Catalyst Development

An issue that frequently comes up when talking about Windows Vista is backwards compatibility and the security changes. The User Account Control system is the most prominent change which everyone will notice when they first start using the operating system. However, there are more significant changes under the surface that affect how programs are written, and what those programs can do. This has some developers asking questions about the future of the platform, and to what extent an operating system should restrict the actions of a user, rather than facilitate them.

Historically, Windows was an operating system designed for the traditional, stand-alone desktop PC. Networking was considered in a local context, and the Internet was something used primarily by the military, universities and some large companies. When Internet use exploded in the mid 1990’s, with all of the benefits it offered, it also presented a serious problem that was underestimated by many developers, including many within Microsoft. Single-user desktop systems with virtually no security features had joined the Internet by the millions. Software that had been written for stand-alone systems, without any real concern for security, was now exposed to an extremely hostile environment.

Over the years, Windows developers have become accustomed to the idea that they have absolute control over the system. For example, they had the ability to create system-wide message filters which can intercept the messages for any application, inject code into another process or even have a DLL loaded in the address space of every process that’s created. Features which were designed to facilitate computer-based training, automation and testing on a stand-alone system became attack vectors for malware to wreak havoc on vulnerable computers connected to the Internet. With Vista, programs which use those features are restricted (requiring elevated privileges), and more strict security policies can be used, such as only permitting an executable or DLL to be loaded if it is in a secure system folder.

It is important to understand that Windows Vista is more than a collection of technological improvements. It also represents a fundamental change in terms of how Microsoft views the importance of security on the platform and the role they play as a company whose operating system is found on 90% of the desktop computers around the world. In the past, their principal concern was backwards compatibility. New features, including security features, were implemented while looking “backwards” to minimize the impact on existing applications. Even when Windows XP began to replace Windows 98 platforms on the consumer desktop, the default was to install the system giving the user administrative privileges and doing everything that they could to effectively “hide” the security-related aspects of the operating system.

With Windows Vista, efforts to maintain backwards compatibility did not automatically trump security concerns. The rule was simple: if security and compatibility come into conflict, security must win. So when it comes to the question of whose system it is, the answer is that it is everyone’s. The right to do as you please with your computer stops at the router that connects you to the Internet. Security is not just a feature; it is an obligation and a responsibility, and one that we must all take seriously, including hardware manufacturers, software developers and end-users.