These capabilities make Windows Vista a great operating system solution for your company PCs. From the perspective of an IT professional, Windows Vista is easier to deploy, and less expensive to maintain, than any earlier version of Windows. From the perspective of end users, Windows Vista's improved performance and reliability add value by allowing people to be more effective while performing their jobs.

Security

Microsoft has been able to increase the security of Windows XP significantly since its initial release by providing updates such as Service Pack 2, but major security improvements require significant architectural changes that can only be made by releasing a new operating system release. With Windows Vista, Microsoft is making fundamental investments in technology to help make customers more secure. Efforts include using a security development lifecycle to develop more secure software and providing technology innovation in the platform to provide layered defense, or defense-in-depth. Windows Vista includes many security features and improvements to protect client computers from the latest generation of threats, including spyware and other types of malware.

User Account Control

With Windows XP and earlier operating systems, IT departments had to choose between the application compatibility and convenience of having users log on as an administrator, and the security and stability provided by having users log on as a standard user. User Account Control in Windows Vista gives administrators the option of restricting permissions while still enabling most applications to run.

To help provide this combination of security and compatibility, File and Registry Virtualization automatically redirects writes and subsequent reads to areas that the standard user does not have access to. Changes made to the virtualized registry settings and folders are visible to only that user account and the applications the user runs, so the integrity of the computer is protected. If an application does require administrator credentials, Windows Vista will prompt the user for the credentials before allowing the application to run.

Windows Firewall with Advanced Security and Windows Service Hardening

The personal firewall built into Windows Vista builds on the functionality that is included with Microsoft Windows XP Service Pack 2. For example, Windows Vista's firewall blocks all inbound traffic until a computer has the latest security updates installed. The bi-directional firewall also includes outbound filtering that enables users to configure it to selectively block both outbound traffic and inbound traffic. Every aspect of Windows Vista's firewall can be configured using Group Policy settings, so client security settings remain constant. For the first time in a Windows operating system, Windows Vista firewall management is integrated with IPsec. The firewall works closely with Windows Service Hardening to restrict what services can do on the system, providing defense-in-depth and reducing opportunities for attackers to compromise vulnerable computers. Windows Service Hardening restricts critical Windows services from doing abnormal activities in the file system, registry, network, or any other resources that could be used to allow malware to install itself or attack other computers. For example, the Remote Procedure Call (RPC) service can be restricted from replacing system files or modifying the registry.

In Windows Vista, Internet Protocol security (IPsec) and firewall management are integrated in a single console, known as Windows Firewall with Advanced Security. This console centralizes inbound and outbound traffic filtering along with IPSec server and domain isolation settings in the user interface, enabling increased visibility into security settings.