Windows Vista Team Blog : Windows Vista, Jim Allchin

Offline Files

JimAll — Mon, 29 Jan 2007 20:05:00 GMT

One of the key things that we focused on for Windows Vista was improving the experience for mobile (laptop) users. If you are like me, you spend quite a bit of time running around with a laptop. However, when I am in my office, I tend to use my desktop. The primary way that I share files between my desktop and my laptop is by storing them on a Windows Server (it's also the primary way that I make sure that my files get backed up). For example, at Microsoft we redirect the "Documents" folder (previously known as "My Documents" in Windows XP) to a share on the server (of course, we use access controls on the folders to make sure that I am the only person who can see my files).

By redirecting key folders like the Documents folder to a file share, my documents are available to me no matter which one of my Windows PCs I am using. The problem of course is what happens when I don't have access to the server -- such as when I am not on the corporate network or perhaps sitting on an airplane. Frankly, the same problem exists with any file share that I might try to access when I am not on the corporate network.

Well, as it turns out, we have had a very cool feature in Windows (actually, it's been there since Windows 2000) called "Offline Files." (We actually used to call it "Offline Folders.") As the name implies, Offline Files allows you to mark particular folders (and their sub-folders) to be available offline. When you are on the network, Offline Files automatically synchronizes the folders so that you have a copy of them locally on your hard disk. Then when you are offline (and don't have access to the actual server), Offline Files makes it look like you are online by simply accessing the locally cached copy. Later, when you do have access to the file share, Offline Files automatically synchronizes any changes you have made offline with the online version and vice-versa.

So why am I telling you about a feature that's been available since Windows 2000 here in the Windows Vista Team blog? Well, frankly, because we have made quite a few enhancements in the Offline Files support for Windows Vista. Here are some examples.

In Windows XP, the transition from online to offline was pretty seamless -- which was good. The problem was that when you came back to the network and tried to reconnect, it was sometimes less than seamless -- and we fixed that with Windows Vista. Now, when Windows Vista detects that the server is available, not only do we automatically synchronize any files and folders that changed, but we also automatically redirect any open files to the online copy.

Another thing that always bugged me before Windows Vista was the fact that there was no way to force the transition to "offline mode." I don't know about you, but before I get on a plane for 5 hours I want to make sure that all the documents that I need are locally available on my laptop. Prior to Windows Vista, I had to manually turn off my wireless card to make the system think I was offline. The problem there was that it was a complete disconnect that killed my connection to the Exchange Server. Now, with Windows Vista, there is a button right in the Explorer tool bar (that is available whenever I am looking at a file share) called "Work Offline" that automatically forces the transition to offline mode. Of course, when you click the button it changes from "Work Offline" to "Work Online" so that you can force the transition back. This is a simple way to verify exactly what you will see when you are travelling to double-check that you have everything that you need.

We did some other "fit-and-finish" things to Offline Folders to make it more usable as well. One example of this is the way that we synchronize the offline files with the online copy. Offline Files in Windows Vista keeps track of the blocks that are modified while offline and only transfers the changed blocks to the server. This makes synchronization of changes from the client to the server much faster. I should note that this optimization is only used when transferring changes from client to server; it is not used when transferring changes from the server to the client. I should also note that some applications (like Microsoft Word) create a new file when you modify an existing document, so you won't see the benefit here.

We also changed the synchronization approach so that we now only try to synchronize the shares for the user that is logged on. This addresses a problem that users would hit in the past when we used to try to sync all offline folders and the user saw an "access denied" error for the folders that actually belonged to someone else. Navjot Virk, the program manager for Offline Files, wrote a great blog entry on Offline Files that covers this in more detail and I encourage you to check it out.

There are many ways you can turn on Offline Files. The simplest way is to browse to a file server, right-mouse to get the context menu for the folder or file that you want to be automatically cached, and select "Always Available Offline." You are done; it's just that easy. Work with the files/folders just like you would normally whether you are travelling (and disconnected from the network) or working at your desk (and connected to the network). Windows Vista's Offline Files automatically synchronizes all the changes for you without you having to do anything.

If you want to force a manual synchronization, then right-mouse on the folder/file and select "Sync." You can of course use the "Sync Center" to do this, too.

If you want to have your entire "Documents," "Desktop," "Music," etc., be located on a server (or perhaps different servers), but cached (and synchronized) locally, then simply change the location of the folder to be on a server (or another client) and then mark the folder on the server to be available offline. See below.

So if you are like me and you work with multiple Windows PCs and sometimes are not on your main network, go give Offline Folders a try on Windows Vista. If you are someone who tried it before on Windows XP, then I think you will be very happy with the enhancements we've made in Windows Vista.

jim

Nostalgia and Innovation

JimAll — Wed, 24 Jan 2007 22:34:00 GMT

During the fall of 2006 as we were completing the final release of Windows Vista, I was getting a lot of questions about how Windows Vista compared to the original vision of Windows Longhorn. I had someone on my team go back and look at the feature set that was first discussed at the October, 2003 PDC and not only did we deliver the key functionality we discussed, but we went beyond and delivered some amazing innovations that we hadn't thought of back in 2003.

I was curious to see what part of the data management scenarios we showed at the PDC in 2003 were available on the final Windows Vista product -- so I watched the videos from the PDC to find out. As I discussed in my blog entry about working with data on Windows Vista, almost everything that we wanted to enable for searching, indexing and accessing data is in fact possible on Windows Vista. While we initially thought we would have to replace the storage system with WinFS, we were able to deliver on the vision by simply enhancing the existing system.

They say that a picture is worth a thousand words -- and if that is true, than a video is worth a million, so go check out a little video that a team member put together summarizing the history.

Windows Vista includes innovation after innovation. We lead in so many areas including stunning handwriting recognition, speech recognition, TV integration, gaming, and feature after feature such as Shadow Copy, SideShow, ReadyBoost, and more. For example, even in core areas such as data management, Windows Vista has superior capability (well beyond search -- as I discussed in my blog entry) compared to other systems that ended up including simple search following our breakthrough demonstration at the PDC in 2003.

I can't tell you how proud I am of the Windows team here at Microsoft and our partners around the world. Their hard work has resulted in a significant milestone for the Windows Platform -- and their focus on engineering excellence has made Windows Vista the highest quality version of Windows ever. What is impressive here is that between the time we demonstrated Windows Vista (codename Longhorn) in October of 2003 and when we released it to manufacturing in November, 2006, the team also delivered:

Windows XP Service Pack 2 (August, 2004): Other companies would have called this a major release and charged money for it!
Windows XP Tablet PC Edition 2005 (August, 2004): Our handwriting recognition is even better in Windows Vista, but this innovative product broke new ground in handwriting capability.
Windows XP Starter Edition (September 2004): Our innovation here is opening computing to many throughout the world where previously it was out of their price range.
Windows XP Media Center Edition 2005 (October, 2004): This innovative product ushered in a new era in home entertainment -- moving computing into the living room -- that others are just trying to imitate now.
Windows Server 2003 Service Pack 1 (March, 2005)
Windows Server 2003 x64 Editions (April, 2005)
Windows XP Professional x64 Edition (April, 2005)
Windows Server 2003 R2 (December, 2005)
And more, including Windows XP Embedded updates, etc.

We are just days away from the launch of Windows Vista. Starting on January 30, everyone will be able to use these innovations firsthand. And I can't wait.

jim

Security Features vs. Convenience

JimAll — Tue, 23 Jan 2007 23:32:00 GMT

One of the most basic conundrums in computer security is the constant trade-off between security and usability. At the end of the day, if security is too complicated to use, then it simply won't be used. Even if a feature offers a good level of security protections, if it is complicated or has poor usability it will likely be disabled by the end-user or network administrator, which doesn't benefit anyone. The same issue with safety and security exists in the physical world. I remember when car alarms were first available (as an aftermarket product) -- you had to remember to set the alarm after you locked your car and half the time people forgot. Today, many cars come with alarms from the factory and the task of setting the alarm is usually just part of locking the car -- and as a result, alarms get set.

When we set off to make sure that Windows Vista was the most secure version of Windows ever, we had to create security capabilities that we could enable by default and be usable enough to be left on when the system was deployed. There is clearly a balance here because if we lock the system down too tightly, then we risk the majority of customers turning key features off, or even worse, staying on older versions of Windows and thus not realizing the great security benefits of the new system. It's a great irony when you realize that one of the risks of adding more security in the name of making people safer is that users might stay on older versions that, in some ways, appear easier to use but are much less secure than the new system.

While we greatly improved the security of Windows Vista and we believe it is the best system available, I have always been clear that the system is neither fool-proof nor unbreakable -- no software I have seen from anyone is. Moreover, there are defense-in-depth security capabilities that some may mistakenly believe are impenetrable security boundaries, when they are not. This was the hard balance that we dealt with: How many applications would be impacted with a harder security boundary and how many users might turn off a security feature if the usability was perceived to be worse?

One great illustration of this challenge in Windows Vista is User Account Control (UAC). In the simplest terms, you can think of UAC as "standard user that works" or "non-administrative user that can actually do things." Prior to Windows Vista, there were key scenarios that were important to a standard (non-administrator) user that couldn't be completed as a standard user. So to do things like change the local time zone on the system or many other things, you had to have local administrator privileges. As a result, almost everyone used a logon account that was a member of the local administrators group -- the secondary effect being that most software developers (including at Microsoft) developed their software assuming that the user would be an administrator. There were indeed some corporate customers that deployed their environments with their users as standard user, but this was typically an expensive task, and often with some loss of functionality.

So for Windows Vista, the primary goal of User Account Control was to help protect users from inadvertently doing things that require administrative privileges whether that privileged function was initiated by either malware or the user. Remember that prior to Windows Vista, when the user was logged on as an administrator, they (and typically all software) basically had full run of the system with the ability to override any local security checks. To achieve our goals for Windows Vista, we not only had to make standard user work well for an end-user who just wanted to get their work done, but also to protect someone who really needed to be an administrator from accidently doing something bad. The primary goal was to protect the system from both people with malicious intent and users who might inadvertently perform administrative tasks without knowing the full consequences of the task.

To do this, we had to go through the various system tasks that users perform and for each one ask the question: "should the user have to be an administrator to complete this task?" What we found was that in Windows XP there were many cases where we required the administrative privilege if the user was making a change that impacted the entire system (rather than just their user account). We subsequently learned that this was too broad a distinction and in fact, with some common sense rules, we could protect the system while still making it usable. We also found that there were many cases in previous versions of Windows where we had lumped things together when instead only part of the task really should have required the user to be an administrator. For example, in Windows XP you had to be an administrator in order to change the time or the time zone of the system. The reason that time functions are usually restricted is that you can do some pretty sneaky things if you can change the system time -- like trick system logs or backdate emails. But as it turns out, changing the time zone of the machine so that a business traveler based on the West Coast goes to their meetings at the right time when they are visiting New York really doesn’t need to be protected -- so in Windows Vista, we split that out and now allow a standard user to change the time zone.

As a result of this work, in Windows Vista you will find that once you get beyond the setup phase on most systems, you can work just fine as a standard user. The problem was what to do when the user needs to complete a task that does require the administrator privilege. To address this need, we created a new capability in Windows Vista so that when a standard user tries to do something that requires the administrator privilege, the system prompts the user to have an administrator authorize the task by entering their credentials (or confirm the task if you are an administrator).

When we first designed this functionality in Windows Vista, we required that the user enter the CONTROL-ALT-DELETE (C-A-D) sequence (known as a secure attention sequence due to its capability to resist interception) prior to prompting the administrator for their username and password. The reason for this functionality was that entering this sequence is the only way for the user to know for sure that it is really the system (and not some phishing exploit) asking for your credentials -- in much the same way that you never want to give personal information to someone who calls your house claiming to be your bank: You only want to give your password to the system when you know for sure that it's the system asking for it. So just like you only give your bank information if you called them yourself (so you know it's them), C-A-D is the high-assurance way to interact with the system directly and know with confidence it is the system on the other end. When the user hit the C-A-D sequence, we brought up the Secure Desktop, a restricted mode where only the system can run, and then asked the user for their credentials from that desktop. The benefit of the secure desktop is that it is more difficult for malware to run in that context, and the user knows that they are on the Secure Desktop because the running applications are grayed out in the background, highlighting the dialog box running on the secure desktop.

When we conducted usability testing, we quickly learned two things: The first was that that the system asked for permission way too frequently; and the second was that C-A-D was confusing to most users, especially home users, most of whom associate C-A-D with bringing up the Task Manager. To address the first issue, we examined the system and carefully analyzed each situation to make sure that we were only asking for permission when it was really necessary. We also worked with application vendors to make sure that they do not require elevation to administrators except when it is really necessary. We looked at cases where an application tried to elevate to administrator mode when it wasn't really necessary and created compatibility updates that made the application think they were elevating without actually evaluating them, thus eliminating an elevation prompt.

The second issue was more difficult to address, since C-A-D is really the only way to make sure that you aren't being spoofed by malware. With that said, at the end of the day, we came to the conclusion that if we did not eliminate the need to hit C-A-D, then most users would likely just run as an administrator all the time, which was more of a security risk than the potential risk of a credential spoof. While C-A-D was disabled by default, we still ask for consent on the secure desktop so that the user knows that this is a special request from the system. In the end, while we left the C-A-D integration with UAC in the system, we disabled it by default. If a user wants to require the C-A-D sequence for UAC elevations, they can easily turn it on via group or local policy. Network administrators can also mandate C-A-D for UAC elevations via group policy. So, if you want to be more secure than the Windows Vista default, just turn on C-A-D for UAC elevations.

Note that UAC may not help you if you already have malware on your machine -- one more reason why we view it as a defense-in-depth security feature and not a hard boundary.

As I discussed above, we also wanted to allow users who wanted to be a local administrator to have that flexibility, but at the same time be safer than Windows XP. To do this, we created a mode of UAC called admin approval mode. In this mode (which is on by default for all members of the local administrators group), every user with administrator privileges runs normally as a standard user; but when an application or the system needs to do something that requires administrator permissions, the user is prompted to approve the task explicitly. Unlike the "super user on" function from UNIX that leaves the process elevated until the user explicitly turns it off, admin approval mode enables administrator privileges for just the task that was approved, automatically returning the user to standard user when the task is completed.

However, it should be noted that this functionality is primarily a convenience feature for administrators and not an explicit security boundary between processes that can be absolutely isolated. If an administrator performs multiple tasks on the same desktop, then malware may potentially be able to inject or interfere with an elevated process from a non-elevated process. Thus, the most secure configuration for Windows Vista is to run processes in two separate accounts, with only administrator tasks performed using an administrator account and all other tasks performed under the standard user account.

When we first designed admin approval mode as part of UAC, the default was to require the user to type in their password. (This was in addition to the CONTROL-ALT-DELETE (C-A-D) sequence I discussed above.) The feedback from usability testing here was the same -- essentially, users felt that having to type in their password for each elevation was too complex, as was having to hit C-A-D prior to provide consent. Again, the risk of having this complex (although more stringent) UI was that some customers might simply turn off admin approval mode and then use administrative rights without any protection or warning. Clearly the security risk with admin approval mode off was greater than the risk of the system being spoofed. So, although this is not foolproof, if someone is going to run in admin approval mode, it is clearly much better than Windows XP. In the end, while it's possible to require a password in admin approval mode, it is not required by default. It can be enabled by an end-user or set by a network administrator using group policy. See below.

Another great example of convenience vs. security is our strategy on enabling Data Execution Prevention (DEP) in Windows Vista. In simple terms, DEP treats data as data and code as code, and then blocks execution of any data content. The benefit of this is that if there is a vulnerability in the system (or in an application) that allows a data buffer to be overrun, with DEP enabled, it is harder for the attack to execute the malicious code that was placed in the data buffer -- thus blocking the attack. DEP is turned on by default for the kernel and it is a great way of protecting other parts of the system (like Internet Explorer) and applications from buffer overruns. Here is the problem: it turns out that there are some third-party add-ons that generate code dynamically and store the code in the data region (sometimes referred to as "jitting"), and there is no method for DEP to distinguish between these add-ons and malware. So you either have more security or potential application compatibility issues.

Here is the default for Windows Vista.

Note that you can turn on DEP for all programs and services if you want. This is clearly a more secure state, but it could create some application compatibility issues. I certainly recommend that businesses test to see if they can use DEP for all programs and services. In some cases it might be possible; in others it won't be (yet). There’s that tradeoff again!

Internet Explorer was a particularly difficult case because we certainly wanted IE to benefit from the protection afforded by DEP. But prior to the Windows Vista release there were compatibility issues with several well known third-party IE add-ons, so by default we could not enable IE to run with DE. It turns out that there are two pieces of good news here. The first is that it is possible for dynamically generated ("jitted") code to be DEP-compatible -- it just takes a few lines of new code (and an upgrade to the new code). We expect most third parties to update their add-ons to support this. The second piece of good news is that Adobe, whose Acrobat and Flash Player add-ins were previously incompatible with DEP, has updated their software to be compatible with DEP. (Be sure to get these updates.)

So although it is not the default today, you can turn on DEP for IE for the additional protection. Michael Howard wrote a great blog post on how to enable DEP in Internet Explorer 7 on Windows Vista.

I personally have enabled IE to use DEP on all my Windows Vista PCs and I would recommend that you do also if you want the added security. (Again, be sure to get the Windows Vista updates from Adobe.) I won't promise that all sites will work, but in my typical usage pattern everything works fine. Over time, as we work with more third parties to make their software DEP-compliant, I expect we will be able to turn on DEP by default for everything.

While we have configured the system to balance usability and security, as I noted above, we've also made it possible for home users and network administrators to make the system even more secure by enabling the features that we ended up turning off by default -- something that wasn't possible on previous versions of Windows. So what's my advice? I tend to think of this in terms of a good, better and best approach for both home users and enterprise customers.

For home users:

Good strategy: Make the first user account a parental account (even on a kid's machine) and protect it with a good password -- by default, this first account is in the local administrators group with administrator approval mode enabled. Subsequent user accounts -- especially for kids -- should be standard users. If a standard user (for example, a child) encounters the need to complete an admin task, the administrator (for example, mom or dad) can enter the proper credentials to complete the task. With the advent of fingerprint readers on most laptops, this may be as simple as swiping a finger. You should also use the Parental Controls feature in Windows Vista to help protect and restrict any accounts that kids use.
Better strategy: In addition to the steps for "good strategy," also require the password to be entered when an administrator elevates themselves to complete a task using admin approval mode. This makes it harder to spoof the system and also makes it extremely difficult for an unauthorized person to complete an admin task on a PC that is left unattended. By default, Windows Vista will lock the desktop after inactivity (if you leave the machine), and if you have a password, then it will be required to unlock the system -- one more reason why we recommend that you have a password on accounts in the administrator group. You may want to adjust the period of inactivity to be shorter if necessary. I also recommend that you enable DEP for Internet Explorer. In most cases, if you get the latest add-ins from Adobe, you will likely not have too many problems. If you do, it's easy to turn it back off if necessary.
Best strategy: If you are extremely concerned about security, then in addition to "better strategy," also require the C-A-D sequence for consent to complete admin tasks. This will provide additional protection to the system when an administrator is elevating him or herself using admin approval mode and also when a standard user needs consent from an administrator.

For business deployments:

Good strategy: The most basic step is to require all users who need administrator privileges for their roles or application compatibility requirements to run with admin approval mode enabled (which is the default). This provides a good transition to standard user, but provides a little leeway through the transition. (Note that I personally strongly encourage businesses to move to a "better" or "best" strategy instead of staying at a "good" strategy.
Better strategy: Require all (or most) users to be standard user. Many customers should move their end-users to standard user over time. When elevation must occur, require C-A-D before the administrator enters their credentials to complete a task. Also require administrators to enter their credentials in admin approval mode. As in the home user case, I also recommend that you enable DEP for IE, provided the appropriate testing is done before doing this. If you have internally-developed add-ons that don't work with DEP, consider updating them to make them compatible.
Best strategy: In addition to having most users run as standard users with C-A-D and passwords required for administrators using admin approval mode, do not allow over-the-shoulder elevations for end-users on the theory that any tasks that require local elevations (such as software installs or configuration changes) could be completed more securely using centralized management including group policy. For changes that must happen locally, the administrator can log on to a separate session (either at the system or remotely using Remote Desktop).

The true test of how secure any system will be in practice has as much to do with how it is deployed as it does with its architecture and code quality. And how the system is deployed has a lot to do with usability and convenience. (If you don’t lock your doors at night because it is too much of a hassle, the locks don't offer much security.) Our goal is that the most generally applicable security configuration (remember, this is a combination of architecture, code quality and usability) is deployed by default. We sometimes use defense-in-depth approaches when designing security measures instead of hard boundaries for this reason. We also know that there are certain customers who, even with a deep understanding of the usability issues, may choose to enable a more locked down system than we could ever ship by default. For these people, we provide great flexibility to turn on even more protections. What makes this even more complex is that given how broadly a product like Windows Vista will be used, some people may try to create sensationalist headlines by calling out some apparent "weakness." Before they do, it is important to remember that the design was more likely a deliberate design choice that was balancing some other factor such as usability or application compatibility, rather than an oversight.

jim

Working with Data with Windows Vista

JimAll — Sat, 06 Jan 2007 20:03:00 GMT

One of the interesting things about the release of a major version upgrade like Windows Vista is that there are so many new features, that it might take you a while to discover all of the deep capabilities built into the product. Some features you will discover are nice changes that improve specific uses. Others can dramatically alter the way you use computers and make you much more productive. In Windows Vista, one of the best examples of this is finding and organizing things. It really starts with the Start Menu where, instead of hunting for the program you want to run, you can type in a few letters of the program's name and see it appear right on the top of the Start Menu. But search on the Start Menu is about much more than finding programs -- it can also be used to find a document that you are looking for as well. For example, if I am looking for a document about my friend "John", all I need to do is type in the word "John" and I can see all of the documents with the word "John" in the document, title, or tag placed on the document. If you do this, you will also notice that the search is not limited to the file system -- in fact, contacts from Microsoft Outlook that might help me get a hold of John are also displayed. I can also click on the "show all results" button that appears right on the Start Menu to see a list of all of the content (such as documents, web pages, emails, and even music) that relates to the word "John."

One of the things you will notice when you first sit down at a Windows Vista machine is that the Instant Search Box is available pervasively throughout the Windows Vista shell. Using the Instant Search Box, you can search any and all content on your Windows PC, including email, Office documents, music, photos, etc. But unlike other systems, we didn’t stop with "search". (Remember, indexing has been available in Windows for years and years -- it just works better now!)

Searching can only take you so far. Before we created Windows Vista, when I searched for things on Windows XP, I was often overwhelmed by the results of the searches I did. On Windows Vista, however, if there are too many things in the search results, you can instantly filter the results using the new built-in filter controls.

We also changed how you can view the information so you can spot things more easily. When you are looking in a folder using Windows Vista, you can easily change the view -- from a list, to details, to icons of various styles. In fact, the view can contain an image of the actual content (e.g., the first page of a spreadsheet) so we can finally start to get away from generic icon images where every Word document looks the same!

You may recall that when you used the "details" view in Windows XP, if you clicked on any of the fields (File Name, File Size, Date Modified), the shell would sort the folder based on the field that you chose -- then you could search the list yourself to find what you are looking for. Well as it turns out, sorting helps, but only goes so far (it's so Y2K), so for Windows Vista we created a new capability so that when you click to the right of any one of those headers, you can select specific values for the field to narrow the files that you want further. For example, suppose you have a folder full of Office documents and you want to find a business plan you wrote in 2002. You can’t remember if you wrote it as a Word document or as a PowerPoint deck, but you know it was written sometime that year. This takes seconds to find in Windows Vista by just selecting "2002" in the Date Modified header.

What is even cooler is that the logic behind the filter is shown in the address bar just like a path name so you can modify, add or delete the filters to refine your search and find what you need. Also, once you have filtered the files that you want, you can arrange the files in "stacks" based on any field that you are viewing. For example, if you go back to my 2002 business plan example, once I have created the filter that only shows me the Word and PowerPoint documents created in 2002, I can click on the "Type" field in Windows Explorer and select a stack view that creates four virtual folders -- one that includes the Word documents, one that contains the Excel files, one that includes the PowerPoint files and one for the Visio files. I can select any of these virtual folders and drag them to "Favorite Links" and the query will be available to me later.

While this is a cool capability for stacks, these virtual folders (called "Search Folders" in Windows Vista) work on any query/view that you create across any data you have. Some Search Folders are built-in, including "Recent documents," "Recent email" and "Recently changed." No matter what search query I create, I can always decide to save that query as a "saved search" right from the Windows Explorer using the "Save Search" button that appears in the "command bar" whenever the results of a query are shown. When a search is saved, it is always available in the "Searches" folder under Favorite Links. So, not only is my virtual folder (query) saved, but so is exactly how I configured the view of the folder. I use Search Folders for collecting together everything dealing with projects (e.g., a house remodel), regardless of where the information is stored (e.g., in email, in folder x or folder y).

The Windows Explorer allows you to view your Favorite Links, a folder hierarchy, or both on the left pane. Unlike in Windows XP, as I mentioned above, you have the ability to add to your Favorites by simply dragging and dropping folders that are most important over to your favorites. On the top of the Explorer view, you will also notice the new "address bar" that not only shows you the full path to the folder that you are viewing, but also allows you to modify the path at any level of the hierarchy. You should try selecting the caret and watch the system figure out everything that is available for you to choose from automatically. For me, this is a much easier way to navigate the file system hierarchy, especially when I am working with network shares.

Windows Vista also makes it possible to add a file details view or a file preview of any file that you select. Unlike previous operating systems, the preview in Windows Vista allows you to really view the file -- if it's a PowerPoint presentation, you can flip through the slides; if it's a video, you can watch the video right from the Explorer -- and unlike previous versions of Windows, if you want to look at both the Preview pane and the Details pane at the same time, you can do that too!

We have also modified the Common File Dialog (CFD) that can be used by Microsoft and third-party applications. Essentially, this is a mini-Explorer that can be used by applications. While in the default "mini-mode," you see a pretty simple dialog for tasks like "File Open" and "File Save,"” but there a few new things to notice. The first is that search is integrated into the CFD. So if I want to find and open a document about budgets from within an application, but I can’t remember where it is, all I need to do is type the word "budget" into the Search menu of the File Open dialog and I will see a list of documents (and have access to all of the filtering tools). Also, when I save a document for the first time or subsequently using the "Save As" dialog, I have the ability to add meta-data in the form of "tags" right from the Save dialog box.

While the new data management capabilities help me a lot at work, what's amazing is how much they have changed the way that my wife and I use Windows at home. We are very much into digital photography and in the past it was very hard to organize the thousands of photos we take in a given year. While we tend to store our photos in a new folder for each month, it was often hard to find specific photos by topic like "kids" or "Summer Vacation." Now with the enhancements to the Windows shell, you can add tags to the photos (like "kids" or "Summer Vacation") and add ratings as well. What I find particularly cool here is that when I stack my photos by tags, the same photo can appear in two stacks (e.g., a photo of my kids from our summer vacation would be both in the "kids" stack and the "summer vacation" stack), so I essentially have two virtual copies of the same photo. Of course, Windows Photo Gallery uses these same tags, and has even more flexibility!

Oh yeah ... one more thing. The Search Box supports a nice query filter syntax that you can read about if you go to the Windows Help system and search (of course) for "tips for finding files". Scroll to the bottom of the Help and try out the powerful query syntax on your system. There are Boolean operators, field variables, and even a way to type in natural language queries. For example, you could type in "kind:music artist:(Beethoven AND Mozart)" and get back all the music by Beethoven and Mozart on your system.

With Windows Vista, we are enabling the end-user experiences that we first previewed at the Professional Developers Conference in 2003. While we originally envisioned the need for a new storage system (WinFS) in order to deliver on our search goals, we were able to deliver on our vision by simply enhancing our existing storage system.

Like I said, Windows Vista goes beyond other systems in finding and organizing information -- making you much more productive once you step into the new world.

jim

Building a More Intelligent Windows

JimAll — Wed, 03 Jan 2007 23:34:00 GMT

Many people share the dream that the various electronic devices they use should do what they want without them having to ask. In our non-computer lives, we have come to expect basic things to just happen. We expect machines to help us by doing more things automatically, and more of the basics as we want them to happen, without asking. When I put my car in drive, the doors automatically lock -- when I put it back in park, the doors unlock. Instead of running for a pre-set period of time, most modern clothes dryers have a mode where they can sense when your clothes are dry and turn off once the job is done.

Many years ago, I was really struck by the programming language InterLisp's DWIM function. It meant "Do What I Mean." It was a quick and handy way for programmers to ask the computer to fix a program so that it did what the programmer had meant, but not actually written. It was magic for me -- the computer knew what I wanted and it fixed it for me!

For Windows Vista, we set off with the goal of creating a more intelligent experience for the user. Our vision was to use intelligence about the user and the environment to deliver a better experience for the user. And while there is so much more to be done in the future, Windows Vista does some incredibly innovative things that other software doesn't.

Here are some examples.

One of the key enhancements to the Windows Vista memory management system is a new feature called SuperFetch. I discussed this briefly in my blog post about ReadyBoost. SuperFetch watches how you work and then uses the RAM on your system in a new way that optimizes the system's performance to the way you work. For example, in contrast to traditional memory management systems that today use an approach to prioritizing how RAM is allocated to the various programs and services running on the system, SuperFetch can differentiate memory being used for interactive (high-priority) tasks from memory used for background (low-priority) tasks. When the user isn't interacting with the system, background tasks are allowed to run, but when they complete, SuperFetch repopulates RAM with the content that supports the interactive applications. SuperFetch is also smart enough to know which applications are used most often (over a long period of time) and pre-loads those applications into memory.

We also saw an opportunity to improve the user experience with the network. At the lowest level, the Next Generation TCP/IP stack in Windows Vista senses and learns about the network and uses this information to automatically tune settings. For example, just as most modern cars have automatic anti-knock sensors that eliminate the engine ping (pun sort of intended) that can come as a result of low-octane gas, Windows Vista's TCP/IP stack has new auto-tuning algorithms that automatically and dynamically adapt the TCP receive windows to the properties of the network path between the endpoints. This allows the stack to fully utilize the bandwidth between two endpoints (especially in high-delay conditions) and dynamically adapt to changing bandwidth and delay characteristics. We also have improved the dead gateway detection algorithms and the round-trip time estimators to further improve the network experience for the user -- automatically.

The networking code in Windows Vista also includes Network Location Awareness (NLA) functionality that intelligently "fingerprints" a network. NLA uses this "fingerprint" to remember network-specific settings and dynamically apply them whenever the system connects to that network. For example, the firewall in Windows will automatically change its settings when the system connects to a new network and restore them to your preferred settings for each known network when you connect to it.

One of my favorite examples of intelligence in action is the handwriting- and speech-recognition capabilities built into Windows Vista. People don’t like to spend a lot of time teaching their computer how they speak or write. So, the real opportunity is to provide better prediction of what you are saying or writing by understanding the vocabulary that you tend to use. And that's just what we did with Windows Vista. Since we already have an index of the content on your PC, we simply use this corpus of terminology to help the system disambiguate your input and deliver a more accurate result. (In case you are worried about privacy, there is no need: all this happens only on your machine, with no communication to any other computer.) This means that in addition to a common dictionary, the system can automatically learn the vocabulary that you use and then assign a higher weight to the words you use most often. The result is a much higher accuracy rate even if you work in a field with a specialized lexicon. So, if you work in a specialized area, there are many words that wouldn't be in a common dictionary initially, but because they are in your everyday documents and emails, the system will learn them automatically and understand them more easily. I should also note that personalization also helps with "in-dictionary" words in addition to "out-of-dictionary" words by raising the priority of the "in-dictionary" words you do use and thereby de-prioritizing random words such as "yon" (often confused with "you" by our previous handwriting-recognition software) that most people don't regularly use.

The result? During the beta testing of Windows Vista, someone on the team received a note from a quadriplegic saying that Windows Vista was going to dramatically improvement his life because of its huge improvements in speech recognition. By the way ... the email was, of course, written using Windows Vista's speech recognition.

Finally, in a previous blog entry I wrote about the Windows Recovery Environment. While the focus of my previous comments was on the ability to get a Windows Vista PC up and running, it's important to note the way that the Recovery Environment works. It essentially uses a heuristic-based diagnosis approach in the same way that one of our support engineers might work on the system if s/he had a debugger and direct access to it.

You might see all of these as just individually clever ideas, but the reality is that integrated intelligence (learning about you and doing what you mean) like what we are doing with all the examples above is the future for helpful devices for society.

jim

Windows Vista and protection from malware

JimAll — Wed, 20 Dec 2006 01:55:00 GMT

This entry updated at 8:49 PST on Tuesday 19 December 2006.

On November 30, Sophos issued its monthly report on the top ten threats reported to them in November of 2006. As a part of this, Sophos also studied Windows Vista's vulnerability to these malware threats. I found the information and press discussion confusing, so I thought I would clarify what this really means for customers.

In order to understand what was really going on here, I asked the team to go look at the technical facts behind the story, and that started in the lab. We began by observing first-hand how these various forms of malware affect a Windows Vista system using a machine that was configured with the default settings and without any additional security software. What we found was that if you are using only the software in Windows Vista (e.g., Windows Mail and no add-on security software), then you are immune to all ten of the malware threats that Sophos cited.

If you are using Microsoft Outlook or a third-party email client that blocks execution of known executable formats, then a user running Windows Vista is not vulnerable to eight of the ten malware threats. In the case of the ninth piece of malware, Bagle-Zip, the malware is able to run because it uses the .ZIP file format which some mail programs do not block. In the case of the tenth piece of malware, Mydoom-O, the malware is sometimes able to run because it randomly chooses the file type to which to distribute its payload and sometimes that file type is an executable inside a .ZIP file, which some mail programs do not block. In both cases, this is a function of the e-mail software, not Windows Vista. That said, even when a user receives a mail infected with Bagle-Zip or Mydoom-O in the .ZIP file format, in order for the malware to affect the system, the user must first explicitly open the .ZIP file and then explicitly run the executable file that's contained inside the .ZIP file -- there is no way for this to happen without two steps of user action. If you happen run a third-party email client that does not block known executable formats, then you may also be vulnerable to Netsky-D.

While Windows Mail blocks running executables even when they are included in a .ZIP file, other email clients could as well if they used a technology available (via APIs) in Windows called Attachment Manager (AM), first introduced in Windows XP Service Pack 2. So what should you do if you use a mail client that doesn’t support AM? Well, the most basic thing to do is to train users in your environment not to click on unknown attachments and, even if they do, to make sure that they don’t run executable files included in ZIP files. This may be hard to do -- and frankly, this is why we built AM protection into Windows. That said, if you use an add-on e-mail client, you should also use anti-virus software that can scan attachments prior to opening them to detect and block malware.

One question you may ask is why isn't this kind of malware scanning built into Windows Vista? We do have cleaners that will detect and remove this form of malware that is offered as part of the malicious software removal tool that we distribute each month. However, there is certainly a question about whether we should do even more in the operating system. The recent feedback we received around our decision to continue to include Kernel Patch Protection in the 64-bit versions of Windows Vista (even though we had shipped this protection in 64-bit versions of Windows XP nearly two years ago) was more controversial than we would have expected. It's a complicated world -- that's all I can say.

I should note that we do offer this kind of "on access" anti-virus software as part of Windows Live OneCare (for home users) and offer server based e-mail security in Microsoft Forefront Security for Exchange Server. In addition, we are currently beta testing an enterprise version of the client software called Microsoft Forefront Client Security.

So I know what you are thinking: Does any of this change my position about how I protect my 7-year-old son's PC? The short answer is absolutely not. The longer answer is that today I don't allow him to use e-mail or IM (also remember he is running as a standard user without knowledge of an administrator password, and he has specific Windows Vista parental controls turned on), so I don't worry about these kinds of attacks hitting his machine. And when I do let him start emailing his friends, I will simply set up Windows Mail to ensure he has a safe experience. For example, Windows Mail by default blocks images and other external content in HTML e-mail messages and it also by default prevents opening or saving attachments that could potentially be viruses. But, I could go even further by using Windows Mail rules to block all attachments and delete such email. That said, one day, he will most likely use AV software. But remember, even without the AV software, if he was using Windows Mail in Windows Vista, he was safe from all ten of these malware threats.

So what should you do? As I have said on this blog in the past, I am very proud of the work we have done for security in Windows Vista. However, I have also stated that it is neither foolproof nor perfect; no software from anyone I have seen is. So, if you have a totally locked down environment (including using Parental Controls) like my son, you may be good to go with Windows Vista out of the box. Similarly, if you aren’t in a locked down environment, but you use Windows Mail in a controlled configuration, you may also be ok from malware such as this. If you use an add-on email client and you know not to run executables embedded in email attachments, then you will also be safe from these specific threats. And with all that said, if you are like most users and receive e-mail from unknown people, are not really sure even what executables or ZIP files are, run a lot of software and browse the web downloading programs with abandon, then our best advice remains the same: You should 1) stay current with the latest security updates (and in this case I urge you to use the recommended defaults included in Windows Vista); 2) use a firewall (there's a great two-way firewall built into Windows Vista! Or, use a third-party solution that you can buy); and 3) use anti-malware software. I recommend using the combination of Windows Defender and an add-on anti-virus software program such as Windows Live OneCare or one of the many great products available from third parties, such as Sophos.

jim

Multi-Version Investments in Group Policy

JimAll — Fri, 15 Dec 2006 06:40:00 GMT

Anyone who has ever heard me give a talk about Windows Vista (even back when it was called Windows Longhorn) knows that I usually mention that Windows Vista is the first version of Windows since Windows 95 that truly has something for everyone, including home users, business users, IT professionals and developers. One particular area of improvement in Windows Vista for IT professionals is Group Policy.

We first introduced Group Policy in Windows 2000 Client and Server. Unlike Windows Vista, Windows 2000 was not a "something for everyone" release. The primary beneficiaries of Windows 2000 were business users (mainly because it enabled the Windows NT kernel to work on portable machines) and IT Professionals. For IT Pros, the big news was unprecedented performance/scalabilty, reliability, and of course, manageability. Windows 2000 introduced Active Directory which not only enabled a much more scalable notion of single network logon (we call that identity management today), but as importantly, it allowed IT managers to configure policy settings to centrally control the behavior and security of the systems they were managing. In Windows 2000, Group Policy enabled IT Professionals to create a specific desktop configuration to configure and control groups of users and computers. Windows 2000 Group Policy specifies settings for groups of users and of computers, including registry-based policy settings, security settings, software installation, scripts (computer start-up and shutdown, and log on and log off), and folder redirection. When introduced, Windows 2000 enabled about 500 policy settings, which grew over time with new releases of the server and client operating systems and components so that in Windows Server 2003 and Windows XP SP2, there were over 1,700 total settings that could be centrally administered through Group Policy.

As it turns out, the most "killer application" that utilized Active Directory back in 2000 was as the identity store for Exchange Server. From a policy perspective, much of the policy that was actually managed by Active Directory back in the Windows 2000 time frame were rules that were authored, tested and maintained by individual customers. The point is that it took the development cycle of Windows 2000 (along with some refinements in Windows Server 2003) to develop and flesh out the infrastructure so that it could be used to solve a more sophisticated set of IT scenarios.

What is cool is that we had an opportunity with Windows Vista to build upon the Group Policy investment we've made over the last 6 years to provide even more capabilities. Windows Vista brings about 800 new policy settings to the table. These span multiple categories, many of which you already know and rely on. But, Windows Vista focuses not just on the amount of new settings, but also the right ones -- scenario-based settings that our customers asked us to include to help simplify their operational problems -- ones that simply hadn't existed or had lacked any Group Policy controls.

Enhanced areas in Group Policy include Wired and Wireless networking policy, Windows Firewall and IPsec, Print Management, Desktop Shell, Remote Assistance and Tablet PC. We have also made the policies that can be managed for Internet Explorer much more extensive for Windows Vista.

New areas in Windows Vista Group Policy include Removable Storage Device Management, Power Management, User Account Control, Windows Error Reporting, Printer Deployment, Network Access Protection (with Windows Server “Longhorn”), Network Quality of Service and Windows Defender. For example, using the Group Policy capabilities in Windows Vista, an IT manager can set a policy to put the Windows Vista PCs in their environment into a reduced power state after a specified period of inactivity. This is a great example of the value of Group Policy -- enabling power management policy settings can have an immediate and direct benefit on the bottom line by reducing power costs. IT managers who have users with sensitive data can also use Group Policy to limit use of removable storage devices on systems that handle such sensitive data. We've heard from customers that they needed this control for quite some time and now, Windows Vista delivers it. I should also note that in as much as Group Policy can be used to lock down the systems in a network, it can also be used to delegate certain features so that the non-administrator user on a machine can complete key tasks -- like installing a printer driver -- without having to ask for permission from the IT department.

Be sure to check out the Group Policy Reference Spreadsheet, which now lists all policy settings requiring schema updates -- as well as, for the first time, listing those requiring a reboot or user logoff.

One of the other things that we have added to Group Policy is the ability to use Windows Vista's Network Location Awareness feature to drive policy refresh behavior. Through these improvements, Group Policy is now more aware of changes in network conditions as they occur. For example, Group Policy can now use the event of a newly established VPN session as an opportunity to refresh policy to help maintain network security. This makes Group Policy much more responsive in scenarios such as these. We have also removed the dependency in "ping," which caused issues for some customers that blocked ICMP traffic.

For the Group Policy administrator, we've made significant changes to the manner in which we report events. Specifically, we take advantage of Windows Vista's new event reporting infrastructure for our administrative and operational logs. We expose richer and more logical events as policy events occur, logging information such as which Domain Controllers (DCs) were used, whether slow links were in effect, and which Group Policy Objects (GPOs) were applicable. The net effect of these changes is a more streamlined and effective troubleshooting process for Group Policy.

Clearly the investments that we made more than 6 years ago as we developed Active Directory and Group Policy to work at scale are paying off in the form of new capabilities that will not only lower TCO for IT Administrators and give business end-users a greater sense of security as they work, but also enable a new generation of applications to be managed centrally using an ever-ubiquitous infrastructure element. As Group Policy has been established as a key infrastructure component of the OS, we are now seeing more parts of the OS using Group Policy to manage system behavior, which leads to a much more consistent and pervasive use of Group Policy as a way to manage Windows Systems. The result is that we have nearly doubled the number of policy settings in the OS between Windows XP SP2 and Windows Vista.

As I look back at some of the growing pains we experienced 6 years ago in building Windows 2000, it's exciting to see the positive long-term impact that those investments are making in Windows Vista. What's even cooler is knowing that Windows Vista is another great milestone along the way for business end-users, developers and IT managers who choose to invest in Active Directory.

jim

Setting The Record Straight

JimAll — Tue, 12 Dec 2006 06:27:00 GMT

As part of one of Microsoft's on-going lawsuits, a piece of email that I sent to Steve Ballmer and Bill Gates recently became public. It was a rant encouraging a change to the way we were building Windows at the time. In the email, I made a comment for effect about buying a Mac if I was not working at Microsoft. Taken out of context, this comment could be confusing. Let me set the record straight:

This email is nearly 3 years old, and I was being purposefully dramatic in order to drive home a point. The point being that we needed to change and change quickly. We did: We changed dramatically the development process that was being used and we reset the Windows Vista development project in mid-2004, essentially starting over.
2-and-½ years later, Windows Vista has turned into a phenomenal product, better than any other OS we've ever built and far, far better than any other software available today, in my opinion. It's going to be available to customers on Jan 30, and I suggest everyone go out and get it as soon as you can. It's that good.

The spirit of being self-critical continues to flourish at Microsoft. Within Microsoft everyone considers it their duty to always put their convictions and our product quality ahead of everything else. That was the intent of my mail to Bill and Steve, and I consider it a great example of how this company can focus and do what's right for customers.

jim

Windows Vista Power Management

JimAll — Fri, 08 Dec 2006 22:50:00 GMT

The hardware that makes up today’s laptops has gotten quite efficient and we have worked hard to improve Windows' ability to manage that hardware. One of the biggest improvements in the mobile PC experience for Windows since the early 1990 is longer battery life. The trick here is to make the system as efficient as possible while still maintaining a great user experience. At the same time, the increased cost of electricity has become a key factor for enterprise customers who are under continued pressure to manage TCO (total cost of ownership). As a result of all of these factors, we decided to make some extensive changes in the power management sub-system for Windows Vista.

The Windows Vista power management goals were simple: 1) making turning a computer "off"/"on" as reliable, simple, and fast as turning off/on a TV, and 2) maximizing the active usage if on battery and reducing the energy consumption if on A/C power. The first goal involved not only improving the predictability of the behavior when a PC was switched "off", but more importantly changing the model for what "off" and "on" means. Everyone knows that turning a TV off doesn’t really turn it off. It is still available to receive the remote control signal, etc. so that it can come back on quickly. We wanted to emulate this for Windows Vista machines.

To the degree possible, "off" equals "sleep" in Windows Vista, where the system state is saved in RAM. This creates the best balance of user experience for speed of resuming and lowest usage of power. However, if the PC is running on batteries even that minimal power usage could drain the batteries eventually. Remember the top goal here is to make sure that we can enable a fast on experience (like your cell phone) and a fast off experience, while still making sure that you don't lose your work when a Windows PC is turned off. To do this, we created a new approach that we call "hybrid sleep state" that is the best of the sleep and hibernate modes (which existed separately in Windows XP). In this hybrid mode, the state is stored both in RAM and on disk, so nothing can be lost if power goes out. Then the system is suspended into the low powered sleep state for a period of time (like your cell phone). Normally, when the user returns and wakes the machine, system state is just restored from RAM, and resume responsiveness to the user is fast. However, if for some reason power is lost (for example, if the PC is unplugged to move it -- like you might move your TV), the system can still resume from the hibernate image previously saved to disk with all context and data intact.

While Hybrid Sleep can be used on a laptop computer, it isn’t as applicable to laptops for a couple of reasons. First, a desktop is vulnerable to power loss, while a laptop can of course run on its internal battery. A laptop can also detect or even wake up from standby when the battery is low so Windows can save everything to the disk before the battery is completely drained -- and remember, in the sleep state all the battery needs to do is to refresh the RAM, which takes very little power. Also, mobile users want a grab-n-go usage model, so taking extra time after the laptop lid is closed spinning the disk to write out a potentially large hibernate file could be a problem. Lastly, after a laptop has been in sleep for a while, the system will wake up and immediately go into the hibernate state. This state uses absolutely no power, so even the minimal battery drain used in standby is removed. If the system is in this power state when the user wants to use the system, then the system state is restored from disk.

In either case (suspend to RAM or disk), though, the user conceptually just thinks of "on"/"off." In the case that the machine hasn't been used for a long time, then the only difference to the user is that it just takes slightly longer to resume back to where they were. As I mentioned, if the system is A/C-powered, then by default we leave the system in the sleep state (never going into hibernate) so that the machine can be virtually instantly available, but still have substantial power savings compared to past systems. The bottom line is that because there is no reboot, the PC can respond much more quickly.

In order to ensure that "off" worked effectively with this new model, we needed to address some unpredictability that occurred with sleep in Windows XP. Instead of waiting for each application, service and device to agree before going into power saving mode, in Windows Vista we changed the approach so that we give the application, services and devices a notice of the impending suspend and then wait a maximum of 2 seconds for them to finish up any work and put themselves into a state they can continue from when the system wakes up. With Windows Vista there won’t be any more sinking feelings when the airplane is at 10,000 feet and you reached into your laptop bag to find the laptop all cozy and warm because it didn’t go into power saving mode when you were running for the plane -- caused because some device, service, or application wasn't well behaved. One of the interesting things about the new power management system is that Windows Vista is able to come back from the sleep state so quickly that the first time you open the lid on a suspended Windows Vista laptop you might wonder if it was on the whole time -- trust, me it wasn’t.

Our second goal was to reduce the power consumption of PCs when they are idle. In the past the few users who did shut down their PCs when not in use had to sit through a long boot process to get their PC back on. However, many enterprises and home users just leave their PCs on 7x24. While this is nice to be able to have the PC ready to respond when you sit down at it, powering a PC overnight just so it can be available to you when you sit down at 8AM is a pretty expensive approach.

In order to achieve the second objective -- reducing power usage -- we made changes to dramatically improve idle power consumption. The dream was to reduce power consumption by powering key components down more frequently and leaving them powered down for longer periods while still maintaining a great user experience. For example, while Windows XP did a great job of lowering CPU speed and voltage whenever possible, in Windows Vista we added enhanced capabilities to use power more efficiently on multi-core systems. And we have created new APIs so that driver and application developers can get notifications about the power scheme being used on the system and then adapt their behavior for the power scheme. Finally, all of the power management configurations parameters can be controlled by the IT department (on a PC-by-PC basis) using Group Policy if they want to tweak the defaults, making corporate deployment of these features easily manageable.

How much power is used and how great the experience is depends on all the equipment and software attached to your system. So, we created some great tools including the Power Event Monitoring tool to help develop and test applications, as well as some great content for developers on power management. We have also made the power management system extensible, so that instead of writing separate power management solutions, third parties including computer manufacturers can closely integrate their unique features and capabilities with Windows.

If you look at the impact in power-savings terms of the Windows Vista design, it is pretty amazing. (BTW, there is a great white paper on this on Microsoft.com, but I will net it out for you here). A typical Pentium 4 PC with a 17" LCD monitor draws about 102.6 watts of power (think about a 100 watt light bulb). That same PC and display in a sleep state draws only 5.6 watts, or 97 fewer watts. If you figure that a PC is used for active work for 10 hours a day, 5 days a week, 52 weeks per year, that is 2,600 operating hours. With 8,760 hours in a year (365*24), there are actually 6,160 potential idle hours per year. Since sleep mode uses 97 fewer watts than full power mode, the total savings is 597 kWh per year -- and by the way, the impact is obviously even greater (760 kWh) if you use a CRT monitor since they draw more power than LCDs.

The paper uses an estimate of $0.0931 per kWh from the US Department of Energy, so for a home user with one PC, the savings amounts to $55.63/year (more if the PC is used less than 10 hours a day). While that is great saving for a home user, think about an enterprise with 10,000 desktops where the potential cost savings would be $556,300/year -- and we haven’t even tried to estimate the HVAC savings. With IT budgets becoming sequentially tighter year over year, it's nice to be able to have this kind of impact. I would be remiss if I didn’t mention the fact that there is also a significant environmental impact as well. The EPA estimates that every kWh of electricity generates 1.55 pounds carbon dioxide (CO2) emissions so each PC that moves to Windows Vista generates 926 fewer pounds of carbon dioxide or about 8% of what the EPA estimates that a typical car generates in the course of a year-- so for every 12 and a half PCs that are running with Windows Vista’s new power management capabilities, it’s like having one less car on the road.

I strongly encourage you to use the defaults in Windows Vista. And no need to think much anymore about different power-saving modes and terms like hibernate, sleep, etc -- just hit the symbol for "on" and "off" and let the system do the thinking and power saving for you.

jim

Audio Improvements in Windows Vista

JimAll — Thu, 07 Dec 2006 00:10:00 GMT

A few weeks ago I wrote about the new sounds of Windows Vista and I made the point that sound is an important component of your experience using a Windows PC. As important as the new sounds are as an interface to the Windows UI, of equal importance is the system infrastructure that enables you to control and enjoy those sounds.

I personally use a Windows PC in three ways: 1) at work or at home for productivity, 2) at home (and when I travel) to enjoy media including music, videos and photos, and 3) at home in my recording studio (long story, but the short version is that my mom was glad when I got a real job with this computer science stuff). In all of these situations, having great control over the sounds on a Windows PC is important and prior to Windows Vista it was harder to do.

Imagine you are on a plane writing a document or reading email using Microsoft Office while listening to music stored on your laptop using Windows Media Player. You are listening to your favorite tunes at high volume and suddenly you make a mistake which causes Windows to give you an error sound. On Windows XP, there wasn’t really much you could do about it since there was a single volume control for all sounds generated on the PC -- whether they came from Microsoft Word or Windows Media Player. This is just not a problem on Windows Vista because we have replaced the old Volume Control with the new Volume Mixer. To bring up the Volume Mixer, click on the "speaker" icon in the right side of the tray and select "Mixer," and you will not only see the master volume control for each output device, but also a volume control for each software application -- in this case each application is treated as its own input. The best part is that you can mute the sounds from each application to suit your needs.

While we have made many improvements in Windows Media Center for Windows Vista, these new capabilities become really compelling with great support for high-end audio. So, in addition to making it easier to manage sound in the productivity scenarios, we have also introduced new audio functionality including features and performance that you typically get in a high-end audio/visual receiver, including Room Correction and Bass Management. Together, these new capabilities make Windows the platform for enjoying digital content -- whether you are doing it on a laptop or desktop, in your living room or in your home theater. With these improvements, a PC running Windows Vista with the appropriate sound hardware is the best integrated source of high-end audio and visual content. Here’s why.

Have you ever been watching TV and suddenly an ad comes on that is much louder than the show you were watching? Or, have you ever been listening to the radio and then switched to a CD and had everything get much quieter? The reason for this is that while most audio devices allow you to control the volume of the source, they do not allow you to control its dynamic range. Additionally, most dynamic range solutions in use today aim to maintain a constant signal level, but what your ears perceive is loudness. So for Windows Vista, we added Loudness Equalization which uses an understanding of human hearing to reduce perceived volume differences. The result is that when you change audio sources, the level of loudness that you hear remains much more constant. Some receivers have this feature today, but if you make Windows Vista the source for your digital content in your living room or home theater, you will "just get it" in software, regardless of the capabilities of your A/V receiver.

Windows Vista also includes capabilities to help you get the most of your sound system as well. For example, if you have a high-end multi-channel speaker setup with front and rear channels, a center channel and a sub-woofer, Windows Vista's Speaker Fill feature can be configured to take a standard 2-channel (stereo) source (e.g., a typical music CD) and create a virtual multi-channel experience to help you get the most of your loudspeaker investment. The opposite is also true -- if you don’t have a sub-woofer, a feature called Bass Management can be used to redirect the subwoofer signal to the main speakers. Or, if you are missing a center channel (or maybe you only have the front three channels), a feature called Channel Phantoming allows you to make best use of the speakers that you have.

Whether you have a multi-channel or stereo sound system in your home theater or living room, Windows Vista also includes the ability to calibrate your speakers for your room. By placing a microphone where you plan to sit and then running a wizard that measures the room response, Windows Vista can automatically set the levels, delay and frequency balance for each channel accordingly for this position.

Finally, back to my airplane example. We know that a lot of people enjoy music, movies and TV on their PCs using headphones. With Windows Vista we have added the ability to have surround sound using a new feature called Headphone Virtualization, which uses a technology known as Head-Related Transfer Functions or HRTF. Essentially the system uses information about the physics of your head to create an outside-of-the-head experience. As a result, in addition to hearing the normal sensation of left-to-right sound separation, Windows Vista can also enable the user to differentiate between front and rear sounds as well as close and far sounds. Pretty cool, huh?

The best part of all of this is that you don’t have to be an audio engineer to use this (although I bet a lot of audio engineers will like it). Instead, it's all very accessible using the new audio control panel in Windows Vista. You have to have the right hardware for the enhancements to show up, but a lot of new machines will come with the right stuff.

While in the past, Windows PC and Windows Media Centers were thought primarily as a single source of audio content, with the enhancements in Windows Vista, my expectation is that Windows will become more of an integrated source of content if not more of the receiver/pre-amp in more sophisticated systems -- and, of course, a better way to simply enjoy content on desktop and laptop systems.

I know I can hear the difference.

jim

Windows Recovery Environment

JimAll — Tue, 05 Dec 2006 19:01:00 GMT

Anyone who has called a customer support number recently has most likely heard the recorded message "To help us improve our quality of service this call may be recorded or monitored." When you call Microsoft Customer Support, one of the reasons that you hear such a message is that we have this really cool system that lets folks in the product group listen to support calls. This lets us hear first-hand the issues that users are having with our products. While I love this system, I am often humbled by what I hear. Of all of the calls that I monitor, the one that I find most frustrating (remember, I am in listen-only mode) is the call where the customer's PC just won’t boot. While I know I might be able to fix the PC if I had direct access to it, I know how hard it is for the user to follow a complex set of directions from even the most talented support engineer as they try to diagnose and correct the problem together. I also know that it's even more frustrating for the customer.

I knew we had to tackle this for Windows Vista and I am very proud of the progress we made with a new feature called Windows Recovery Environment or Windows RE. Windows RE is a combination runtime environment, diagnostic tool and repair system that basically tries to do about 80% of what one of the engineers in the Windows support team could do if they came to your home or office and hooked up a debugger up to your PC -- all without you having to do anything.

In looking at the support data, we know that the top 5 issues that cause Windows XP PCs not to boot are: 1) registry corruptions, 2) corrupt file systems (also known as NTFS metadata corruptions), 3) missing OS loader, 4) inaccessible boot devices (often caused by installing a bad storage driver) and 5) system file corruptions (some part of the OS getting deleted). These problems could happen because of hardware memory corruptions, disk corruptions, other hardware issues, buggy device drivers, or a kernel software issue. Regardless of how the system got into that state, the idea was to create an environment that would use heuristics to essentially implement a differential diagnosis to identify the issue and then use the resources in the other parts of the system configuration, combined with back-up data (such as system restore points) and a copy of key system image information to put the system back into an operating state -- without user intervention.

The recovery environment can be loaded in one of two ways: either automatically, if the computer manufacturer or IT administrator created a separate partition with Windows Recovery Environment installed on it, or manually using either the Windows Vista DVD or the on-disk recovery environment. When Windows RE is installed on the hard disk, it can be accessed by pressing the F8 key when the system is booting.

Here is how it works in the automatic scenario (with the Windows RE partition). At startup, the Windows loader sets a flag to show that the boot process has started. If the boot is successful, we clear the flag right before the Windows logon screen is displayed. However, if the boot fails, the flag is never cleared so that the next time the computer tries to boot, the Windows loader see that the flag was not cleared and assumes that the boot failed, so the loader launches the Windows Recovery Environment instead of Windows Vista. If you don't have the automatic mode, you can use the Windows Vista DVD to load the Startup Repair tool.

Once loaded, the Startup Repair starts checking for potential problems to see why the system failed to boot by grinding through the following questions: Is the problem a missing or damaged boot configuration file? Is the problem due to missing or damaged system files? Is it due to a missing or damaged driver? An incompatible driver? An incompatible OS update? In all of these cases, if a problem is found, the system will attempt to correct the problem either by restoring a file using a cache of files (for example, a corrupted driver file), using a system restore point, or recreating a database using other data (such as rebuilding a registry hive or the file system). The system will also detect and report a bad hard disk or bad memory, but given that these are hardware issues, we can’t do much to fix them.

One very cool thing about the Windows Recovery Environment is that the computer manufacturer or IT administrator will be able to store a "base" configuration on the recovery partition. That way the user will have the ability to restore their Windows Vista PC to the "factory new" state without having to reinstall the operating system. Also, if you enable Windows Backup, you can restore the backed-up system state using Windows RE.

More detailed information on the Windows Recovery Environment and how to use it is available on the Windows RE team blog. The important thing for most users though is to just let the recovery system do its repair job automatically. In addition to reducing both the support costs for IT managers and the frustration that users face when their Windows PC just won't boot, one of the most important scenarios that the Windows Recovery Environment will reduce is the wipe-and-reload approach that, in my mind, is resorted to far too frequently. Certainly without the benefit of the Windows Recovery Environment, wipe-and-reload may have been the most pragmatic solution in the past, but not with Windows Vista. You should push back hard whenever someone tells you to wipe and reload a Windows Vista machine because it won't boot.

So next time you hear one of those recordings on the phone (and I hope you never need to), remember that we monitored the call not just for the quality of the support, but also for the quality of the product.

jim

Windows ReadyBoost

JimAll — Tue, 21 Nov 2006 02:14:00 GMT

If there is one thing that can really help applications on Windows Vista run better, it's memory. When comparing the performance of Windows XP and Windows Vista on a PC with 1 GB of main memory, Windows Vista is generally comparable to Windows XP or faster. However, we also know that in some cases, on PCs with 512 MB of main memory, applications on Windows XP may seem more responsive. Why? Mostly because the features in Windows Vista use a bit more memory to do the things that make it so cool, like indexing your data, keeping the fancier AERO UI running using the desktop window manager (DWM), etc. The less memory in your machine, the more often the OS must randomly access the disk. This slows system performs in cases where your applications just barely fit in memory on Windows XP but not quite in Windows Vista.

We redesigned the memory manager in Windows Vista so that if you give the system more memory, it uses that memory much more efficiently than previous operating systems via a technique called SuperFetch -- part of Windows Vista's intelligent heuristic memory management system. And so Windows Vista on a PC with even more than 1 GB of primary memory (say 2 GB) will generally outperform Windows XP on that same machine -- especially once you have been using the machine for some time because Windows Vista learns what you do the most often and optimizes for this.

While I fully expect the generation of PCs that ship with Windows Vista to include more memory, we also know that many existing PCs have 512 MB. While memory has gotten much less expensive, many (non-geek) people I know are just not comfortable opening up their PC and installing more memory. While there are some great PC shops that will do this for you, a lot of people may not want to bother. Well with Windows ReadyBoost, if you have a flash drive (like a USB thumb drive or an SD card) you can just use this to make your computer run better with Windows Vista. You simply plug in a flash drive and Windows Vista will use Windows ReadyBoost to utilize the flash memory to improve performance.

I should be clear that while flash drives do contain memory, Windows ReadyBoost isn’t really using that memory to increase the main system RAM in your computer. Instead, ReadyBoost uses the flash drive to store information that is being used by the memory manager. If you are running a lot of applications on a system that has limited memory, Windows ReadyBoost will use the flash drive to create a copy of virtual memory that is not quite as fast as RAM, but a whole lot faster than going to the hard disk. What is very cool here is that there is nothing stored on this flash disk that isn’t also on the hard disk, so if you remove the flash drive, the memory manager sees the change and automatically goes to the hard disk. While the performance gain from ReadyBoost is gone, you don’t lose any data and there is no interruption. And because the Windows Readyboost cache on the flash drive is encrypted using AES-128, you don’t need to worry about exposing sensitive data if the flash drive is stolen or lost. Also, the memory manager compresses the pages before writing them into the cache on the flash disk, which means you’ll get more mileage from each MB.

So, if you just want your PC to run faster with Windows Vista -- it's pretty simple -- connect your flash drive through any USB 2.0 socket or PCI interface and when the autoplay interface comes up, choose "Speed up my system using ReadyBoost." You need to have at least 230 MB free on the flash drive and some flash disks are not fast enough to support Windows ReadyBoost, although you’ll be told if that's the case.

If you want to learn more about ReadyBoost, Matt Ayers, the program manager for ReadyBoost, created a great FAQ that Tom Archer posted on his blog that is really worth reading. Tom also did a great job of showing all of the set-up screens in his blog.

If you are like me, you may have a few flash drives in your desk. If not, you can buy 1 GB drives online for less than $50. If you put a flash drive into a Windows XP PC, you get access to files on the drive -- if you add that same drive to an identical machine running Windows Vista, you can also boost the performance of your PC with ReadyBoost. Just one more way that Windows Vista helps you get the most from your hardware.

jim

Updating a Brand-New Product

JimAll — Sat, 18 Nov 2006 01:49:00 GMT

Now that Windows Vista has released to manufacturing, you might think that there is no opportunity for the product to get better before you get to use it. Pre-Internet and before Windows Update, that was generally the case. But things are different today. With Windows Update, as new device drivers are available or issues are found and corrected, the product will simply get better and better over time.

While we worked hard to get a comprehensive set of drivers on the DVD prior to release-to-manufacturing (RTM), the magic of Windows Update and Automatic Updates makes this "frozen in time" distribution problem basically a non-issue. For Windows Vista we are excited to have over 19,500 device drivers on the Windows Vista DVD (in contrast to just 10,000 for Windows XP when it shipped). The number of device drivers is really a small way of looking at it, since each driver can usually support numerous actual different device models. Indeed, sometimes a single driver can support hundreds of different models, as often is the case with video drivers. But, what is even more significant is that at the RTM for Windows Vista, we already had an additional 11,700 device drivers on Windows Update compared to just 2,000 for Windows XP when it RTM’d in 2001. And while we will have significantly more drivers online by official availability, we will continue to add more drivers even after the launch. Because of the improvements in Automatic Updates for Windows Vista, users that choose the recommended setting for Automatic Updates will have the latest drivers installed and available when they add a new device.

The other experience that Windows Update helps improve is with third-party applications. Supporting existing applications on the new operating system is obviously key to driving satisfaction and adoption of the new product. We have worked hard with independent software vendor (ISV) partners to make sure that these applications work well on Windows Vista. Many of these ISVs have had a chance to either respond to our feedback or test their applications themselves and have worked with us to address any issues. Now that we have finished Windows Vista, we expect even more application vendors to test their applications and give us feedback. As we work with these ISV partners, we will develop application compatibility updates to make even more applications work great with Vista. As each batch is ready, we will put the new compatibility updates on Windows Update.

Finally, there is always the concern about what to do if a significant issue is discovered in Windows Vista after it RTMs. Even though we have worked hard to make sure that Windows Vista is the highest-quality version of Windows ever shipped, issues in every software product will certainly surface. While we expect that the number of issues will be low, we know that when issues do arise that the impact on the customer experience will be mitigated because they can be addressed and proactively distributed via Automatic Updates.

When you use Windows Vista for the first time, you will notice that the system asks if you want to check for any updates; I strongly recommend it -- it’s a good habit. And don’t be surprised when the system downloads some updates -- in fact you should expect it. And you should know that our engineering teams are still working hard to give you the best experience possible, even after RTM. So Windows Vista will continuously get better and better, automatically.

While it may go without saying, I also recommend that you take the default setting for Automatic Updates when you setup Windows Vista so that you also get recommended updates. That's the best option for getting the best experience in my view.

jim

Improvements in Updating

JimAll — Wed, 15 Nov 2006 01:41:00 GMT

One of the things that I have been focused on for many years is the ability to update a Windows PC with the latest software to make the system run great and help keep it secure. While automation has really always been my core dream, we had to start someplace, so back when we first launched Windows Update it was really just about having a single place to find the bits people need to keep their systems up to date. But, once at the site they still had to do everything manually.

Windows XP Service Pack 2 was certainly an important milestone for Windows Update, primarily because we changed the recommended setting for the Automatic Updates functionality of Windows Update from the option that just downloaded the updates and then notified you that an update was available, to the option that automatically downloaded and installed the updates. In addition, we created a new feature in system shutdown that allowed the system to install the latest updates as a part of the shutdown process.

These changes have had a dramatic increase on the number of people both using Windows Update but also using Automatic Updates. For example, in the case of one of the security updates we released in October of 2003 (before Windows XP SP2), only about one-half of the systems that downloaded the update ever installed it. Only about 9% of those installations were done as part of a scheduled update, the rest were installed manually (with user intervention). In contrast, in September of 2006 (after Windows XP SP2) we had about three times the number of installations of one of our security updates. What is interesting is that of those installs only 20% of them were done manually and 80% (!) were automatically installed through scheduled updates (34%) or at system shutdown (46%). Certainly we helped people to be more protected from attacks.

When I help a friend or family member with their Windows PC, one of the first things I check is to make sure that their PC is up to date. Now, with the widespread use of Automatic Updates, I usually find that they are.

While this was great progress, there were a few additional things we really wanted to get done in Windows Vista. First, while Automatic Updates in Windows XP SP2 did a great job of getting critical security fixes onto your PC, there really was no way for you to automatically keep your PC up-to-date with the non-critical updates that are important to keep your PC current. So for Windows Vista, you now have the ability to include recommended updates when downloading and installing updates. While this is the recommended setting when you install Windows Vista, you have the choice to not take these updates, and of course you can change your mind later.

With Windows Vista, you also have the ability to choose Microsoft Update instead of Windows Update so that you can keep Microsoft products that use Microsoft Update current. In addition, for Microsoft applications that use Microsoft Update (like Office 2007), we give you the opportunity to turn on Microsoft Update as part of the set-up process of the application.

Also for the first time, with Windows Vista, we are using Automatic Updates to help you get drivers that may be missing from your system. While Windows Update has been used to distribute device drivers for some time, with Automatic Updates in Windows Vista, if you choose the recommended setting for Automatic Updates (download and install important and recommended updates), every time that the machine is scanned by Automatic Updates, it will look to see if there are any devices that either don’t have a device driver installed for them or for which a generic driver was used. If a specific (non-generic) driver is now available, then it will be downloaded and automatically installed. As is the case with Windows XP, if you were using a driver that was known to have problems for a lot of customers, when a better driver is available, Automatic Updates will download the newer driver and automatically replace it.

Since updating systems is such an important aspect of keeping PCs healthy, we have always made these services free to licensed users of Microsoft Windows.

At the end of the day this all about two things: 1) my vision for using automation to continuously increase the health and reliability of Windows, and 2) responding to customer feedback that indicated that Microsoft should provide even better and easier-to-use facilities that will keep systems up to date. In both cases I know we have had positive impact on the customer experience.

jim

Windows Vista: Defense in depth

JimAll — Fri, 10 Nov 2006 23:41:00 GMT

Wow, you describe a specific situation and suddenly people extrapolate something completely different! During a recent discussion with journalists about the release to manufacturing for Windows Vista, I made a comment about how attacks on the Internet are getting more and more sophisticated, and some of the security features in Windows Vista really help our customers. This somehow morphed into people thinking I said customers shouldn’t use antivirus software with Windows Vista. When the articles and blogs started appearing, I asked the PR folks to send me a copy of the transcript of the call so I could read it over and see if I said something I didn’t mean. After reading the transcript, I could certainly see that what I said wasn’t as clear as it could have been, and I’m sorry for that. However, it is also clear from the transcript that I didn’t say that users shouldn’t run antivirus software with Windows Vista! In fact, later in the call, I explicitly made this point again, because I had realized I wasn’t as clear as I should have been. It’s important for me that our customers are using the appropriate security solutions for the right situations, whether that’s security functionality integrated in the operating systems, or add-on products.

The point I had been trying to make (albeit unclearly) is that Windows Vista includes new security features that can dramatically help improve our customers’ security for certain situations. I was asked a question about how I rated the protection provided by Windows XP with Service Pack 2 and whether or not it was still effective. I ended up telling a story about how the machine my seven-year-old son uses has no antivirus software installed because it runs in a very locked down configuration, which includes only being able to visit websites on an approved list (approved through the parental controls feature in Windows Vista). He also has no access to email or instant messaging and he doesn’t run as an administrator of the machine. In fact, parental controls in Windows Vista requires that the user you apply controls to is not running as an administrator. Email, phishing, and other social engineering attacks are definitely among the most prevalent attacks that home users experience today, and his machine has been locked down in these regards.

My point in bringing up this extreme example was really meant to emphasize that importance of defense-in-depth measures we put in Windows Vista—both the number of defenses and their combined effectiveness.

Now, the comments have unfortunately been cited out of context implying that I said Windows Vista users shouldn’t use antivirus. I want to be clear, most users will use some form of antivirus software, and that will be appropriate for their scenarios. In fact, Windows Security Center, a great feature in Windows Vista, specifically encourages the use of antivirus software.

We’re continuing to make the best operating system we can, and I’m very proud of it. I think we’ve made some great changes in Windows Vista on the security front, and I know our customers will benefit.

jim