Why Vista?

[Maximilian]

I already moved to vista due to its infinite superiority over windows XP. People still using XP are living in the past, like dinosaurs, they will be left behind and die out.

Jealous? I have veeesta and youuu donnnt nah nah nah nahhhh nah

 

[josh6079]

Originally posted by: Soviet
I already moved to vista due to its infinite superiority over windows XP. People still using XP are living in the past, like dinosaurs, they will be left behind and die out.

Jealous? I have veeesta and youuu donnnt nah nah nah nahhhh nah

ROTFLMAO!!

 

[mechBgon]

Just meandering along in the first couple pages...

and *security* is no advantage with Vista [yet].

I disagree with that. Starting with some arbitrary evidence from Symantec's research

Analyzing the results

Approximately 2,000 unique instances of malicious code were executed during the life of this project.

...

On average, about seventy percent of the malicious code executed under Windows Vista loaded successfully and executed without a crash or runtime error. Note that malicious code is always looking to latch on to another process, bind to a local port, or modify system critical files; thus, identifying a successful execution does not indicate it fully compromised the victim host. Out of the seventy percent that were able to execute, only about six percent of the samples were able to accomplish a full compromise and an even smaller number (four percent) were able to survive a reboot. The rest did not execute properly due to incompatibility, unhandled exceptions, or security restrictions.

Advantage: Vista

As long as people don't go chopping the seatbelts and airbags out of the new car (turning off UAC and running as an Admin), or shooting themselves in the foot by running Trojan Horse programs themselves, they're going to be stupendously more secure on Vista than on a default install of Windows XP. Vista is specifically designed to make it more practical to run as a non-Admin, my favorite "silver bullet" for WinXP & Win2000 security.

And that's just userland, not even touching on other under-the-hood security advances like ASLR, services hardening and restrictions, PatchGuard, mandatory driver signing (read: rootkitBgon) on x64 editions, and IE7 Protected Mode.

For more factual info on Vista's security advances: Windows Vista Security Advances document

On a practical note, there've been complaints about UAC prompts being a hassle. Once I get Vista, hopefully mid-week, I'll do a bit of testing with the Microsoft fingerprint reader, which has been recommended by a Vista user here who definitely knows his stuff and uses them at home for UAC stuff. I suppose there were people griping when seatbelts first appeared in cars...

So yes, I am getting Vista because I appreciate the increased security it has to offer. Not that I feel insecure on WinXP Pro, but you don't win an arms race by just sitting there waiting for the bad guy to catch up.

 

[apoppin]

i just saw your post, mechBgon, and noted that *someone* above or in another thread ADVISED turning OFF the UAC for being a nuisance
:Q

that'll help security


unfortunately i think many users will disable it

 

[Mem]

Originally posted by: apoppin
i just saw your post, mechBgon, and noted that *someone* above or in another thread ADVISED turning OFF the UAC for being a nuisance
:Q

that'll help security


unfortunately i think many users will disable it

UAC only took me about a week to get use to it,what's the hassle with an extra click?....nothing really .

 

[mechBgon]

Originally posted by: Mem

Originally posted by: apoppin
i just saw your post, mechBgon, and noted that *someone* above or in another thread ADVISED turning OFF the UAC for being a nuisance
:Q

that'll help security


unfortunately i think many users will disable it

UAC only took me about a week to get use to it,what's the hassle with an extra click?....nothing really .

I sure wish the AnandTech.com article on Vista would've taken more of that tone Help help, my new car has airbags and seatbelts! An outrage!

*/me slaps ViRGE around a bit with a large Trout*

 

[apoppin]

Originally posted by: Mem

Originally posted by: apoppin
i just saw your post, mechBgon, and noted that *someone* above or in another thread ADVISED turning OFF the UAC for being a nuisance
:Q

that'll help security


unfortunately i think many users will disable it

UAC only took me about a week to get use to it,what's the hassle with an extra click?....nothing really .

see ... you're patient

*i* wouldn't disable it ... that IS one of Vista's genuine advantages over XP
:Q

BUT ... from what i have read [no, no theInq] ... Many End Users won't have your patience [or even mine]



[good quality]

 

[Keysplayr]

Originally posted by: HomeAppraiser
The only reason I moved from Win98 was the security holes in it. My appraisal software finally upgraded from 16 bit to 32 bit in 2004 and I don't see them upgrading any time soon. If my sons junior high school makes the move to Vista, then I will bump his machine up to 2GB and take the plunge, but again I don't see that happening unless Gates or someone gives our school district 1000+ new PCs with Vista

Better hope ACI, Day One or WinTotal don't take their time to support Vista then. I use ACI32 myself. Vista can wait.

 

[mechBgon]

Originally posted by: keysplayr2003

Originally posted by: HomeAppraiser
The only reason I moved from Win98 was the security holes in it. My appraisal software finally upgraded from 16 bit to 32 bit in 2004 and I don't see them upgrading any time soon. If my sons junior high school makes the move to Vista, then I will bump his machine up to 2GB and take the plunge, but again I don't see that happening unless Gates or someone gives our school district 1000+ new PCs with Vista

Better hope ACI, Day One or WinTotal don't take their time to support Vista then. I use ACI32 myself. Vista can wait.

In point of fact, you could run almost any x86 OS inside of Vista, if you want to have your cake and eat it too. Download Virtual PC 2004 (or the 2007 beta if you need to run a VM on Vista), if you want to goof around with it: http://www.microsoft.com/windows/virtualpc/default.mspx

Virtual PC 2004 is free, and it says there Virtual PC 2007 final will also be free.

 

[SickBeast]

For gaming, Vista is actually bad right now. Superfetch will do nothing to load games quicker, and you'll lose frames due to the buggy drivers. You can't see Aero while you're in a game, either!

 

[HomeAppraiser]

Thank you mechBgon. Looks like I will need to get Virtual PC 2007 if I buy a new computer with Vista loaded.

 

[SolMiester]

Originally posted by: zodder

Originally posted by: keysplayr2003

Originally posted by: zodder
I have a VLK for Vista, so I'll be dual booting it for many months to get familiar with it before it goes company-wide. So at this point, I'm more interested in the business end of it than the gaming/DX10 part of it.

Can you elbaorate a little about the business end advantages of Vista? If there are any advantages. Not clear what they might be. -thanks.

I'm mostly concerned with ease of roll out, integration into a domain, security features and how they interact with active directory, and the general compatibility with legacy devices and OSes. Dry stuff, I know, but that's what they pay me for. It's also why I'm obsessed with WoW. All work and no play makes zodder a dull boy.

Me too, if you come across anything, please let me know!...ta mate!

 

[SolMiester]

Originally posted by: Beachboy
Microsoft is high if they think I am gonna pay them for additional DRM and them having more control over my computer's content.

I see they want to incorporate the X-Box Live system into Vista gaming too. I haven't seen details but something tells me that Microsoft is not going to do this for free and is no doubt hoping to make gamers cough up $50 a year(or maybe only $5 a month ) for them to provide this "service".

I'm not seeing any pro's for the consumer right now outside of a fancier interface and this is not worth $400. I do see several con's. I've never been a Microsoft basher but this new Vista O/S leaves a lot to be desired from where I'm sitting.

You know, I think you're on tho something there. When late MS built an O/S, they might not looked so far ahead, if no one's buying there O/S in 5-10 yrs, where is their money coming from, time to tighten down everything, we dont know what time bomb codes they have put on stand-by in there.....blah blah..!...LOL

 

[Chocolate Pi]

I was traditionally a begrudged Windows user, forced to put up with security holes and instability to run the programs I wanted. XP kept me from jumping ship by being merely tolerable; it was very stable except for drivers, mainly video. Security still sucked, especially until Service Pack 2. Little things like the horrible theme colors and pitiful start menu added up to a crummy experience, even if you could disable things. It sucked, but just barely not enough to warrant the time for Linux or the money for Mac. I dabbled in Linux, but kept XP as my main OS thanks to games.

I am a sucker for betas, so I jumped on Vista Beta 2. It was a curious experience, I came, I looked, it was nice, okay great. I was about to reboot and go to XP to tell my friends how it was, but I noticed it had auto-configured to the network (normally XP needs to be pointed in the right direction) so I just told them from Vista. I even used IE7 for awhile, though I eventually grabbed firefox. One thing led to another, and I ended up splitting my time between VB2 and XP 50/50. Normally XP was for the days I needed to seriously do something, and Vista was just if I wanted to mess around and do basic tasks.

It was vaguely stable; when it "crashed", it did so with grace, in that explorer might lock up and I wouldn't notice before it fixed itself. ATI's video drivers were surprisingly well along, though there was vertical display corruption if the mouse cursor set in certain positions. It was a bit slower, a handful of programs didn't work, and the sidebar was junk, and UAC went off IMMEDIATELY. However, I put up with that to play around with it; I found Flip3D actually really useful, for I felt I could have several more windows open without feeling cluttered thanks to it. I was marginally impressed that they had been able to change how I use the OS at all in a positive way. It convinced me, despite its obvious inferiority to XP, to download RC1 when it came out.

RC1 was vastly superior, as were the graphics drivers that came with it. No more display corruption, now all my programs worked with the sole exception of Sony Acid. All my hardware had drivers that worked great, except for my X-Fi. It was still slower than XP, but was pretty rock-solid as far as stability was concerned. UAC was MUCH less annoying now, but off it went. Having a fast computer and not playing many games, I took the small performance hit and began using Vista 90% of the time. I only booted into XP when I had to, the rare incompatible program. It was really gradual, and I didn't realize I was doing it at first; I just began booting into Vista more and more.

RC2 changed that. Since RC2 hit, I don't think I EVER booted into XP, because I haven't found a single thing I need or want to work that doesn't. I booted into XP last week to clean out my files before I permanently delete the installation, and it felt... clunky. It's the little things in Vista UI that add up to make me like it; the start menu that DOESN'T suck for a change, the overwrite dialogue box that makes copying files (like Oblivion mods) so much easier, the overdue breadcrumbs navigation, even something as basic as the volume and network tray icons always being adjacent to the clock... It took me awhile to realize that in RC2, I didn't turn UAC off; I hadn't really noticed it. I'm since kept it on as a sort of experiment, the jury is still out on whether I'm going to keep it or not. It's not bad at all, until it prompts you twice for certain things. When Creative's December beta drivers came out, it had a rock solid system; later Catalyst 7.1 closed the performance gap in games to a margin of error. That's when I realized...

I was using Vista... BY CHOICE.

I've been in a REALLY weird situation over the last month... I find myself actually DEFENDING Microsoft and decisions they have made. It's bizarre, I used to despise the company that gave my uncle Windows ME, gave us an insecure and unstable platform and charged us through the nose... But when I see people complaining about "bloat" in Vista when it has none, bugs when there are virtually zero, insecurity when Bitlocker won't let them into my hard drive even if they break into the PC's very case, I can't just stand there and laugh alongside them. It's just ignorant. how can I have a serious conversation with a guy who insists that Vista has some big-scary "DRM" inside that will delete his media collection and record everything he does to send to the government?

And then the price concerns; sure, you don't have to upgrade to vista right now, and I suggest most people just follow the natural cycle and get Vista only when they get a new PC. However, to claim that Vista is overpriced is ridiculous. An OEM copy of Home Basic is $88, Home Premium $113. That includes YEARS of free support and downloadable updates as well, including service packs. Meanwhile, look at OSX: Each service pack is $130! Think about that for a second, every service pack costs more than Vista! I don't care if they name it after the feline species of the week or bundle a handful of flashy doo-dads; this one includes a revamped search engine? Well I should hope so at least, because it still costs more than Microsoft's entire OS!

Ah, but what about the "draconian" license terms? Oh wait, every media scare about the licensing, like limited reassignment and no virtualization, has been proven false! If you want draconian, go look at the DRM that Apple and yes, Microsoft, are putting on their media distribution systems. Zune just doesn't play for sure.

Meh... I just am annoyed that Microsoft has, for the first time ever in my eyes, created a quality OS, and yet the consumers go on as they always have, not reacting to the change. This isn't how capitalism works people. Vista isn't amazing, no need to run out and buy it, but seriously almost all of the trolling is uncalled for.

 

[suction]

i m thinkin of buyin it but still confused..of which version 2 buy....help me out tell me not so expensive but good version..

 

[Mem]

Originally posted by: suction
i m thinkin of buyin it but still confused..of which version 2 buy....help me out tell me not so expensive but good version..

Home Premium is great value for money,as to what version ?.... if you have a 64 bit CPU go for the x64 version,has better security, great for large ram users ,longer life span (64 bit is the future) backwards compatible with 32 bit software,some DX10 games down the road are coming out in a Vista x64 bit version I hear.


Only reason why most users don't go with 64 bit version(apart from not having a 64 bit cpu) is drivers,this is just a simple process of what hardware you have.

Remember companies will now need to submit both x64 and x68 drivers for Vista if they want WHQL approval from Microsoft.

 

[Aikouka]

I sure wish the AnandTech.com article on Vista would've taken more of that tone Help help, my new car has airbags and seatbelts! An outrage!

*/me slaps ViRGE around a bit with a large Trout*

There's a difference... no matter how good of a driver you are, things can happen. However, being a decent "PC'er", you can avoid just about any issue, except exploits where there's no patch to fix (which technically a firewall may've stopped it anyway ).

I turned off UAC, it was annoying and I don't need it to ask me, "Do you really wanna open the System Control Panel when you clicked on a link from another Vista control applet?" Of fricken course I do! I clicked it didn't I?

I get more annoyed by the graphical issue that I mentioned earlier that stems from UAC graying the screen. Also, it seems nVidia DIDN'T fix the graphic issue in their driver. I'm so tempted to throw in my 6800GT just so I can play a game and a video at the same time (without the PC locking up 10 seconds or more into the video). Unfortunately, Microsoft's new graphic driver model doesn't stop the PC from going to hell either.

EDIT: Fixed the quotes

 

[mechBgon]

Originally posted by: Aikouka

I sure wish the AnandTech.com article on Vista would've taken more of that tone Help help, my new car has airbags and seatbelts! An outrage!

*/me slaps ViRGE around a bit with a large Trout*

There's a difference... no matter how good of a driver you are, things can happen. However, being a decent "PC'er", you can avoid just about any issue, except exploits where there's no patch to fix (which technically a firewall may've stopped it anyway ).

I turned off UAC, it was annoying and I don't need it to ask me, "Do you really wanna open the System Control Panel when you clicked on a link from another Vista control applet?" Of fricken course I do! I clicked it didn't I?

I get more annoyed by the graphical issue that I mentioned earlier that stems from UAC graying the screen. Also, it seems nVidia DIDN'T fix the graphic issue in their driver. I'm so tempted to throw in my 6800GT just so I can play a game and a video at the same time (without the PC locking up 10 seconds or more into the video). Unfortunately, Microsoft's new graphic driver model doesn't stop the PC from going to hell either.

EDIT: Fixed the quotes

As a person who studies the security scene on a daily basis, I think you are somewhat too confident about your l33t ability to avoid danger. Normally-safe websites can be hacked and turned malicious, it happens all the time. The official Dolphins Stadium site, Asus's site, CircuitCity's site, my former employer's site, possibly AnandTech.com at one point... hmmmm? Need some more? How about spreadfirefox, debian.org, and The Register. More? How about Neowin, Capital City Bank, Wakulla Bank, and Premier Bank.

Trend: the bad guys are getting badder. This stuff makes them a lot of money, they're not going to quit. Yes, you can do a lot to reduce risk by making smart choices. But where's your safety net in case that fails you? Oh that's right, you threw it away because you didn't like the looks of it

Full-on UAC was originally set up so you'd have to do a CTRL ALT DEL sequence and that capability actually can be turned on for max security on Vista Business and Vista Ultimate (and Enterprise). So they've already tried to make it easier for you as a consumer-level user.

I think a better bet would be to switch to Standard user, set up a fingerprint reader to know the Admin credentials, and run like that. Even more secure than using an Admin account, naturally. No need to type passwords. Plus, your friends will be all :Q ~ dude! A fingerprint reader, lemme try!!!

I use the analogous setup on WinXP Pro by manually typing passwords to run stuff as Admin when necessary, and it's certainly not THAT big of a chore.

 

[Aikouka]

Originally posted by: mechBgon
As a person who studies the security scene on a daily basis, I think you are somewhat too confident about your l33t ability to avoid danger. Normally-safe websites can be hacked and turned malicious, it happens all the time. The official Dolphins Stadium site, Asus's site, CircuitCity's site, my former employer's site, possibly AnandTech.com at one point... hmmmm? Need some more? How about spreadfirefox, debian.org, and The Register. More? How about Neowin, Capital City Bank, Wakulla Bank, and Premier Bank.

Mmm nope, never had a problem. Only thing I've ever had an AV program complain about was a program I specifically downloaded to monitor net traffic on my own NIC (to find out what port a program was using). And it's also not like I don't download anything either. So yes, I am quite confident in my ability to not be a horrid PC user, and I'm also not someone who takes a pessimistic view on computing life :roll:.

 

[thereaderrabbit]

I had been having tons of USB to BSD problems with WinXP. I had even reinstalled, but to no avail. In desperation I tried WinVista. I went from RC1 to RC2 with Vista. After getting a feel for things, getting new drivers, seeing the improvements in RC2, and finding new levels of OS stability, I'd say I'm hooked.

-Reader

 

[mechBgon]

Originally posted by: Aikouka

Originally posted by: mechBgon
As a person who studies the security scene on a daily basis, I think you are somewhat too confident about your l33t ability to avoid danger. Normally-safe websites can be hacked and turned malicious, it happens all the time. The official Dolphins Stadium site, Asus's site, CircuitCity's site, my former employer's site, possibly AnandTech.com at one point... hmmmm? Need some more? How about spreadfirefox, debian.org, and The Register. More? How about Neowin, Capital City Bank, Wakulla Bank, and Premier Bank.

Mmm nope, never had a problem. Only thing I've ever had an AV program complain about was a program I specifically downloaded to monitor net traffic on my own NIC (to find out what port a program was using).

Waiting for your AV program to complain before you decide you have a problem is not safe either. I have a nice collection of Zlob trojans that really drive that point home... it's a little distressing to see how poorly some AV companies detect them. Even Kaspersky, with 24 updates a day and ruthless prosecution of Zlob, still has a de facto in-the-wild detection rate of only about 70%, due to the time lag between discover and delivery of signature updates.

If you're expecting modern malware to wave a big sign in your face saying IM IN UR PUTER STEALIN UR KEYSTROKEZ LOL then you need to read a few thousand virus descriptions at Symantec, NAI and other security vendors. The best (or worst) malware lies low and does its thing. Rustock.B is a general wake-up call as to just how far the bad guys are prepared to go (so far). This one looks interesting too: Hacktool.Unreal.A is a proof of concept stealth rootkit that is designed to be invisible to all current rootkit detection technologies

Anyway, you have your mind made up, so good luck. And be careful what site you visit.

 

[zylander]

I dont yet know too much about vista so I wont make any accusations, but I wont be buying Vista anytime soon, I just dont see any real reason to go with it. As far as I know, all that intrests me is the DX10 and 64-bit support. I dont really care much about all the new pretty features they added in. Id probably end up just making it look as much as win2k as possible, like what I did with XP. My next OS move will be to linux and have a dual boot of linux/xp pro.

 

[Keysplayr]

Originally posted by: mechBgon

Originally posted by: Aikouka

Originally posted by: mechBgon
As a person who studies the security scene on a daily basis, I think you are somewhat too confident about your l33t ability to avoid danger. Normally-safe websites can be hacked and turned malicious, it happens all the time. The official Dolphins Stadium site, Asus's site, CircuitCity's site, my former employer's site, possibly AnandTech.com at one point... hmmmm? Need some more? How about spreadfirefox, debian.org, and The Register. More? How about Neowin, Capital City Bank, Wakulla Bank, and Premier Bank.

Mmm nope, never had a problem. Only thing I've ever had an AV program complain about was a program I specifically downloaded to monitor net traffic on my own NIC (to find out what port a program was using).

Waiting for your AV program to complain before you decide you have a problem is not safe either. I have a nice collection of Zlob trojans that really drive that point home... it's a little distressing to see how poorly some AV companies detect them. Even Kaspersky, with 24 updates a day and ruthless prosecution of Zlob, still has a de facto in-the-wild detection rate of only about 70%, due to the time lag between discover and delivery of signature updates.

If you're expecting modern malware to wave a big sign in your face saying IM IN UR PUTER STEALIN UR KEYSTROKEZ LOL then you need to read a few thousand virus descriptions at Symantec, NAI and other security vendors. The best (or worst) malware lies low and does its thing. Rustock.B is a general wake-up call as to just how far the bad guys are prepared to go (so far). This one looks interesting too: Hacktool.Unreal.A is a proof of concept stealth rootkit that is designed to be invisible to all current rootkit detection technologies

Anyway, you have your mind made up, so good luck. And be careful what site you visit.

I appreciate your heavy concern for security and your involvement here. But, do you really believe Vista will be any safer? How long do you think it will take before hackers find untold exploits in Vista? Then we are in the same boat all over again. Until I really see that Vista is as close to bulletproof as you can get, I will be fairly doubtful that it isn't otherwise.

 

[mechBgon]

I appreciate your heavy concern for security and your involvement here. But, do you really believe Vista will be any safer?

A default install of Vista, versus a default install of XP? Absolutely. Can I suggest you read this document, it isn't too long or technical.

How long do you think it will take before hackers find untold exploits in Vista? Then we are in the same boat all over again. Until I really see that Vista is as close to bulletproof as you can get, I will be fairly doubtful that it isn't otherwise.

I don't want to sound like a broken record, but if you didn't notice my previous post, Vista breaks ~95% of the existing Windows malware used in Symantec's testing. UAC is certainly part of the reason.

If you're asking about future exploits instead of past ones, that's what UAC is there to put the brakes on. Even if you opt to run as an Admin instead of Standard user, stuff still gets launched with non-Admin privileges, a heavily-proven deterrent even against fully-operational exploits such as the WMF Exploit (see the AntiSource.com Forums > Exploits for my WMF Exploit fact-finding reports, where my use of non-Admin accounts arbitrarily shot down working WMF Exploit attacks, despite my use of a completely-vulnerable test system with no antivirus software).

Here is someone infinitely more qualified than me, so ponder:

Joanna Rutkowska uber security researcher

I would definitely recommend installing Vista rather then XP and if I had to pick just one reason for that it would be the User Account Control (UAC) feature, which effectively eliminates the need to run most of the unnecessary processes with administrator privileges. I know very few people who work as restricted users on their XP machines (because many applications are designed in such a way that they assume administrative rights) and this is very disturbing, because working as an administrator effectively negates any local protection the OS might be able to provide. UAC might not be perfect and we might see some ways to bypass it in the future, but still it's a very important step toward implementing the least-privilege principle in the Windows environment.

There are also many more security improvements in Vista than just UAC, like the anti-exploitation techniques (ASLR, NX) or kernel protection which is based on allowing only digitally signed code to be loaded into kernel (the latter only in the 64 bit version). [gee, wasn't I just trying to tell you guys that?]

Of course, still, some people might argue that it's more likely that one find an exploitable bug in the brand new Vista code (such as in its new network stack) rather then in the "good old" tested XP. But, in fact, no matter how "old" and well tested the operating system is, we still can never be sure that there are no bugs in there - think for example of all the kernel bugs which might be introduced by various 3rd party kernel drivers...

Vista puts much more effort, compared to XP, into making exploitation harder and limiting the damage after the unlikely event of successful exploitation.

This lady is someone to listen to.

 

[Keysplayr]

Originally posted by: mechBgon

I appreciate your heavy concern for security and your involvement here. But, do you really believe Vista will be any safer?

A default install of Vista, versus a default install of XP? Absolutely. Can I suggest you read this document, it isn't too long or technical.

How long do you think it will take before hackers find untold exploits in Vista? Then we are in the same boat all over again. Until I really see that Vista is as close to bulletproof as you can get, I will be fairly doubtful that it isn't otherwise.

I don't want to sound like a broken record, but if you didn't notice my previous post, Vista breaks ~95% of the existing Windows malware used in Symantec's testing. UAC is certainly part of the reason.

If you're asking about future exploits instead of past ones, that's what UAC is there to put the brakes on. Even if you opt to run as an Admin instead of Standard user, stuff still gets launched with non-Admin privileges, a heavily-proven deterrent even against fully-operational exploits such as the WMF Exploit (see the AntiSource.com Forums > Exploits for my WMF Exploit fact-finding reports, where my use of non-Admin accounts arbitrarily shot down working WMF Exploit attacks, despite my use of a completely-vulnerable test system with no antivirus software).

Here is someone infinitely more qualified than me, so ponder:

Joanna Rutkowska uber security researcher

I would definitely recommend installing Vista rather then XP and if I had to pick just one reason for that it would be the User Account Control (UAC) feature, which effectively eliminates the need to run most of the unnecessary processes with administrator privileges. I know very few people who work as restricted users on their XP machines (because many applications are designed in such a way that they assume administrative rights) and this is very disturbing, because working as an administrator effectively negates any local protection the OS might be able to provide. UAC might not be perfect and we might see some ways to bypass it in the future, but still it's a very important step toward implementing the least-privilege principle in the Windows environment.

There are also many more security improvements in Vista than just UAC, like the anti-exploitation techniques (ASLR, NX) or kernel protection which is based on allowing only digitally signed code to be loaded into kernel (the latter only in the 64 bit version). [gee, wasn't I just trying to tell you guys that?]

Of course, still, some people might argue that it's more likely that one find an exploitable bug in the brand new Vista code (such as in its new network stack) rather then in the "good old" tested XP. But, in fact, no matter how "old" and well tested the operating system is, we still can never be sure that there are no bugs in there - think for example of all the kernel bugs which might be introduced by various 3rd party kernel drivers...

Vista puts much more effort, compared to XP, into making exploitation harder and limiting the damage after the unlikely event of successful exploitation.

This lady is someone to listen to.

I will read the doc in a few minutes, but what you said about 95% of existing malware bothers me. Key word "existing", meaning what we have in existense today. There is always tomorrow, and the next day, and the next day. As the days crawl on, people will get more and more inventive. Heck, Iranians have already cracked Vista and are selling it for $8.00 USA per copy in their country, even after all of Microsofts VERY BEST efforts to eliminate copying/pirating. They broke it. So in reality, Windows Vista is only 95% secure against malware because hackers haven't had very much time yet to break through it's security features. Give them time, as they have a great deal of it apparently. As time goes on, that 95% will start to loose it's grip on that high percentile. Slipping to 94, then 92 and downward. Then MS will release critical updates to try to protect/prevent the exploits, only to have another hole punched a few minutes later.