Welcome to part 1 of a "Why Vista" series. Following on from my previous post, I'll hopefully be presenting a post every few days on what good changes are coming in Vista. None of these are features that will appeal to everyone, but the sum total of all of these features will hopefully provide the value proposition to justify an upgrade.

Since there are so many changes in Vista/Longhorn Server, I thought I'd start with a few around security, stability and system integrity – things that people may not be so are aware of (compared to, say, IE7 and gadgets and other obvious changes).

I'm going to start with changes to services in Vista, and continue with those for the next couple of posts. Services were a persistent problem up to, and including Windows XP/Windows Server 2003. They are typically running all the time, and they typically run under highly privileged accounts (LocalSystem). This made them a prime target for attackers. So what's the first thing changing with services in Vista?

Services now have the ability to register the permissions they require and the resources they need access to. When the Security Control Manager (SCM) starts a service, it creates a token that prevents the service from writing to resources that it doesn't need access to. It can also ACL resources that are the exclusive preserve of the service, which other services should not be touching. Additionally, the service's registered network access (no access, fixed ports, dynamic ports) are can be configured by the Windows firewall.

The RPC service, for example, is now preventing from replacing system files, modifying the registry, or tampering with another service's configuration (such as AV software) according to this Windows Vista Security Whitepaper

This would help prevent worms from hijacking services via an exploit and using their elevated security contexts to perform actions that the service not otherwise normally perform.

All core Windows services have been profiled in this manner, and restrictions placed on them. Third party vendors may also opt-in to such a system to prevent their services from likewise being a target for attack.

Unfortunately there doesn't seem to be a lot of technical information on how this change has been implemented available on the web. The latest Vista SDK released to beta testers still only appears to have documentation related to Windows XP and Windows Server 2003 in the services section, so I will update this post later on when more detailed information on this becomes available (or someone can point me to a more relevant/up-to-date source!)

In my next post, we'll look at the changes to default identities being used by Windows services in Vista, and changes to avoid the risk of "shatter" attacks.