Hi all. I apologize for the lack of postings this past 4 weeks. There's been a lot going on!
To whet your appetites, I'm posting the text from my brief talk at the Mobile PC Partner Briefing, which was held on MS Campus Feb 1st and 2nd.
To those I met, I'm glad I met you and hope we can meet again! To those I didn't get to meet, I hope to meet you someday!
What’s changed in Vista vs XPSP2
New input modes
Device form factors are more varied
User account control
64-bit compatibility required for (Windows) logo
Input modes
Mouse+kb - can’t assume people will have this anymore (slates)
Pen
Wacom
FinePoint
Touch
Speech
Devices are more varied now
Fujitsu p1510d (1024x600)
Motion LS800 (800x600)
Toshiba Tecra M4 (1400x1050)
Intel GMA (Graphics Media Accelerator) limitations (1024x768)
User Account Control (UAC) Aka Least-privileged User Account (LUA) aka User Account Protection (UAP)
What is it
All interactive administrator-group accounts run as Standard User but have “elevation potential”
Applications have to be marked to require administrative privileges
-One-time elevation
-Always run elevated
ConsentUI must be handled interactively
Most common effect likely to be setup/uninstall (file system access)
UI Privilege Isolation (UIPI) enables Windows to block applications at lower privilege levels from sending messages or hooking threads against processes with higher privilege; protects vs. “shatter” attack
Why is it
UAC prevents attacks by malware, root kits, spyware and viruses by limiting admin-level access to authorized processes
How do I deal with it
Can no longer assume user has admin privileges by default
Whitepaper available simultaneously with Vista Beta 2