Vista Opinions

VM restrictions only apply for the Vista Home versions, that MS are saying you shouldn't be using for work purposes.

Seems some people are kicking up a stink over the EULA using misinformation.
 
No, I knew about the Home restriction. I only consider it a problem because I use VMs to run various versions of Windows to test applications on.

However, I'm pretty sure there'll be an escape clause for the MSDN Subscribers so it might not even be an issue at all.

That is to say, if this entire EULA business hasn't been a huge misinformation FUD. I've been hearing some murmurs about that.
 
I just noticed a small but really nice feature in the "all programs" part of the start menu

many games have first the publisher, and within, another folder with the game name itself where the shortcuts are located.
When there is say, folder called "Ultra Games" with "Return of the Evil Zombies" folder in it, where the shortcuts to readme, game exe etc are located, clicking on the "Ultra games" directly jumps you to "return of the evil zombies" instead of requiring you to click on the another folder too, like on XP you had to.
It jumps you as far as there's just 1 folder in the folder you clicked, when there's 2 folders in it, it stops there.
 
And that's MS's fault how? And that's different from the current situation how? Except since it's in the USER SPACE, it's less likely to bring down the system.
Yes and no. It has become much easier to take down or replace a driver, so while you won't get a BSOD the moment that happens, it will still happen when that is a critical interface to some kernel process. And it makes the whole system less stable in general, as spyware and such would be able to kill things like your keyboard driver.

If you are incapable of turning it off, maybe you should consider having it on after all. Because that clearly indicates you don't know enough about computers to be trusted to secure it.
I've spend eight years automating the managing of large computer networks, including the servers and clients. That's what I'm thinking about.

Thus you demonstrate you have no idea what this is and why it's important. It has nothing to do with DLLs and software distribution and everything to do with keeping malware from hacking in their own "goodies" into the kernel.
What is the "kernel"? Is it a single file? Or is it a large amount of files, that together make up the kernel? And if you register a dll, do you make it part of the kernel? And is that something that might happen when installing software?

If you mean OLD drivers then yes. Even Creative has gotten off their asses and just released a new XiFI driver.
Good for them.

If I made some PC hardware, would I have to get my driver certified for Vista? And how much money would that cost me?

A glib and useless response. How trite.
Well, their former stack was copied and pasted from BSD. That alone makes their whole licensing model invalid.

No, if you sit there, Windows will do something useful. If you do something, you get the full attention. It's called not wasting resources.
Yes, and as a programmer, I might wonder why my service isn't working: because Vista suspended it?

Yeah, people are going to call MS about not having as much memory free? When clearly upgrading to a new Windows will obviously use more memory?
You never worked on a helpdesk, did you?

Right. A sweeping change that involves rewriting and entire subsystem and providing entirely new APIs. A marketing gimmick. How about you understanding what this implies for developers who no longer have to deal with a half dozen APIs.
Excuses, excuses. It's equal to not offering any support to older Windows versions anymore. And it would be quite simple actually, as no parts of those older Windows versions use DX. It's a stand alone thing on those. Very low impact, and really easy to do.

But Microsoft is trying to make it hard not to upgrade.

Bullshit. You say that without even knowing what it is from this comment since there's nothing to do with that. This is all about making sure each user only screws themselves up and not the entire Windows installation or other users.
Ever managed an automated system to manage a large network filled with computers?

Again this just shows your ignorance in what this actually means. It's a GOOD thing to properly partition memory so that malware can't go and mess about with some other program's memory. And then you bring up Firefox when that has absolutely nothing to do with it.
If you use Firefox, a router and a virusscanner, you never have problems with malware. You don't even have to update Windows. That's what I use.

Tell me which subsystem in SP2 was rewritten from scratch and I'll get back to you.
Winsock, the kernel protection mechanism and createprocess?

What subsystems are rewritten in the versions of Vista out this year?

Why on earth would you buy Vista if you don't have a use for it?
I won't. But it will be what I have to work with to do my job.

I've been adamant in all my other posts about how nobody should really UPGRADE to Vista. However, if you get a new computer, there's no good reason NOT to get Vista with it.

I'm personally waiting to see what the final EULA for Vista is though. It'll be worth boycotting MS if the terms end up as draconian as being rumoured right now. Especially the VM clauses since I need that for work.
Ok, fair enough.
 
Yes and no. It has become much easier to take down or replace a driver, so while you won't get a BSOD the moment that happens, it will still happen when that is a critical interface to some kernel process. And it makes the whole system less stable in general, as spyware and such would be able to kill things like your keyboard driver.
And that's different from the current XP how? Where you can do the same to things in the kernel space in the first place? Except it also brings down the system since it's in the kernel.


I've spend eight years automating the managing of large computer networks, including the servers and clients. That's what I'm thinking about.
If you really do all that then you'd know about things like Group Policy. And if you did even a little research, you'd know that things like that have been beefed up even more in Vista.


What is the "kernel"? Is it a single file? Or is it a large amount of files, that together make up the kernel? And if you register a dll, do you make it part of the kernel? And is that something that might happen when installing software?
Do you really not understand what the core of an OS is? What are you doing criticizing if you don't know?


Good for them.

If I made some PC hardware, would I have to get my driver certified for Vista? And how much money would that cost me?
The cost of certification per driver several hundred. You don't need WHQL to get a signed driver. It's only to prove that the driver came from you and wasn't modified by any third party. There is no possibility that any hardware manufacturer cannot afford the certification since it costs several magnitudes more capital to design and manufacture the hardware.


Well, their former stack was copied and pasted from BSD. That alone makes their whole licensing model invalid.
Do you know what the BSD license is? The license explicitly allows things like copying code and using it with only an acknowledgement. This isn't the viral GPL license. The stack MS copied is old and growing long on the tooth so they've finally rewritten it.


Yes, and as a programmer, I might wonder why my service isn't working: because Vista suspended it?
Then you'd be a retarded programmer since you've explicitly set your service to be low priority and then wondering why it's not being given priority.


You never worked on a helpdesk, did you?
I have actually, but that's not the point. MS doesn't provide Windows support for free beyond installation for non-OEM copies. So the kind of questions like that won't get through unless they've signed up for extra support.


Excuses, excuses. It's equal to not offering any support to older Windows versions anymore. And it would be quite simple actually, as no parts of those older Windows versions use DX. It's a stand alone thing on those. Very low impact, and really easy to do.

But Microsoft is trying to make it hard not to upgrade.
Kinda like how Apple releases point releases every year for changes that are considerably smaller? Easy to do. I don't know if you're some kind of genius programmer, but are you truly claiming that the changes in Vista are easy to do?


Ever managed an automated system to manage a large network filled with computers?
Let's pretend I haven't. Can you tell me what that has to do with a registry that partitions what the USER installs into their own registry while at the same time still allowing administrators to put in global registry keys?


If you use Firefox, a router and a virusscanner, you never have problems with malware. You don't even have to update Windows. That's what I use.
And? I'm concerned about the rest of the world because malware doesn't always affect me directly. If a large number of computers are flooding the Internet because of some worm, that affects me regardless of whether I'm on my Linux rig or running Windows XP without a service pack.


Winsock, the kernel protection mechanism and createprocess?

What subsystems are rewritten in the versions of Vista out this year?
What kernel protection? That's the change that's in Vista. Win2k3 has a bit of kernel protection implemented though. Are you thinking of DEP?

The firewall did not require a rewrite of anything to implement. Winsocks was just an update to Winsock 2.

As for that glib response about what was rewritten for Vista, have you even TRIED reading.

That said, SP2 was quite a large update for XP. It's large enough that anyone else would've considered giving it a name that's bigger than Service Pack.

I'm just wondering, do you truly believe that it's wrong for a company to make money? The changes in Vista from SP2 are much greater than the changes from XP to SP2. There's no good reason they should give such a huge update out for free.


In any case, I'm not telling you to go and get Vista. I'm telling you that the changes in Vista are significant and non-trivial.
 
Last edited by a moderator:
And that's different from the current XP how? Where you can do the same to things in the kernel space in the first place? Except it also brings down the system since it's in the kernel.
Not exactly, but sort of. It's a huge pain in Windows to access other profiles, and that's what you need to do to install just about any software. Disallowing that and making everything effected simply part of user space, "because it improves performance", is alike to demanding that users all install their own software, and aren't allowed to call the helpdesk about that.

If you really do all that then you'd know about things like Group Policy. And if you did even a little research, you'd know that things like that have been beefed up even more in Vista.
Please. Trying to make it impossible for users to change anything is akin to making it very hard to do their job (aren't you as an IT professional hired to make things *EASIER* for users???), and it never worked so far.

But it does create heaps of additional work for the IT department. Your manager will like that. Although most of it is more problems.

Do you really not understand what the core of an OS is? What are you doing criticizing if you don't know?
Well, I wrote a few OSes myself. I think I ought to know.

The cost of certification per driver several hundred. You don't need WHQL to get a signed driver. It's only to prove that the driver came from you and wasn't modified by any third party. There is no possibility that any hardware manufacturer cannot afford the certification since it costs several magnitudes more capital to design and manufacture the hardware.
That depends. Try it and see. It's very fast quite expensive.

Do you know what the BSD license is? The license explicitly allows things like copying code and using it with only an acknowledgement. This isn't the viral GPL license. The stack MS copied is old and growing long on the tooth so they've finally rewritten it.
"Viral GPL license"? And no requirements? Really. Well, why should Microsoft care? They have more money and lawyers than God. They *WRITE* the law, don't they?

Then you'd be a retarded programmer since you've explicitly set your service to be low priority and then wondering why it's not being given priority.
Yeah, sure. And what would happen if everyone gave their service or whatever the highest priority to make sure it works as intended?

I have actually, but that's not the point. MS doesn't provide Windows support for free beyond installation for non-OEM copies. So the kind of questions like that won't get through unless they've signed up for extra support.
I wasn't talking about support from Microsoft. But I agree, that it will increase all the IT budgets again. Good as long as they get paid, right? Who cares about businesses anyway, unless they pay the bill?

Kinda like how Apple releases point releases every year for changes that are considerably smaller? Easy to do. I don't know if you're some kind of genius programmer, but are you truly claiming that the changes in Vista are easy to do?
You're confusing things. I was answering/asking: how hard would it be to make a DX10 setup for Xp and 2000? It isn't very hard.

Let's pretend I haven't. Can you tell me what that has to do with a registry that partitions what the USER installs into their own registry while at the same time still allowing administrators to put in global registry keys?
Well, you already have to split packages (newly created unattended setups and such) into a system (admin) and user part. But that change requires checking and rebuilding all existing packages.

And? I'm concerned about the rest of the world because malware doesn't always affect me directly. If a large number of computers are flooding the Internet because of some worm, that affects me regardless of whether I'm on my Linux rig or running Windows XP without a service pack.
Do you visit all your neighbours every week to make their computers malware free?

There is no way to prevent every last person from becoming infected when they use IE.

But, if you don't, why would you worry? Nothing can get inside your computer, or the computers of your customers if you (they) use a hardware router, a virusscanner and Firefox.

What kernel protection? That's the change that's in Vista. Win2k3 has a bit of kernel protection implemented though. Are you thinking of DEP?
No, the storing of dlls and such in the dll cache and other places, and the mechanism that determines what to restore.

The firewall did not require a rewrite of anything to implement. Winsocks was just an update to Winsock 2.
Fine.

As for that glib response about what was rewritten for Vista, have you even TRIED reading.
No, I'm dyslectic.

Did you ever look at the list what was promised, and saw what tiny bit has remained? Why would I pay for those small changes, especially if most of those make it harder for me to do my job?

That said, SP2 was quite a large update for XP. It's large enough that anyone else would've considered giving it a name that's bigger than Service Pack.
Agreed.

I'm just wondering, do you truly believe that it's wrong for a company to make money? The changes in Vista from SP2 are much greater than the changes from XP to SP2. There's no good reason they should give such a huge update out for free.
No. I think it is a good thing for a company to try and make money.

But. I consider the users my customers. I am providing services to them. I'm not running a monopoly and declaring what they should or shouldn't do, just because that's what *I* want. I want my customers to be happy. And that means, that the users should be happy.

NOT Microsoft, NOT whomever. The users.

And, most of the time, I get the idea that most system administrators are just doing whatever they fancy, as long as others pay them to play with their nice and always more expensive toys. And the whole IT industry is encouraging that.

"Don't throw money away, simply because others want you to, for no gain whatsoever. Spend your money wisely, and make sure the users see it as an improvement." That's my motto.

In any case, I'm not telling you to go and get Vista. I'm telling you that the changes in Vista are significant and non-trivial.
Do I care one way or the other?
 
You know the only thing I've felt Vista brings to my table is Direct3D 10. Absolutely nothing else is worth the upgrade for me. Vista has lots of glitz and a few minor usability improvements. Is that new Start Menu, shiny interface, and fabulous window animation annoyance worth a few hundred $$? No, not really. I don't want to hear about wonderous theoretical behind-the-scenes magic that is supposedly going to double the joy of my computing experience. I don't believe such talk really.

And, oh, I guess they feel that way too considering their first-time-in-history move to not put a new DirectX on a previous generation Windows OS. I just don't buy the "it can't be done cuz it's so super bettar now" line.

I too actually have Ubuntu running. I even converted 2 PCs at work here to it cuz the users simply don't need anything more to do their jobs. It's refreshing at the same time as it is a real challenge to get some things working. Considering the near total lack of industry support, it's amazing Linux is where it is. If they can get Wine working about a billion times better, and beat MS at their own game, it will be glorious indeed.
 
Last edited by a moderator:
Not exactly, but sort of. It's a huge pain in Windows to access other profiles, and that's what you need to do to install just about any software. Disallowing that and making everything effected simply part of user space, "because it improves performance", is alike to demanding that users all install their own software, and aren't allowed to call the helpdesk about that.
First off, putting stuff in user space tends to reduce speed. Second of all, WHY THE HELL WOULD INSTALLING PROGRAMS HAVE ANYTHING TO DO WITH THE KERNEL SPACE? It shouldn't. It better not. And because they sometimes do, it's being stopped now.


Please. Trying to make it impossible for users to change anything is akin to making it very hard to do their job (aren't you as an IT professional hired to make things *EASIER* for users???), and it never worked so far.

But it does create heaps of additional work for the IT department. Your manager will like that. Although most of it is more problems.
Easy for a user is uniformity. Have you really worked with real people before?

Group policies are things that have been set since forever. And by design, it's set once and then anyone who joins the domain automatically has all the proper settings. Tell me you already knew this.


Well, I wrote a few OSes myself. I think I ought to know.
I've only written the most basic of OS's in a course and even I know that registering DLL's really doesn't have anything to do with modifying the kernel.

That is, it shouldn't need to and it won't be able to anymore now.


That depends. Try it and see. It's very fast quite expensive.
Why would I try? I'm not a manufacturer. Neither am I a person releasing a very popular driver that thousands would use (like Omega). In either case, acquiring a few hundred dollars to sign the driver wouldn't be hard. Plus there's a test mode for developers to install unsigned drivers.


"Viral GPL license"? And no requirements? Really. Well, why should Microsoft care? They have more money and lawyers than God. They *WRITE* the law, don't they?
Beside the point. They took the stack from BSD as specifically allowed by the license. Now they're rewriting it from scratch. So what's the problem here?


Yeah, sure. And what would happen if everyone gave their service or whatever the highest priority to make sure it works as intended?
The highest priority is only allowed for core OS services. Theoretically an user service cannot have the highest priority. This is one of the things being done in Vista that's being heavily tested because it's not quite perfect yet since deadlocks still occur occasionally.


I wasn't talking about support from Microsoft. But I agree, that it will increase all the IT budgets again. Good as long as they get paid, right? Who cares about businesses anyway, unless they pay the bill?
Not really. I was referring to the so-called "power users" who aren't. They know enough to look at free memory (average person doesn't really care when the computer is running smoothly) and complain. Really not a large enough group to affect IT budgets that much but loud enough to perhaps affect MS to do something about it.


You're confusing things. I was answering/asking: how hard would it be to make a DX10 setup for Xp and 2000? It isn't very hard.
First off, DX10 is only one small part of the changes in Vista. Second of all, even that isn't trivial.


Well, you already have to split packages (newly created unattended setups and such) into a system (admin) and user part. But that change requires checking and rebuilding all existing packages.
Do you even use Windows? That doesn't apply at all. As long as the application doesn't really delve deep into the system, most applications will work to some degree as is. Obviously for a new OS you'd need to check and perhap recreate automated installations, but that's nothing to do with the new improved registry.

In fact, it's something the Linux folks have been poking at Windows for not having separated user profiles (that is, partitioned off enough).


Do you visit all your neighbours every week to make their computers malware free?
No, but I do hope they would at least have a firewall of sorts and update their Windows. If they all move to Vista, so much the better since it's impossible to expect them to move to Linux.

There is no way to prevent every last person from becoming infected when they use IE.
Unless they're using IE7. It's still flawed, but significantly better.


No, the storing of dlls and such in the dll cache and other places, and the mechanism that determines what to restore.
That was added. It wasn't rewritten from scratch.


Did you ever look at the list what was promised, and saw what tiny bit has remained? Why would I pay for those small changes, especially if most of those make it harder for me to do my job?
While I know of what has been dropped and what has been modified to be included, I'd question you this instead: What do you miss practically from what was originally with Vista?

Seriously, I'm very curious about this.


But. I consider the users my customers. I am providing services to them. I'm not running a monopoly and declaring what they should or shouldn't do, just because that's what *I* want. I want my customers to be happy. And that means, that the users should be happy.
Vista is going to do that. I'm serious. Just for kicks, I gave someone I knew Vista RC2 because she did not play games. She's just purchased a new computer that's fairly powerful but did not have a copy of Windows XP yet so I mentioned that the Vista RC2 is useable until June.

She absolutely loves Vista. To the point that she's going to buy it even though I advised her that she really should just stick with XP.

And that's the crux of it all. All the under-the-hood changes don't matter. There are a bajillion new features that improve security, remote administration, group policies and kernel protection.

They don't matter to the 80% of people who use Windows and just want it to look sharp. Not necessarily eye-candy, but sharp. Incidentally, XP does not look sharp.
 
Last edited by a moderator:
Ugh. Would you please get a clue?
No comment.

First off, putting stuff in user space tends to reduce speed.
No. It doesn't. Never heard of the overhead required to switch from user to kernel space and vice versa?

Second of all, WHY THE HELL WOULD INSTALLING PROGRAMS HAVE ANYTHING TO DO WITH THE KERNEL SPACE? It shouldn't. It better not. And because they sometimes do, it's being stopped now.
Regsvr32.exe. Register dll/ocx/whatever. What do you think that does? Ever made or packaged an application?

Easy for a user is uniformity. Have you really worked with real people before?
Yes, with people who complained that they have to call the helpdesk when they need to print a presentation on transparent. And have to wait days or weeks for it.

Group policies are things that have been set since forever. And by design, it's set once and then anyone who joins the domain automatically has all the proper settings. Tell me you already knew this.
Sigh. You have no idea how many times I discussed all those arguments already. Or wrote all the programs and procedures that made all that happen.

But, if you really want to do it as well, create a thread about it, and I'll join. And we can discuss all the ways you can automate PC and network management. Every way, and all the ways.

I've only written the most basic of OS's in a course and even I know that registering DLL's really doesn't have anything to do with modifying the kernel.

That is, it shouldn't need to and it won't be able to anymore now.
The Windows kernel is dynamic. For example, it requires a function to get keypresses. And while the syntax of that function is fixed, you can supply a new one.

Say, you make a new type of keyboard, or have a barcode scanner that you want to generate key input. So, you override the default function (handler) with your own one. And that becomes the device the kernel has to use when it wants to read keyboard input.

Why would I try? I'm not a manufacturer. Neither am I a person releasing a very popular driver that thousands would use (like Omega). In either case, acquiring a few hundred dollars to sign the driver wouldn't be hard. Plus there's a test mode for developers to install unsigned drivers.
A few hundred dollars is very optimistic. And it takes a long time.

Beside the point. They took the stack from BSD as specifically allowed by the license. Now they're rewriting it from scratch. So what's the problem here?
Ah, but how do we know they rewrite it from scratch? It's much easier just to copy and paste the Linux functions. And who would know? It's not as if Microsoft is allowing anyone to see all their sourcecode.

The highest priority is only allowed for core OS services. Theoretically an user service cannot have the highest priority. This is one of the things being done in Vista that's being heavily tested because it's not quite perfect yet since deadlocks still occur occasionally.
Yes, but if you write a service, most of the time you need it to become or replace a core OS service. And there are plenty of programs that have nothing to do with hardware that use and require services.

Not really. I was referring to the so-called "power users" who aren't. They know enough to look at free memory (average person doesn't really care when the computer is running smoothly) and complain. Really not a large enough group to affect IT budgets that much but loud enough to perhaps affect MS to do something about it.
Since when is Microsoft going to do something about stuff like that? It mostly increases the workload and budget of other IT companies or departments.

First off, DX10 is only one small part of the changes in Vista. Second of all, even that isn't trivial.
Why would that be interesting?

Do you even use Windows?
Yes, for games and most of my job.

That doesn't apply at all. As long as the application doesn't really delve deep into the system, most applications will work to some degree as is. Obviously for a new OS you'd need to check and perhap recreate automated installations, but that's nothing to do with the new improved registry.
Normally, you don't. That's half the point of making packages in the first place. The other half is in not having user interaction.

In fact, it's something the Linux folks have been poking at Windows for not having separated user profiles (that is, partitioned off enough).
Yes. But there is a difference. Under Windows, each profile runs in it's own Windows VM, where it assumes it has full control. DOS, and all that.

If you have such a model and you remove functions, you break things.

*nix always has had a restricted model. You have to ask.

No, but I do hope they would at least have a firewall of sorts and update their Windows.
Why? Software firewalls only work partially, and generate a lot of calls to the helpdesk. And with a hardware firewall that does NAS and Firefox, you don't need either.

If they all move to Vista, so much the better since it's impossible to expect them to move to Linux.
*WHY* should they move to Vista? What would be the point?

Most everything else (ie: most servers and just about any other device with a computer inside) already runs Linux. And with the coming manycore (4+) CPUs, the choice becomes even more simple.

There are almost certainly more Linux computers by now than Windows computers. It would be hard for it to be the other way around.

Unless they're using IE7. It's still flawed, but significantly better.
Agreed. It's a Firefox clone.

That was added. It wasn't rewritten from scratch.
Ok. We don't know.

While I know of what has been dropped and what has been modified to be included, I'd question you this instead: What do you miss practically from what was originally with Vista?

Seriously, I'm very curious about this.
- The new networking model (no more different APIs, depending on the type of service)
- The new object model (like .NET, but the unmanaged part especially)
- The database file system
- The unification of the I/O and communication model (like Linux, but not as part of the filesystem)

Those are the highlights.

And the bad:
- All the extremely annoying "press this button because we show you we take your security issues seriously"! If Firefox can do it, Microsoft itself should DAMN WELL be able to do the same and not bother / irritate the users!!!
- DRM and having to certify anything.

Vista is going to do that. I'm serious. Just for kicks, I gave someone I knew Vista RC2 because she did not play games. She's just purchased a new computer that's fairly powerful but did not have a copy of Windows XP yet so I mentioned that the Vista RC2 is useable until June.

She absolutely loves Vista. To the point that she's going to buy it even though I advised her that she really should just stick with XP.

And that's the crux of it all. All the under-the-hood changes don't matter. There are a bajillion new features that improve security, remote administration, group policies and kernel protection.

They don't matter to the 80% of people who use Windows and just want it to look sharp. Not necessarily eye-candy, but sharp. Incidentally, XP does not look sharp.
Yes, I agree. They don't know or care, and just want Vista because "it looks nice and is new!". Although, they want it for free as well.
 
No comment.
An irrate remark that I retract.


No. It doesn't. Never heard of the overhead required to switch from user to kernel space and vice versa?
Depends. In general, however, kernel space tends to be faster because it's closer to the hardware. Depending on design and the ability of the hardware, user space can be faster for certain applications. Such as graphics since the batching reduces the context switches.

We are certainly at the point where issues such as context switching are so significant as to be slowing down hardware though.


Regsvr32.exe. Register dll/ocx/whatever. What do you think that does? Ever made or packaged an application?
Registers the DLL for availability. Did you REALLY think it attaches itself to the kernel? For your information, this still works in Vista because it doesn't have anything to do with patching the kernel.


Sigh. You have no idea how many times I discussed all those arguments already. Or wrote all the programs and procedures that made all that happen.

But, if you really want to do it as well, create a thread about it, and I'll join. And we can discuss all the ways you can automate PC and network management. Every way, and all the ways.
Enlighten me then. How does Vista change this besides the fact it's a new OS.


The Windows kernel is dynamic. For example, it requires a function to get keypresses. And while the syntax of that function is fixed, you can supply a new one.

Say, you make a new type of keyboard, or have a barcode scanner that you want to generate key input. So, you override the default function (handler) with your own one. And that becomes the device the kernel has to use when it wants to read keyboard input.
Tell me you don't really think this has to do with patching the kernel.


A few hundred dollars is very optimistic. And it takes a long time.
Optimistic when it's already been announced? This isn't WHQL testing, this is driver signing. The only part that really matters is certificate revocation.


Ah, but how do we know they rewrite it from scratch? It's much easier just to copy and paste the Linux functions. And who would know? It's not as if Microsoft is allowing anyone to see all their sourcecode.
You're actually saying that MS went and copied Linux code? Why bother when they could copy the stack from BSD again?



Yes, but if you write a service, most of the time you need it to become or replace a core OS service. And there are plenty of programs that have nothing to do with hardware that use and require services.
No there isn't and there shouldn't be anything that needs that. Your earlier example of the keyboard handler is clearly not something you'd need to patch the kernel for. Furthermore, if you were writing your own process for a MULTITASKING system, why should it dominate everything including the underlying OS? For that matter, name something that really needs that much domination and runs on top of Windows rather than on its own.


Why would that be interesting?
I only mentioned this because DX10 is not trivial. Considering the MS plan for consolidation of the PC gaming platform, it makes business sense to make it available only for Vista.

What I'm NOT saying is that it's impossible to port for XP.


Normally, you don't. That's half the point of making packages in the first place. The other half is in not having user interaction.
You make packages so that you can implement and deploy quickly an environment that's pre-defined. If you're going to change that pre-defined environment (say by replacing the OS with a new one) by definition you need to check if things break. You'd do that even for updates, much less a new OS.


Yes. But there is a difference. Under Windows, each profile runs in it's own Windows VM, where it assumes it has full control. DOS, and all that.
No... there's no VM sandbox in Vista. There is a nominal sandbox safe mode for Vista's version of IE7 though.


If you have such a model and you remove functions, you break things.

*nix always has had a restricted model. You have to ask.
Which is why I said it was a large undertaking to implement the new model while retaining most of the backwards compatibility of the old system. And it works quite well in this regard. Things like AV break not because of the partitioning but because the kernel access is now denied.



Why? Software firewalls only work partially, and generate a lot of calls to the helpdesk. And with a hardware firewall that does NAS and Firefox, you don't need either.
?
Are you saying that not having any firewall is better than having at least a software firewall?


Ok. We don't know.
It can't have been rewritten because it didn't exist before. So we do know it was added. However, this is one of the larger changes in SP2 to be sure.



- The new networking model (no more different APIs, depending on the type of service)
I'm actually not sure what you mean by this.

After quickly looking some stuff up, this sounds suspiciously similar to Indigo, which is part of .Net 3.


- The new object model (like .NET, but the unmanaged part especially)
Which is... in Vista, called .Net 3


- The database file system
I love it when people bring this one up. What did you plan to do with this?


- The unification of the I/O and communication model (like Linux, but not as part of the filesystem)
This was promised for Vista? Hmm, I'll have to check up on it. Because if you're thinking about Indigo, that's not what was promised.


- All the extremely annoying "press this button because we show you we take your security issues seriously"! If Firefox can do it, Microsoft itself should DAMN WELL be able to do the same and not bother / irritate the users!!!
You can't seriously not know how to turn off error reporting.


- DRM and having to certify anything.
DRM for the HD generation? Well, when they come up with a way to playback HDCP protected content on Linux I'll be concerned. Except it'll also be ported to Vista.

I guess I'll be able to playback my legitimate media for now and when someone cracks it for Linux, then I'll be able to do it for other stuff as well.

As for certification, the users will just use the 32bits version. I guarantee it'll be the dominant version of Vista for a while yet.
 
Last edited by a moderator:
Vista for me is nothing more than a game system I dual boot into. Otherwise, it practically offers nothing to me that OS X hasn't been doing for a long time, with the exception of DX10, which is mostly irrelevent since even if a feature-for-feature comparable Khronos stack existed, not many games would be written in OGL or ported anyway. But for all other desktop activities, I have found zero in the Vista betas/release candidates that have impressed me. It's sad that a company with as much money as Microsoft and almost 7 years of development time can produce something so underwhelming. IE7 isn't a Firefox clone either. To be a Firefox clone, it would have had to fix their broken non-standard CSS2 implementation.

Yes, they've fixed and enhanced alot of stuff in the NT kernel. But the userspace of Windows hasn't been so lucky. A friend of mine is actually one of the core NT kernel developers at MS for about the last 8 years, and he frequently tells me how pissed the kernel developers are at how the awful userspace programmers at MS are, and have ruined the image of MS software quality, as too few people are aware of how nice the NT kernel is.

I still find it amazing how complicated MS makes installation and management of software, compared to OS X or Ubuntu. If I want to install something, I just mount a DMG and drag the app where I want it. No registry crap (the guy who designed it at MS should be shot), no registering COM components, nope, just copy. And uninstall is just as simple, drag the app into the trash. Otherwise, APT is available for OS X as well, and you can install APT packages as easily as on Debian/Ubuntu.

I really don't think Vista is going to solve the security nightmare. MS needed a redesign, like from 95->XP, not a bolton set of fixes. As a result, certain operations are either too annoying, or will probably still be insecure. This discusses some the underlying problems of philosophy.

And ultimately, for me, it will still be more annoying than Unix environments. Personally, it's just a slightly prettier and more secure version of XP that I will be able to play DirectX10 games on.

p.s. MS has had YEARS to fix native Bluetooth support. They still only handle paultry few BT profiles and require you to install a separate OEM BT UI (Windows Shell Extension)+Protocol Stack to make BT usable (usually WIDCOMM). Really simply things, like when someone calls me on my phone, I see the CallerID/address book entry on my screen (OS X), I can send SMS or make calls from my address book on my desktop, redirect incoming calls to voice mail, etc Builtin PIM sync over BT. Builtin integration with photo software. Builtin audio-gateway support (can use my desktop headphones/mic to talk). And, I can even use my mobile phone to control OS X apps like a remote control (e.g. powerpoint presentations). All builtin.
 
Registers the DLL for availability. Did you REALLY think it attaches itself to the kernel? For your information, this still works in Vista because it doesn't have anything to do with patching the kernel.
The kernel isn't something like a single file. It's a lot of files working together. Hell, there are even multiple HALs, so it's actually quite likely that two computers with an identical, fresh install of Windows XP use many different kernel files.

A kernel is first and foremost about memory management, scheduling and handling I/O. Just about everything else is optional. And to do that, it needs a mechanism that allows drivers, things like services and even program-specific (like, Fraps, that goes and digs itself inside DX) stuff to inject itself.

And, if you replace something like the keyboard handler, you first see if it is something you should handle, and if it isn't, you call the previous handler. Those things are chained.

Furthermore, if you were writing your own process for a MULTITASKING system, why should it dominate everything including the underlying OS? For that matter, name something that really needs that much domination and runs on top of Windows rather than on its own.
three easy examples from programs I wrote recently:

- A program to automate a production process that had to interact with PLCs and other I/O, which was suspended by Windows when any of the yellow balloons popped up, and when I took too much foreground time, it was actually killed by Windows. And a lot of other unpleasanties, like USB ports jumping around and whatever.

- A program to print barcode labels when a barcode label was scanned, in the same production process. And, the only program allowed to be active on that PC as well, just like the previous one.

- A program that runs on a hand-held barcode scanner with Windows Mobile. It is, again, the only program that is ever allowed to be active. Windows requires the taskbar and start button to be visible and active at all times, and suspends the program when any external event takes place.

It was a major pain in all cases to struggle with Windows time and again, PLEASE allow my program to work as intended! Extremely frustrating.

You make packages so that you can implement and deploy quickly an environment that's pre-defined. If you're going to change that pre-defined environment (say by replacing the OS with a new one) by definition you need to check if things break. You'd do that even for updates, much less a new OS.
That depends. If you do it right, it doesn't matter what hardware you use, what version of Windows is running or what other programs are installed. Companies like that, because each user can have his or her own custom computer, while it saves money in not having to upgrade everything all the time.

No... there's no VM sandbox in Vista. There is a nominal sandbox safe mode for Vista's version of IE7 though.
Each and every user (administrator, system, the .NET and IIS users, etc, as well) all have their own virtual Windows machine. And if it isn't interactive, you get no keyboard or mouse input, and your screen output isn't visible.

That doesn't stop programs popping up an invisible dialog box and waiting for the user to push the button (which is impossible). It's a VM, and the program doesn't have to know.[/quote]

Which is why I said it was a large undertaking to implement the new model while retaining most of the backwards compatibility of the old system. And it works quite well in this regard. Things like AV break not because of the partitioning but because the kernel access is now denied.
If they work: kudos to the designers, who took nothing for granted. Microsoft still broke a lot of stuff, though.

?
Are you saying that not having any firewall is better than having at least a software firewall?
How many people don't have a hardware firewall nowadays? Do you have ASDL? Check. You've got one.

After quickly looking some stuff up, this sounds suspiciously similar to Indigo, which is part of .Net 3.

Which is... in Vista, called .Net 3
Is there going to be a .NET 3 for XP?

I love it when people bring this one up. What did you plan to do with this?
I'm a programmer, and I specialize in automating workplace and network management. With a focus on user satisfaction. In short, I am constantly checking and updating files, and generating and showing statistics about it.

A very simple example: install a package with Adobe Acrobat reader. And look in vain for the shortcut of the program, or for the updated icons of all the pdf files.

But, as a user I would love it as well. Instant search. Things get updated when they happen, not some time afterwards. You don't have to wait minutes for the context meny when right clicking on a bunch of files on a network share. And Office and the explorer *FINALLY* get it when a network resource is unavailable, and you don't have to wait in vain minutes between each click in a file open or save dialog. Etc.

You can't seriously not know how to turn off error reporting.
Well, it takes me minutes even with XP, for the basics. And I sit behind freshly installed computers or ones from other people pretty regulary. It's a very major irritation.

DRM for the HD generation? Well, when they come up with a way to playback HDCP protected content on Linux I'll be concerned. Except it'll also be ported to Vista.

I guess I'll be able to playback my legitimate media for now and when someone cracks it for Linux, then I'll be able to do it for other stuff as well.

As for certification, the users will just use the 32bits version. I guarantee it'll be the dominant version of Vista for a while yet.
You don't get it. It has nothing to do with being forced to pay Microsoft and Hollywood whatever they demand.
 
DRM for the HD generation? Well, when they come up with a way to playback HDCP protected content on Linux I'll be concerned. Except it'll also be ported to Vista.

HD Content isn't "HDCP" protected. HDCP is a link-layer protection scheme. HD content will playback for the forseeable future on non-HDCP outputs such as Component and VGA because HD content owners can't afford to shrink their market by a factor of 20 to require everyone to have HDMI. HDCP, like DBCP, Macrovision, and others are enabled by ICT tokens. They don't "secure" the content on the media it is distirbuted on, they just secure the digital outputs on the video card. HDCP is not an end-to-end encryption method from disk media to display.

Protecting the disc media falls to AACS. HD content is protected by AACS just like DVD content is protected by CSS. Thus, Linux developers would need to find a way around AACS, or to obtain a license. It is still possible that commercial players and binary-only kernel modules/drivers could be deployed for Linux with legitimate AACS licenses/keys, in the same way that Vista's secure kernel paths are used. AACS is a broadcast encryption scheme however, so compromise of a software player's key doesn't compromise the whole system like CSS.
 
HD Content isn't "HDCP" protected. HDCP is a link-layer protection scheme. HD content will playback for the forseeable future on non-HDCP outputs such as Component and VGA because HD content owners can't afford to shrink their market by a factor of 20 to require everyone to have HDMI. HDCP, like DBCP, Macrovision, and others are enabled by ICT tokens. They don't "secure" the content on the media it is distirbuted on, they just secure the digital outputs on the video card. HDCP is not an end-to-end encryption method from disk media to display.

Protecting the disc media falls to AACS. HD content is protected by AACS just like DVD content is protected by CSS. Thus, Linux developers would need to find a way around AACS, or to obtain a license. It is still possible that commercial players and binary-only kernel modules/drivers could be deployed for Linux with legitimate AACS licenses/keys, in the same way that Vista's secure kernel paths are used. AACS is a broadcast encryption scheme however, so compromise of a software player's key doesn't compromise the whole system like CSS.
Yes, you're right, I mixed up my terms.

It's not like I thought that you can't play normal HD content on Vista like some people seem to think. The DRM can only affect the protected content.
 
- A program to automate a production process that had to interact with PLCs and other I/O, which was suspended by Windows when any of the yellow balloons popped up, and when I took too much foreground time, it was actually killed by Windows. And a lot of other unpleasanties, like USB ports jumping around and whatever.

- A program to print barcode labels when a barcode label was scanned, in the same production process. And, the only program allowed to be active on that PC as well, just like the previous one.

- A program that runs on a hand-held barcode scanner with Windows Mobile. It is, again, the only program that is ever allowed to be active. Windows requires the taskbar and start button to be visible and active at all times, and suspends the program when any external event takes place.
It seems to me that you're really using the wrong tool for the job. It may be constraints of your employer but those gotchas you're running into are there by design.


Each and every user (administrator, system, the .NET and IIS users, etc, as well) all have their own virtual Windows machine. And if it isn't interactive, you get no keyboard or mouse input, and your screen output isn't visible.
This isn't true of any NT Windows. Unless you're using the term Virtual Machine is a way that's not the norm.


How many people don't have a hardware firewall nowadays? Do you have ASDL? Check. You've got one.
I use cable myself, but I do know some people who are using ADSL AND don't have a hardware type "firewall". This may be different with ADSL2 but I haven't done my homework on that.


Is there going to be a .NET 3 for XP?
There could be a partial implementation. The actual CLR is the same as .Net 2 and it's the new portions of the so-called pillars of Vista that aren't. It would require backporting the new subsystems to a "XP Super Service Pack 3" to allow the rest to work. But the number of systems to revamp pretty much warrant a new OS.


A very simple example: install a package with Adobe Acrobat reader. And look in vain for the shortcut of the program, or for the updated icons of all the pdf files.
The indexed fast search covers much of this, but frankly, the real problem is how Windows was designed in the first place. It's slowly being fixed, but frankly there's too much backlog of things to keep from breaking for this to be resolved any time soon.

In any case, the new start menu covers this. I don't even bother looking for programs, I just hit Windows => "<a few letters>"=> <enter>
So if I wanted adobe reader, I'd press Windows => "read" => <enter>


You'll be happy to know that most of the heavy database features have been moved to SQL 2005 for the developers to use if they want it instead.

But, as a user I would love it as well. Instant search. Things get updated when they happen, not some time afterwards.
This has been compartmentalized and separately implemented in Vista. So you get your instant search without having as much overhead from turning the entire filesystem into a database.

You don't have to wait minutes for the context meny when right clicking on a bunch of files on a network share. And Office and the explorer *FINALLY* get it when a network resource is unavailable, and you don't have to wait in vain minutes between each click in a file open or save dialog. Etc.
This is actually a separate design flaw in Windows and would not be resolved by WinFS.


Well, it takes me minutes even with XP, for the basics. And I sit behind freshly installed computers or ones from other people pretty regulary. It's a very major irritation.
In a single user situation I agree. But in a situation where there's a great number of computers, this would've been set in the group policy.


You don't get it. It has nothing to do with being forced to pay Microsoft and Hollywood whatever they demand.
So you can go play normal unprotected HD content. Just like before. You don't have to buy the protected content from Hollywood.
 
Last edited by a moderator:
I'd rather have Sun's ZFS than WinFS. For me, the big feature of WinFS would have been to store arbitrary structured data and metadata on the file system, and instantly access it not just via text search, but via structured queries.

However, that can be done as a layer ontop of the FS, just like Linux, OS X, and Windows store folder metadata today.

The real pain of filesystems is managing them, and ZFS basically solves practically every problem you can think about with respect of filesystems. How would you like O(1) constant time backups? (and by extension, Revisioned files like a CVS/Subversion/Source code control server.) How about RAID5 but with much less performance issues? How about dynamically adjusted block sizes, transactional writes, etc etc http://en.wikipedia.org/wiki/Zfs

My eyes brightened up when Apple asked the ZFS group for help. The idea that one day, OS X will have ZFS is tantalizing.
 
The kernel isn't something like a single file. It's a lot of files working together. Hell, there are even multiple HALs, so it's actually quite likely that two computers with an identical, fresh install of Windows XP use many different kernel files.

A kernel is first and foremost about memory management, scheduling and handling I/O. Just about everything else is optional. And to do that, it needs a mechanism that allows drivers, things like services and even program-specific (like, Fraps, that goes and digs itself inside DX) stuff to inject itself.

Which has nothing to do with DLL or application installation other than you need the Kernel to write to the disk and using the registry.

Code is installed into the kernel by the way of drivers (sys) files and with an inf file or by modifying the HKEY_LOCAL_MACHINE\system\currentcontrolset\services and manually installing a kernel mode service which is in the form of a SYS file. Services run using svchost, rundll or any other exe file are purely Win32 usermode and don't do anything to the kernel, though they would access kernel services.

REGSRV32 installs user mode components, which can include usermode drivers, by putting the class info from the DLL into the HKEY_CLASSES_ROOT section of the registry, which is only accessed by usermode programs.

Other DLLs installed into the system32 directory are also usermode only. All Kernel mode dlls are supposed to be installed into the system32\drivers directory (which if you look at you'll see there are almost none).

Usermode code can not read/write/execute kernel memory and can not access the kernel directly. All usermode code must at least use NTDLL.DLL to access kernel services. Attempting to get lower level access to the kernel from usermode is undocumented and incompatible between different versions of windows and even between service packs of the same windows version.

Fraps is purely usermode. It does not need to and does not hook the kernel. If you didn't realize, Direct3D has usermode components (d3d9.dll for example) that communicate with the kernel mode driver of the graphics card. To hook Direct3D you do not write a kernel mode filter driver file that is installed as part of the display driver chain. No one would be that stupid to want to try to intercept the Direct3D command buffers in a driver. To do the hook you write a usermode DLL that incerpets the original usermode DLL or use a second program to perform code injection into the destination process that hooks the desired usermode function.

In Vista, cross program code injection will not work unless the program receiving the injected code is designed to allow it. Address Space Layout Randomization is the reason of course. In general code injection never needs to be done so breaking it for security reasons is hard to argue against.
 
  • Like
Reactions: Geo
I would like to go on record by stating that right now RC2 is running on a 1.8 ghz 64 bit sempron with 256 mb of ram quite nicely thank you very much. I have not disabled anything. Just installed it and my friends are putting it through its paces by watching videos on WMP 11 and surfing the net, etc etc. It runs just fine! That is quite amazing. And I kind of like the UI. It is a lot sleeker. And this is Vista Ultimate running on the machine so I am quite impressed.
 
In Vista, cross program code injection will not work unless the program receiving the injected code is designed to allow it. Address Space Layout Randomization is the reason of course. In general code injection never needs to be done so breaking it for security reasons is hard to argue against.
[/QUOTE]

ASDL has been cracked several times in the past, and it is particularly ineffective in 32-bit address space where searches and statistical probes are practical, especially against fault tolerant multiprocess servers, where a probe which causes a segfault merely results in a restart of the child process.

Moreover, Vista has already had injection attacks carried out against the kernel at the last BlackHat conference, but a surprisingly-not-fugly female hacker
joanna20uq.jpg
prabu_joanna_postconf.jpg


Despite the fact it requires UAC approval (not hard to engineer given "security dialog fatigue" and maybe some phishing techniques to manipulate the display and trick someone into clicking something), it totally destroys the "secure path" of the kernel that was required by the HD-DVD consortium. Raw decoded rippers would not be possible.

Then there is Microsoft's stupid decision to try and rewrite the TCP/IP stack from scratch, something they are uniquely unqualified to do, especially given the 20 year history of exploits against TCP/IP stacks and the exceedingly long maturity process of the BSD and Linux NET stacks. Most people agree it's almost guaranteed to be a source of attacks for years to come.
 
ASDL has been cracked several times in the past, and it is particularly ineffective in 32-bit address space where searches and statistical probes are practical, especially against fault tolerant multiprocess servers, where a probe which causes a segfault merely results in a restart of the child process.

Moreover, Vista has already had injection attacks carried out against the kernel at the last BlackHat conference, but a surprisingly-not-fugly female hacker
joanna20uq.jpg
prabu_joanna_postconf.jpg


Despite the fact it requires UAC approval (not hard to engineer given "security dialog fatigue" and maybe some phishing techniques to manipulate the display and trick someone into clicking something), it totally destroys the "secure path" of the kernel that was required by the HD-DVD consortium. Raw decoded rippers would not be possible.

Then there is Microsoft's stupid decision to try and rewrite the TCP/IP stack from scratch, something they are uniquely unqualified to do, especially given the 20 year history of exploits against TCP/IP stacks and the exceedingly long maturity process of the BSD and Linux NET stacks. Most people agree it's almost guaranteed to be a source of attacks for years to come.

Nice hotlinking there champ ;)
 
Back
Top