We've all heard the warning "Beware of what you read," and nowhere is this more applicable than in the IT media these days with the level of pundit distaste for Windows Vista. If you base your opinion about Vista's features solely on what you see in the media outlets, you'd quickly come to the conclusion that Vista has been an utter failure for Microsoft.
One of the biggest obstacles facing Microsoft's newest operating system is that most of its features are buried so deep under the covers that nobody sees them go "whiz-bang." In fact, much of what makes Vista compelling are features you don't see.
So, what are the potential business benefits of Windows Vista features?
Let these features shape your decision:
Enhanced kernel security and stability
Vista's enhanced kernel security is a perfect example of "remember what you asked for." Until the release of Windows Vista and, unlike virtually every other operating system on the planet, Windows notoriously chose the path of compatibility over security. With previous versions, Microsoft gave drivers and applications access to the core kernel itself, which made the development of such drivers easy, but at the expense of kernel security and stability. If you've ever hated a previous version because an installed driver caused a blue screen of death on a critical system, you understand why a change was desired.
With Vista, Microsoft elected to remove kernel access to non-kernel code, which significantly reduces --- and in many cases eliminates --- the ability for poorly written drivers and apps to crash the entire system. It also reduces the ability of malware to infiltrate deep into the OS. The unfortunate downside was that virtually every driver in existence had to be re-written to support the change. Thus, most early Vista adopters found their driver vendors hadn't caught up with the change and many drivers didn't function. While not Microsoft's problem, most vendors today are fully on board.
Internet Explorer Protected Mode (IEPM)
Internet Explorer Protected Mode leverages a secondary permissions system called Windows Integrity Control. This secondary system ensures that no matter how traditional NTFS permissions are set, data downloaded via Internet Explorer (IE) is stored in a special area of low "trust." The addition of IEPM to IE means that standard users and even administrators are significantly less capable of infecting their machines upon contact with malware. And fewer infections mean greater uptime and a lower cost of ownership.
A greatly improved firewall
The end result in many organizations upon the release of Windows XP Service Pack 2 was that many admins immediately disabled its Internet Connection Firewall. Far too complex to manage, the firewall was the laughing stock of the SP2 release. Vista enhances the firewall with management functionality that does not require an IT specialist to enable it. It adds Network Access Protection that insulates internal LANs from infected laptops walking in the front door and enables greater flexibility for on- and off-LAN firewalling arrangements. These added security capabilities go far in protecting your business assets and data.
User Account Control (UAC)
A brilliant idea on paper, User Account Control indeed elevates the security posture of environments where it is used. By separating administrator logins into "with-privilege" and "without-privilege" modes, UAC protects your administrator's desktop assets from their own actions. Microsoft may have shot itself in the foot with UAC's excessive prompts, but the company gave itself an out with a configuration called "quiet mode," which is a good security option for many environments. If you're taking a pass on Vista simply because of UAC, research its "quiet" implementation first.
Windows Vista comes equipped with a host of other point-feature improvements that, taken together, improve its utility in the business environment. But those updates are relatively minor when shown against its enhancements to core reliability and security.
While neither reliability nor security are features you can easily plug into an ROI calculator, they do bear relevance in the upgrade decision-making process. That bearing deals specifically with a reduced level of touch time per desktop. All things being equal, the capabilities noted above demonstrate that an individual Windows Vista desktop requires less IT attention post-deployment than an equivalent Windows XP desktop. Fewer incidences of malware infection mean greater data security. Higher kernel stability means fewer costly crashes. And, enhanced protection against the actions of users means a stable platform upon which to rest critical business applications.
About the author: Greg Shields, MVP, is a co-founder and IT guru with Concentrated Technology. He has nearly 15 years of IT architecture and enterprise administration experience. He is an IT trainer and speaker on such IT topics as Microsoft administration, systems management and monitoring, and virtualization. His recent book Windows Server 2008: What's New/What's Changed is available from SAPIEN Press.