What You Really Need to Know
One of Microsoft's Vista goals was to convince its corporate customers not to
wait for Vista SP1. Interminable delays and bad press have all but doomed that
possibility, yet once again Microsoft will see its next OS float or sink on
its merits.
Microsoft's plan is to ship Vista SP1 alongside Longhorn Server, which is currently
set to ship in the second half of 2007. Vista SP1 will be a major upgrade—the
most momentous service pack release Microsoft has ever shipped—because
it will include major kernel changes that will bring Vista technologically up
to speed with the kernel in Longhorn Server. Given the schedule, it's fair to
assume that Microsoft plans to ship other major new functionality in Vista SP1.
Either way, one might logically point to Vista SP1 as the "true" final release
of Vista and the one that many organizations will want to wait for.
Recommendations
Vista is roaring like a freight train toward completion, but there's no reason
why enterprises need to migrate to the new system any time soon. You should
weigh your needs versus Microsoft's plans to significantly upgrade the Vista
kernel less than a
year after it ships the initial Vista version. My advice is to wait—unless
you're running Windows clients that predate XP SP2: Vista's security enhancements
are a huge improvement over what's available in older Windows versions, and
they're reason enough to consider upgrading quickly. Whatever your plans, a
migration is almost inevitable. The only question, of course, is when.
x64 Corrections
When a Microsoft Fellow tells me I've screwed up in my descriptions of Microsoft
technologies, I tend to sit up and take notice. So, when Mark Russinovich—of
Sysinternals fame and now a Microsoft employee—contacted me about my article
"What You Need to Know About Windows Vista x64 Versions' Unique Security Features"
(August 2006, InstantDoc ID 50522), I knew readers would want the scoop. First,
Russinovich says that Address Space Layout Randomization (ASLR), which Vista
Beta 2 introduced, works with both 32-bit and 64-bit versions of Vista. That's
not how the feature was first described to me, but I apologize for the mistake.
Second, Russinovich noted that hardware-enforced Data Execution Prevention (DEP) is actually available on 32-bit systems as well, assuming the PC is based on an AMD processor with no-execute (NX) page protection or an Intel processor with the Execute Disable Bit functionality. Third, PatchGuard debuted in the x64 versions of Windows 2003 and XP Professional x64 Edition, though this feature is unique to x64 systems, of course.
Finally, Russinovich told me that kernel mode driver signing is required for
x64 versions of Vista for accountability rather than reliability reasons. The
idea is that malware authors won't be able or willing to obtain digital signatures
because their code will be traceable if they do. I have no contention with that
point, although I'd mention that Vista x64 drivers are harder to hack, and thus
will be more reliable as a result, than their 32-bit cousins.
End of Article
Prev. page
1
[2]
next page -->
