 123, and Server 2008 was consistent too.

There was also a notable difference in the “Memory – Large RAM” test. Vista 32-bit performed 802 operations per second, Server 08 1074: just over 33% faster.

On most tests, Vista was slightly slower, though on the disk tests it was fractionally faster. There were no other differences as big as the above.

I thought it would be interested to compare the list of running services on the two machines, after the changes mentioned above. Here are the services I spotted running on Vista but not Server 2008:

  • Computer Browser
  • Offline Files
  • Portable Device Enumerator
  • Program Compatibility Assistant
  • ReadyBoost
  • Security Center
  • SSDP Discovery
  • Superfetch
  • UPNP Device Host
  • Windows Connect
  • Windows Image Acquisition
  • Windows Search

and on Server 2008 but not Vista:

  • Remote registry
  • SL UI Notification
  • Windows Remote Management

So how would it be if Vista did not have the burden of these additional services? I stopped them. Result: no significant difference; the overall score was 1102.

Tentative conclusions

Benchmarks are not always a good measure of real-world performance. There are aspects of performance which the benchmark does not measure. In addition, some of the perceived advantage of Server 2008 is likely to be the effect of a new clean installation – never forget Windows Cruft.

Even so, on my particular system (Intel board, Core 2 Quad Q6600 CPU, NVidia 6800 graphics) Server 2008 does measure better. I’m particularly intrigued by the Graphics 2D GUI results. I do not know why Server 2008 is faster; but look forward to the same improvement appearing in desktop Windows in due course.

Update – 2D performance difference solved

I’ve worked out the reason for the difference in Graphics 2D GUI performance. It is because Server 2008 defaults to different settings for visual effects. You can see these by right-clicking Computer in the Start menu, choosing Properties, Advanced System Settings, Advanced tab, Settings, Performance options. I am sure there are other routes to the same dialog, some of which may be less arduous.

If I set these to Adjust for Best Performance on both systems, Vista actually goes ahead of Server 2008, with a score of 180 vs 172 on Graphics 2D GUI. That’s not much to worry about.

I’m satisfied that the performance differences between Server 2008 and Vista are mainly about configuration, rather than core components. If you want to speed up your own desktop, these settings are a good candidate for experimentation.

Technorati tags: , ,