FAQ: Vista's SP1 semisecrets

Microsoft promised changes in Vista; did it follow through?

Microsoft Corp. has been lowering expectations about Vista Service Pack 1 (SP1) since before it even confirmed there would be one. Numerous times, company executives and managers have told users and the press that Vista SP1 would not be like Windows XP SP2, the last desktop operating system service pack the company released.

"This is not about adding new features," David Zipkin, a senior product manager for Windows Vista, told Computerworld last August, comparing SP1 to XP's SP2, which was as much a new operating system as an update.

Really? Could have fooled us.

We took a spin through the change log for SP1, which has been released to manufacturing but won't be available from Microsoft until next month, and found a slew of things new to Vista. Not new as in unknown -- although there are a few surprises -- but new as in not seen in the initial edition of Vista launched in January 2007.

A recounting of the new and/or changed in Vista is unnecessary, and repetitive of what Microsoft has done itself, so for the most part, we went after the most interesting modifications that had been promised at one time or another to see if Microsoft followed through.

We call them "semisecrets" only because it's easy to forget that Microsoft committed to doing one thing or changing another. Plus, it's alliterative.

Does SP1 kill the "kill switch"?

Microsoft has come through on the promise it made back in early December 2007, and backed off from the dire side effects of a validation failure or if the user neglects to activate in the first 30 days.

Rather than drop into what Microsoft called "reduced functionality mode" -- where the only thing that worked was the browser and then for only an hour at a time -- SP1 amps the nags to activate and slaps a black background on the desktop.

Machines that fail a Windows Genuine Advantage (WGA) validation test -- as some thousands did last year when Microsoft's servers went on the blink -- will see the same black background, but they won't be nagged about the need to buy a license.

What anticrack patches does SP1 apply?

Although Microsoft dialed back on Vista's notorious "kill switch" -- what the company called "reduced functionality mode" -- it has also included two updates designed to block popular pirate hacks.

The first is a fix for what's dubbed the "OEM Bios exploit," a crack that modifies system files and the BIOS to mimic product activation done at the factory by computer manufacturers. The second, which goes by the name "Grace Timer exploit," monkeys with the activation grace period -- it's normally 30 days, but can be extended -- so that it doesn't end until the year 2099.

Not surprisingly, Microsoft doesn't come right out and say it's cracking down on the hacks to stymie piracy. Instead, the SP1 change log states, "SP1 also includes updates that deal with two exploits we have seen, which can affect system stability for our customers."

What about the changes to search that Microsoft promised?

You mean the ones Microsoft made to get the U.S. Department of Justice (DOJ) off its back? They're here.

Last year, Micrososft agreed to a number of changes to Vista after Google Inc. complained to the DOJ that the operating system's integrated desktop search violated the 2002 antitrust settlement. When Microsoft struck a deal in June 2007, it promised that Vista SP1 would let users disable Windows' built-in search engine and switch to an alternate, such as -- surprise! -- Google Desktop.

In the interim, Microsoft removed the Search command from Vista's Start menu using one of the monthly software updates.

With SP1, both users and resellers will be able to select a default search engine by using the process already in place for choosing a default browser or media player. SP1 produces search results using the new engine from the Start menu, Windows Explorer and the Control Panel.

"Third-party software vendors simply need to register their search application using the newly provided protocol in Windows Vista SP1 to enable these options for their customers," said Microsoft in the SP1 change log.

Last year, Microsoft said Vista was immune to this random-number-generator bug in Windows 2000 and XP. But doesn't SP1 include some fix or update here?

Eagle-eyed you are; you are correct.

Let's go to the evidence. "The cryptographic random number generation is improved to gather seed entropy from more sources, including a Trusted Platform Module (TPM) when available, and replaces the general purpose pseudo-random number generator (PRNG) with an AES-256 counter mode PRNG for both user and kernel mode," reads the SP1 change document.

What's odd here is that Microsoft felt the need to beef up Vista's random number generator. Last November, a team of Israeli researchers, led by Benny Pinkas at the University of Haifa, argued that attackers could exploit a weakness in Windows 2000's PRNG to predict encryption keys. After some hemming and hawing, Microsoft acknowledged that Windows XP shared the bug, which would be fixed in that operating system's SP3.

But it claimed that Vista was immune to the flaw spelled out by Pinkas.

If so, why did it change the random-number generator in SP1? We've asked Microsoft to explain, and Pinkas to decipher the changes, but we haven't heard back from either yet.

In the meantime, it's also striking that Microsoft's acknowledged changes sound very much like what Pinkas recommended as a solution to Windows 2000's problems in his original paper (see p. 20, Section 7.2, "Recommendations" of the paper, available here as a PDF download).

Coincidence?

Does SP1 dial back the expectations for Vista Ultimate's Extras?

Looks like it. Microsoft has dramatically cut the amount of descriptive text that touts Extras, the bonus software feature that has collected scathing reviews from customers, just as bloggers revealed months ago.

As people like Long Zheng of Itartedsomething.com pointed out back in September, Microsoft has slashed the text in the "What are Windows Ultimate Extras?" dialog box within SP1's Windows Update.

Microsoft puts it this way in the change log: "SP1 modifies the text in the Ultimate Extras Control Panel to describe the Ultimate Extras program in more general terms." That's an understatement. The detailed, specific benefits of Extras highlighted in the January 2007 Vista release have vanished in SP1, replaced by a one-sentence description. "Windows Ultimate Extras are designed for Windows Vista Ultimate customers to extend Windows features or just make using your computer more fun," SP1 reads.

Last fall, Microsoft countered that the change in language didn't mean it was dropping Extras. OK. But the fact is that no new Extras have been released in more than four months.

I heard something about SP1 making the PC slower, not faster. What gives?

You heard right. Although Microsoft has been beating the performance drum on SP1 and swears that the end result will be a more responsive system, the company has also acknowledged that immediately after an update to SP1, the PC will actually seem more sluggish than before the upgrade.

In the support document that outlines SP1's changes, Microsoft spelled out the slowdown. "The Windows Vista SP1 install process clears the user-specific data that is used by Windows to optimize performance, which may make the system feel less responsive immediately after install. As the customer uses their SP1 PC, the system will be retrained over the course of a few hours or days and will return to the previous level of responsiveness."

Where's the best place to go for all the poop on SP1's changes?

Although we're tempted to say "Right here, pal," that would be wrong. In a nod to the horse's mouth, we recommend Microsoft's own change log-style paper, available in (PDF or XPS format, download starting here).

Speaking of mouths, its title is a small mouthful: "Notable Changes in Windows Vista SP1, Version 1.4."

This is the best source, if only because unlike other Microsoft tout sheets -- like this one, "Overview of Windows Vista Service Pack 1" -- it includes a complete and up-to-date list of all patches and hot fixes blended into the update.

Copyright © 2008 IDG Communications, Inc.

Download: EMM vendor comparison chart 2019
  
Shop Tech Products at Amazon