Windows Features Comparison

 

 Overview

This white paper helps customers compare Windows Vista® advancements with Microsoft® Windows® XP Professional. Using this comparison, customers can adjust their expectations for the security, management, deployment, mobility, and productivity of either operating system. During the past year, Microsoft and its ecosystem has made great progress in improving the overall quality and performance of Windows Vista, making the Windows Vista Service Pack 1 (SP1) release a key milestone for broad enterprise deployments of Windows Vista. Microsoft recommends that all business customers who have not started to evaluate Windows Vista should start deployment planning and piloting Windows Vista with SP1. Windows Vista offers customers unique value—from increased security and data protection to improved mobility and productivity to capabilities that customers can use to optimize desktop infrastructures and reduce management costs. Microsoft knows that many customers will adopt Windows Vista gradually, through hardware refreshes (i.e., attrition). During hardware refresh, customers will co-manage Windows Vista and Windows XP. Enhancements to Windows XP with Service Pack 3 (SP3), such as Network Access Protection (NAP), make it easier for customers to more securely integrate both operating systems into their environments. During the transition, using Windows XP with SP3 will help ensure that client computers still running the Windows XP operating system have the most recent security and software updates. The remaining sections in this white paper compare the following features and capabilities of Windows XP with SP3 and Windows Vista with SP1: security, management, deployment, mobility, and productivity. For each feature or capability, each section compares key Windows Vista advancements against Windows XP.

Windows Feature Comparison

 

4

Security

 

Feature

 

Windows XP with SP3

 

Windows Vista with SP1

 

Key differences

 

Security Development Lifecycle (SDL)

 

Developed for Windows XP with SP2.

 

The Microsoft SDL makes security a top priority throughout the development cycle by mandating a repeatable engineering process that every developer must follow, and by verifying that process before product release. The SDL is an evolving process that implements rigorous standards of secure design, coding, testing, review, and response for all Microsoft products. The SDL helps remove vulnerabilities and minimize the surface area for attacks, improves system and application integrity, and helps organizations more securely manage and isolate their networks.

 

Although Microsoft has used the SDL extensively on several key products, Windows Vista is the first client operating system to be developed from start to finish using this new approach.

 

 

Windows Feature Comparison

 

 5

 5

Feature

 

Windows XP with SP3

 

Windows Vista with SP1

 

Key differences

 

Defense in depth

 

Buffer overruns trick software into running code that has been placed in areas of the computer’s memory that are set aside for data storage. The Data Execution Prevention (DEP) feature, which uses the no-execute (NX) feature of some processors, can reduce the impact of such vulnerabilities. Windows XP with SP3 supports DEP but does not enable it by default.

 

In Windows Vista, DEP is enabled by default for most components. Windows Vista introduces additional DEP policies that allow software developers to enable DEP in code, independent of system-wide compatibility-enforcement controls. This capability enables a higher percentage of NX-protected code in the software ecosystem. DEP works best with Address Space Layout Randomization (ASLR), another defense capability in Windows Vista that makes it more difficult for malicious code to exploit a system function. ASLR randomly assigns executable images, such as .dll and .exe files, to one of 256 possible locations in memory. This makes it more difficult for malicious code to locate and take advantage of functionality inside the executables. Because system services typically run with high system rights, these services have been a major target for malicious software attacks. To mitigate the threat, Windows Vista has introduced the concept of restricted services, or

service hardening. Restricted services can run under only the most restrictive rights possible, and they limit their activities to the minimum local computer or network resources that are required to fulfill their task.

In Windows Vista, DEP is enabled by default for most components, and the operating system allows developers to enable DEP in their code.  Windows Vista includes ASLR, which makes it difficult for malicious code to exploit system functions.  Windows Vista introduces service hardening, which restricts the rights available to some system services.

 

 

Windows Feature Comparison

 

6

Feature

 

Windows XP with SP3

 

Windows Vista with SP1

 

Key differences

 

Windows BitLocker™Drive Encryption

 

N/A

 

BitLocker Drive Encryption is a new data-protection feature in the Windows Vista Enterprise and Windows Vista Ultimate operating systems. The feature provides whole-volume encryption and supports encryption of multiple partitions. BitLocker Drive Encryption addresses the very real threats of data theft and data disclosure from lost, stolen, or inappropriately decommissioned computer hardware. This tightly integrated solution also provides for integrity checking of early boot components. Because businesses use of portable computers increases each year, the potential exposure of data on users’ computers presents a growing problem for organizations. Organizations can use BitLocker Drive Encryption to realize the benefits of mobile computing while helping to reduce risk and enable better compliance with corporate data-protection best practices.

 

Windows Vista helps secure data by providing whole-volume encryption and protection of early boot components.  BitLocker Drive Encryption supports encryption of multiple volumes.

 

 

Windows Feature Comparison

 

7

Feature

 

Windows XP with SP3

 

Windows Vista with SP1

 

Key differences

 

Windows Firewall

 

Windows XP provides firewall functionality that is enabled by default and that begins protecting users’ computers as soon as the operating system starts. In Windows XP, Windows Firewall includes inbound filtering.

 

Windows Vista provides firewall functionality that is enabled by default and that begins helping to protect a user’s computer as soon as Windows starts. Windows Firewall includes both inbound and outbound filtering and can prevent data from entering or leaving the computer. Windows Firewall also allows information technology (IT) professionals and home users to block applications, such as peer-to-peer sharing or instant messaging applications, from contacting or responding to other computers. Windows Firewall in Windows Vista is fully manageable through Group Policy and is dynamic, based on network type. Administrators can put different firewall rules into effect, depending on whether the computer is connected to a corporate (domain) network, a private (home) network, or a public (hotspot) network.

 

Both operating systems include firewall functionality, but Windows Vista includes inbound and outbound filtering, whereas Windows XP includes only inbound filtering.  Windows Firewall in Windows Vista can dynamically apply rules based on the current network type, making the computer more secure on public networks.

 

 

Windows Feature Comparison

 

8

Feature

 

Windows XP with SP3

 

Windows Vista with SP1

 

Key differences

 

Windows Internet Explorer® 7 Protected Mode

 

N/A

 

Internet Explorer 7 Protected Mode in Windows Vista provides additional defenses against malicious attackers who attempt to take over a user’s Web browser and run malicious code by using elevated rights. In Protected Mode, Internet Explorer 7 runs with reduced rights to help prevent user or system files and settings from being changed without the user’s explicit permission. The new Web browser architecture also introduces a

broker process that helps existing applications more securely elevate themselves above Protected Mode, if necessary. This additional defense helps verify that scripted actions or automatic processes are prevented from downloading data outside low-rights directories such as the Temporary Internet Files folder.

Using Internet Explorer 7 to browse the Internet is more secure in Windows Vista than in Windows XP.

 

 

Windows Feature Comparison

 

9

Feature

 

Windows XP with SP3

 

Windows Vista with SP1

 

Key differences

 

Microsoft ActiveX® Installer Service

 

N/A

 

Many organizations must install ActiveX controls on client computers to ensure that vital programs work properly. However, most ActiveX controls must be installed by a member of the Administrators group, and many organizations have configured or want to configure their users to run as standard users. As a result, organizations must repackage and deploy the ActiveX controls to the users. In addition, many of these ActiveX controls must be regularly updated. Many organizations find this to be a difficult and costly process to manage for standard users. With Windows Vista, IT pros can now easily deploy and update ActiveX controls in a standard user environment. The ActiveX Installer Service enables IT pros to use Group Policy to define approved host URLs that standard users can then use to install ActiveX controls.

 

In Windows Vista, organizations can deploy, update, and manage ActiveX controls in environments that use standard user accounts.  In Windows Vista, organizations can use Group Policy to manage the installation of ActiveX controls.

 

 

 

Windows Feature Comparison

 

10

Management

Feature

 

Windows XP with SP3

 

Windows Vista with SP1

 

Key differences

 

Group Policy settings

 

Group Policy helps IT professionals manage client computer configurations by allowing them to enforce thousands of Windows and application security and configuration settings. Examples include standard configuration enforcement, security settings and controls (ranging from public key policies to password policies), resource access, wireless networking, software installation, and user experience.

 

Managing client computer configurations with Windows Vista takes less time and is more effective, because hundreds more settings that target more scenarios are available in Group Policy. Areas with richer settings include wireless networking, removable storage device installation and use, Internet Explorer 7, printers, and power management.

 

Windows Vista has more than 500 additional Group Policy settings compared to Windows XP.  In Windows Vista, Group Policy settings are better targeted at specific scenarios, such as wireless networking, power management, removable storage, and printer management.

 

 

Windows Feature Comparison

 

11

Feature

 

Windows XP with SP3

 

Windows Vista with SP1

 

Key differences

 

Standard user accounts

 

Deploying standard user accounts was traditionally impractical, partly because users can’t change many common settings and partly because many applications require Administrator access to portions of the registry or file system (for example, C

/ 0 نظر / 22 بازدید