Jay Butler, Senior Support Consultant
What will be your New Year’s resolution? Maybe you want to eat healthier, exercise more, or spend more time with your family. Even if you are able to achieve all these resolutions, Microsoft may have you beat with an ambitious resolution of their own. Microsoft plans to shower the business world with L.O.V.E. next year with the arrival of Longhorn server, Office 2007, Vista, and Exchange 2007. Unfortunately, the acronym’s connotation does not apply nor does it help us to understand what 2007 will truly mean for computing.
We do know that these core systems provide the framework of our networks, so we need to take proactive steps to prepare for the inevitable. You may be wondering: “Will these releases live up to the hype?””Will the new software make a significant improvement to my business processes?”” Will they be user-friendlier and secure?”” Will they reduce administrative needs?” Pondering these questions is somewhat folly because in reality we have little choice in the matter unless we make the break from Microsoft to an entirely new infrastructure. That would surely be a more difficult and costly move than staying the course. And, why shouldn’t we stay the course that is? We should because Microsoft is still the best out there, and they have not rested on their laurels.
As proof, next year’s releases are built on the strength of Microsoft’s Trustworthy Computingi (MTC) initiative. Started almost five years ago as a simple decree to internal staff by Bill Gates, it quickly became the cornerstone of everything Microsoft develops. With a bevy of new features, L.O.V.E. manifests Microsoft’s commitment to engineering more secure and more reliable software, the two main tenants of MTC. Each release offers its own vast array of improvements, and combined together, they compliment each other to create a secure environment reliably delivered. In a series of articles, I hope to simply turn the handle on the door of this revolution by describing the new software and getting us on track for its eventual presence.
Preparing for these profound changes must occur in small doses starting with Windows Vistaii because Microsoft plans to release it first on January 30th; moreover, financial institutions applications often rely most heavily on desktop OS compatibility. Deployment of Vista hinges primarily on the nod from core providers like Fiserv, Fidelity, and Jack Henry. Financial institution administrators should begin now by creating a list of end-user applications with the current version and maker of each, and the specific system requirements of each should follow as they relate to Vista in order to determine compatibility. For example, Vista comes preloaded with Internet Explorer 7iii, so any application that uses Internet Explorer must support version 7.
Microsoft’s latest Web browser now available as a download for Windows XP/2003. Internet Explorer 7 (IE 7) presents significant security improvements over the previous version. IE 7 leverages a function unique to Vista called User Account Controliv (UAC) enabling IE 7 to run in protected mode. Protected mode only works with Vista because UAC does not exist on previous Operating Systems. Protected mode blocks potential malware (malicious software including spyware) by preventing the code from installing because IE has only enough privilege to browse the Web, not enough to modify anything on the computer. IE 7 also helps protect users from phishing scams designed to steal user identity and data.
Preventing malware should be a theme for Windows Vista because the protection extends well beyond IE 7. UAC applies to any code attempting to access the system, and it works in conjunction with the built-in Windows Defender. UAC allows all programs to run with the least privileges possible to limit potential system damage. Microsoft’s Malicious Software Removal Tool (MSRT) continually scans the machine looking for and eradicating known malware. Windows Service Hardening compliments this protection by preventing critical Windows services from acting abnormally if attacked by malware.
Engineered for security, Vista boasts a number of additional features designed to make user computing safer. For mobile workers, BitLocker Drive Encryption1 protects lost or stolen laptops, and for internal users, Network Access Protectionv empowers administrators to create security policies to block access by non-compliant systems. For example, NAP may be configured to block network access by any machine that lacks the latest Microsoft updates; therefore, NAP boosts the integrity of the entire network because access by a single non-compliant machine poses a risk to all machines.
USB ports present another network-wide threat by giving end-users an avenue to transfer data to and from portable devices. Auditors are beginning to hone in on this activity because of its GLBA implications, and it establishes a pathway for the introduction of rogue data like viruses. Vista introduces a large number of additional policy settings including administrative control over USB ports. Administrators decide which device connections are allowed and which are blocked along with the power to block read and write for removable storage devices like thumb drives.
The new Vista security certainly limits the damage users may inflict, but it certainly opens a whole new world of productivity for the same users. The strikingly new desktop design looks amazing with the introduction of Windows Aerovi. Aero requires high performance hardware due to its astounding graphics like Aero Glass windows manipulated with Windows Flip and Windows Flip 3D. Live taskbar thumbnails show an entire windows content in miniature when the mouse pointer pauses on the tile; users can view the content without maximizing the window so that multi-tasking is more efficient. Flip makes use of thumbnails when using the traditional ALT + TAB keystroke letting users view the actual window content rather than just the name as with previous versions. Flip 3D amps up to another level by cascading the open windows in a 3D stack for a larger view of the content.
On older or less capable machines, Vista automatically reverts to the less visually astonishing basic mode. Though basic mode lacks the beauty of Aero, it maintains a number of Aero’s productivity enhancements. The redesigned start menu makes finding programs and files faster than ever using Instant Search eliminating the need to crawl through the programs menu. The new Explorers build on the power of Instant Search making file finding a breeze rather than having to open a home folder to browse the content manually. Administrators easily access Control Panel settings by way of Instant Search as well, no browsing required. The Document Explorer uses Live Icons of files that show the first page of documents with a pause of the mouse pointer.
If blocking malware is a security theme, then searching is a productivity theme. Found throughout Vista, the new search features create endless potential for user efficiency. Search Folders let users create custom searches saved as a folder so that opening the folder initiates the search and loads the matching files regardless of their location. Individual file properties allow users to add keywords making a search even more accurate, and a search can be made to look for words in a file (not just its filename). Even the extra secure IE 7 builds on the productivity theme via tabbed browsing and live preview. Tabbed browsing allows users to easily open and navigate multiple Web sites within the confines of a single browser window; there is no need to start IE multiple times and minimize each window. When using the preview feature, a small view of each tabbed site appears in the browser display for quick and easy selection.
Windows Vista productivity enhancements are not end-user exclusive. Improved aspects of deployment, management, and support reduce IT costs and the administrative burden. The new imaging technology streamlines Vista deployment by supporting the ability to load operating system images to differing hardware. To assure financial institutions’ applications will run on Vista, administrators should test them now with the currently available Application Compatibility Toolkit. Once deployed, new desktop management and diagnostic tools afford easier control over the workstations, and Vista can resolve many problems automatically.
The word vista means a complete view, a view of all that can be seen from a specific viewpoint. Microsoft’s specific viewpoint is Trustworthy Computing and their vision is L.O.V.E. Longhorn server, Office 2007, Vista, and Exchange 2007 will revolutionize IT by setting the stage for some exiting new technology like Unified Messagingvii. The fresh design of Vista instills confidence inspiring us to pursue Microsoft’s vision of the future. In upcoming articles, I plan to open our eyes to this vision by uncovering key aspects of the new software as it relates to community banking.
iMicrosoft Trustworthy Computing
iiVista Features Overview
iiInternet Explorer 7
ivVista User Account Control (UAC) details
vVista Network Access Protection (NAP) FAQ
viVista Aero details
1Bitlocker Drive Encryption is included in Vista Enterprise or Ultimate editions only. See the FAQ at