News Stay informed about the latest enterprise technology news and product updates.

Are Windows Vista's features silencing critics?

Several of Windows Vista's features make it a strong enterprise operating system. Find out how these features can improve IT security and manageability in your organization.

We've all heard the warning "Beware of what you read," and nowhere is this more applicable than in the IT media these days with the level of pundit distaste for Windows Vista. If you base your opinion about Vista's features solely on what you see in the media outlets, you'd quickly come to the conclusion that Vista has been an utter failure for Microsoft.

Desktop management tips from
Sign up for our additional editions of's Desktop Management Adviser to learn more about desktop management, security and virtualization.
As of earlier this summer, however, Microsoft had sold more than 60 million copies of Vista. While the vast majority of these copies made their way into the consumer markets, a very small percentage of businesses are only now beginning to make the jump from XP to Vista. For most businesses, the biggest reason for delaying their upgrade relates to the perception of value. Business decisions, often driven by the desires of internal IT organizations, should be made in the interest of finding value in making the change. For many, the negative press surrounding the release overshadows the intrinsic value of the release itself.

One of the biggest obstacles facing Microsoft's newest operating system is that most of its features are buried so deep under the covers that nobody sees them go "whiz-bang." In fact, much of what makes Vista compelling are features you don't see.

So, what are the potential business benefits of Windows Vista features?

Let these features shape your decision:

Enhanced kernel security and stability

Vista's enhanced kernel security is a perfect example of "remember what you asked for." Until the release of Windows Vista and, unlike virtually every other operating system on the planet, Windows notoriously chose the path of compatibility over security. With previous versions, Microsoft gave drivers and applications access to the core kernel itself, which made the development of such drivers easy, but at the expense of kernel security and stability. If you've ever hated a previous version because an installed driver caused a blue screen of death on a critical system, you understand why a change was desired.

With Vista, Microsoft elected to remove kernel access to non-kernel code, which significantly reduces --- and in many cases eliminates --- the ability for poorly written drivers and apps to crash the entire system. It also reduces the ability of malware to infiltrate deep into the OS. The unfortunate downside was that virtually every driver in existence had to be re-written to support the change. Thus, most early Vista adopters found their driver vendors hadn't caught up with the change and many drivers didn't function. While not Microsoft's problem, most vendors today are fully on board.

Internet Explorer Protected Mode (IEPM)

Internet Explorer Protected Mode leverages a secondary permissions system called Windows Integrity Control. This secondary system ensures that no matter how traditional NTFS permissions are set, data downloaded via Internet Explorer (IE) is stored in a special area of low "trust." The addition of IEPM to IE means that standard users and even administrators are significantly less capable of infecting their machines upon contact with malware. And fewer infections mean greater uptime and a lower cost of ownership.

A greatly improved firewall

The end result in many organizations upon the release of Windows XP Service Pack 2 was that many admins immediately disabled its Internet Connection Firewall. Far too complex to manage, the firewall was the laughing stock of the SP2 release. Vista enhances the firewall with management functionality that does not require an IT specialist to enable it. It adds Network Access Protection that insulates internal LANs from infected laptops walking in the front door and enables greater flexibility for on- and off-LAN firewalling arrangements. These added security capabilities go far in protecting your business assets and data.

User Account Control (UAC)

A brilliant idea on paper, User Account Control indeed elevates the security posture of environments where it is used. By separating administrator logins into "with-privilege" and "without-privilege" modes, UAC protects your administrator's desktop assets from their own actions. Microsoft may have shot itself in the foot with UAC's excessive prompts, but the company gave itself an out with a configuration called "quiet mode," which is a good security option for many environments. If you're taking a pass on Vista simply because of UAC, research its "quiet" implementation first.

Windows Vista comes equipped with a host of other point-feature improvements that, taken together, improve its utility in the business environment. But those updates are relatively minor when shown against its enhancements to core reliability and security.

While neither reliability nor security are features you can easily plug into an ROI calculator, they do bear relevance in the upgrade decision-making process. That bearing deals specifically with a reduced level of touch time per desktop. All things being equal, the capabilities noted above demonstrate that an individual Windows Vista desktop requires less IT attention post-deployment than an equivalent Windows XP desktop. Fewer incidences of malware infection mean greater data security. Higher kernel stability means fewer costly crashes. And, enhanced protection against the actions of users means a stable platform upon which to rest critical business applications.

About the author: Greg Shields, MVP, is a co-founder and IT guru with Concentrated Technology. He has nearly 15 years of IT architecture and enterprise administration experience. He is an IT trainer and speaker on such IT topics as Microsoft administration, systems management and monitoring, and virtualization. His recent book Windows Server 2008: What's New/What's Changed is available from SAPIEN Press.

Dig Deeper on Windows applications

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.