October 2007

Vista - Looking Backward for Business Users

It has now been nine months (at least!) since Microsoft® released its new Windows Vista® operating system, and unfortunately for serious computer users, the results have been fairly dissapointing. Vista aimed to solve many of the problems found in the Windows XP® operating system, while providing an upgrade to the user interface that has been largely unchanged for ten years. While some security holes have been plugged, the fixes have often come at the expense of usability, and as usual, Microsoft has introduced a host of new problems that will make users forget about the ones that they've been nice enough to fix.

First of all, the topic of this critique is not Vista, in general, but rather its usability for common business purposes. This does not include video gaming (although, as a sidenote ... gamers have been quite unhappy with the performance of Vista, as well). Nor does it include home users wanting to use their computer as a media center, movie maker, or control center for fantasy football. This concerns business users interested in such logistical matters as stability, security, performance, backwards compatibility, hardware support, backup, and commonality.

Security

The most noticeable changes in Vista surely concern security. Microsoft has done a nice job decoupling some of the internals of its Internet Explorer browser from the operating system itself. This helps with a whole family of vulnerabilities that made using IE on XP a very risky proposition. Another major change concerns User Account Control (UAC). Users will immediately notice UAC as the annoying source of frequent popups asking for permission to proceed with an action. UAC has three fundamental flaws, from a usability standpoint.

  • UAC asks permission for too many operations, many of which are not risky at all
  • UAC does not respect Administrator status
  • UAC isn't smart enough to ask permission (only) once for a sequence of related actions
The real risk of asking permission for too many things is that users will be so accustomed to acknowledging lots of innocuous warnings, and start accepting everything without paying close attention to what Vista is warning them about. This is the proverbial "crying wolf" dilemma. Another frequent response to over-zealous requests for permission is that some users will decide to turn off UAC altogether, which completely eliminates any advantage of having this feature.

Secondly, if a user does take care to create separate accounts for system administration, and normal day-to-day operations, Vista should respect that choice. Instead, it still prompts Administrators for every quasi-important change they try to make. It's as if Microsoft is saying, "We don't think the users know how to safely separate administrative and non-administrative sessions, so we'll treat them all the same" (at the expense of cognizant and responsible administrative users).

Lastly, even if prompting is required, Vista could be smart enough to group related operations together and only ask permission once. There are plenty of secure applications that safely cache passwords, or passphrases, in between steps in a critical process. The poor implementation of UAC wouldn't be as dissappointing if it weren't for the fact that Microsoft is not breaking new ground here ... other OS vendors have already solved this problem in reasonable ways. It appears that the designer of UAC got their inspiration while waiting in a long airport security line. Just because security is inconvenient, doesn't mean it's good.

A related problem, that also falls into the "crying wolf" category, is the Windows Security Center built into Vista. For many SMB (Small to Medium-sized Business) users, a good dedicated hardware firewall is sufficient to protect the computers on their network. Therefore, I have always forgone the redundant Windows software firewall (which admittedly is better in Vista than in XP). However, if you do disable Windows Firewall, you will have a nasty Red Shield Icon in your taskbar. Until you figure out how to tell Windows to ignore this, it makes it more difficult to determine when a real, new security vulnerability has been detected.

Vista also fully integrates with the Windows Defender spyware application, and the Live One Care security suite. However, independent testing has shown Defender to be woefully inadequate at weeding out threats. While there is nothing stopping users from installing a 3rd party spyware, and antivirus solution, the integration with Microsoft solutions that are either built-in, or cheap, is supposed to be a selling point for Vista. If you have to continue to rely on another vendor to make up for the holes in Microsoft's OS and browser, you might as well stick with XP for a while.

Performance

Another major failing of Vista is the poor performance users see while conducting routine tasks. This is a separate issue from that of Security, but clearly there is some overlap. Many of the Windows services that are running on a Vista installation by default are services designed to secure the OS. However, these services consume memory, processor time, and add bottlenecks that slow other operations more than just their mere resource utilitization would suggest. In many cases, the services' existence merely attempts to cover up a weakness in the OS that would be better served be solving the problem directly. Imagine a person with deathly allergies to shellfish. They could choose to be safer by either

  • Hiring a security guard to stay with them at all times, and shoot any waiter who brings them a shellfish.
  • Or, forget the security guard, and just stop eating shellfish.
Can you guess which solution Microsoft might favor? These extra services bog down the processing you actually intend the computer to be doing.

I have already streamlined my Vista installation by disabling several services I deem to be unnecessary for safe, effective use of my workstation (including the Aero user interface). Nonetheless, after I logon, but before actually starting any user applications, my computer's memory usage is at 750MB. If this doesn't seem exceptionally high to you, maybe you don't have a problem with Vista. But, this strikes me as excessive for a machine that isn't actually doing anything yet! Check your processor and memory usage (Vista includes a nice heavyweight gadget for your sidebar to do just that!), and see if your machine is similarly burdened.

In addition, whenever I setup a login account for a new Windows computer, my first step has always been to disable all Windows graphic effects, for the sake of performance. Needless to say, I never even gave Vista's Aero interface a try. I also reset my desktop theme to a Classic Windows look-and-feel. In retrospect, I'm glad that I did. I've read about issues where the graphic effects in Vista caused severe performance problems. Most notably, this issue concerns network file operations taking an order of magnitude longer if Windows is allowed to animate the operation (i.e. make the file "fly" from one folder to the next). This is utterly ridiculous. I seriously hope an intern was responsible for this feature (a high school intern, at that).

Another intolerable performance problem I have experienced with Vista is simple DNS domain name lookups. Frequently, resolving a domain name into an IP address takes several seconds to complete. When that request is made by a browser, the request usually times out altogether. Upon retrying (reloading), the DNS lookup succeeds, and the page loads. This behaviour is repeatable with IE and Mozilla, and appears to plague other apps as well (since domain name resolution is required by almost everything that needs to access the internet). The exact same computer, booted into XP, with identical TCP/IP settings, has no such problems.

Stability

Perhaps I am simply asking for too much, to expect that as a product (e.g. Windows) matures, stability increases, and less maintenance is required. Of course, no one tolerates constant maintenance of their consumer electronics. And while there are plenty of car drivers that gladly sacrifice a steady stream of repair bills, in order to gain features, or performance, there's also a large sector of the market that is driven by the desire to drive cars that just work. Honda and Toyota didn't gain market share with sex appeal. They did so by building a car with enough features for most drivers, and a stellar record of reliability. So, come to think of it .. I don't think it's asking too much for operating systems to be more reliable, too.

My early experience with Vista seems to involve just as much effort constantly updating my OS and applications, as with XP. When new patches come out for XP, the same bug generally has to be patched in Vista. Sure, it's possible to configure your computer to automatically download and install updates whenever they become available. But any business user who accepts this option is asking for trouble. Patches create a configuration control problem. They usually fix problems, but sometimes create them, too. And these days, downloading and installing patches can render even a multiple-CPU machine useless for a noticeable amount of time. Serious users need the control to determine when patches get applied. And that generally should only happen after someone (either their IT department, or at least the Windows userbase at large) determines that the updates produce the desired effect. This process of validating updates, and installing them, still takes far too much time for Vista users.

A Recent Set of Vista Updates, All Released on the Same Day!

In addition, my nine months of Vista frustration has included an inordinate number of updates that failed to properly install. This should be a rare occurence, but in my experience, happens all-too-often. And unfortunately, when an update doesn't successfully install, you either have to choose to ignore it forever (and hope it wasn't an important update!), or by bothered by the Windows Update application constantly notifying you that this same update is "now available", to fail just as it did before.

Application Compatibility

One well-intentioned feature of Vista is a system that warns you when installing applications that have known compatibility issues with Vista. Philosophically, this sounds like a great idea. However, so did the idea of driver-signing. I would prefer to enforce a policy on my workstations that only allows signed drivers to be installed (without a conscious override). However, with XP, I would constantly find that even drivers released by Microsoft itself were not always signed. Failing to strictly apply to a driver release process makes it impossible to use this feature (digital signing) to weed out untrusted, or unstable drivers. Similarly, Microsoft itself has applications which are still failing the Vista compatibility check. As a software developer, Microsoft's Visual Studio is the primary tool I use for writing code. Upon Vista's introduction in early 2007, Visual Studio 2005 was the industry standard version that was Microsoft's current stable release. However, when installing VS2005 on Vista, you find out that Visual Studio 2005 has known compatibility problems. Upon checking Microsoft's site, you quickly learn that the vendor (Microsoft) has provided no fix for the problem (do they ever have a fix?).

Of course, you can choose to override Vista's warning and install the application anyway, which I did, being completely dependent on VS2005 for my work. To date, I have not noticed what Vista was complaining about, from a compatibility standpoint. VS2005 has functioned just fine for me. I'm not sure whether I'm happy to see that, or not! Clearly, it would be more disturbing if an incompatible application was flagged as compatible, but this is still troublesome. If Microsoft can't even ensure that its own applications pass compability checks, it seriously undermines the effectiveness of having the checks in the first place. Naturally, non-Microsoft applications you'll want to install on Vista have even more compatiblity problems.

Similarly, Office 2003, which is still the staple of most business users, clearly has problems with Vista. Although it passes the install-time compatiblity check, several Outlook updates, including SP3, will simply not install successfully on my installation. Of course, Office 2007 is ready and available, but when users shell out top dollar for a new OS, and the new hardware that OS demands, they should have the option to hold off on upgrading office applications, that quite frankly, already do everything that 98% of business users need. Office is Microsoft's flagship application, and the 2003 version has only very recently been upgraded (by Office 2007). Legacy Office 2003 users should expect solid support from Vista well into 2008. Sadly, that expectation has not been met.

Hardware Support

Whenever a new operating system is released, many hardware vendors will have to update, or rewrite the drivers for their devices. This is their responsibility. However, the OS vendor is responsible for making this job as easy on them as possible, with stable APIs (Application Programming Interfaces), good documentation, a streamlined verification process, and enough time to complete the work. Not being a hardware vendor, I can't speak directly to how Microsoft has done at enabling hardware support for Vista. However, this is not an appraisal of Microsoft's performance, but rather a judgement on the Vista experience on the whole. And in that regard, Vista is in very poor shape with respect to hardware support.

Display drivers alone are likely to be a major source of headaches. Many graphics card do not yet have, or will never have, proper Vista device drivers. This is dissapointing, indeed. In the past, I've always taken comfort in the fact that if I load a new OS on a computer with older hardware, at least the older hardware will all be supported with built-in, plug-n-play drivers that Windows finds on its own. This has always been a strength of Windows (certainly compared to Linux/UNIX). However, with Vista, many older devices are simply not usable. In addition to the huge performance budget needed to support Vista, new hardware is often needed simply to make the device work at all. This might be tolerable with peripherals like scanners, or digital cameras, but with a critical device like a graphics card, Vista's poor hardware support becomes a veritable showstopper.

Backup

Backup is an issue that most home users still ignore, but only truly cavalier business users neglect. Backup in XP either involved the built-in ntbackup application, or a 3rd party backup app, like Backup Exec, from Veritas. Ntbackup.exe was unexciting, but could be scripted to provide a reasonable system of incremental, differential, and full backups. However, Microsoft decided not to include ntbackup in Windows Vista, insteading going back to the drawing board with a new backup utility. This utility probably accomplishes their goal of making basic backup for typical home users easier. However, it sacrifices much of the control over the backup process that you had with ntbackup. In Vista, you are given the options to backup Pictures, Movies, or even Email! How does Vista even know what constitutes email? Of course, if they assume you use a Microsoft email solution, then they know how to recognize your email folders. But this type of treatment isn't acceptable for savvy administrators, who know which types of files they do, and don't want to backup. wbadmin gives you a paltry set of options for scripted backups.

In addition, Microsoft has essentially decided not to support tape devices as a backup medium any longer. They will claim that they do in fact support tape devices, and that users are free to download tape drivers from their vendors' websites. The problem is that vendors are either slow to provide such drivers, or are reading Microsoft's lips and abandoning support for tape drives on Windows Vista. Microsoft evangelists urge us to move on, and forget about tape drives. They say, optical media and network storage (e.g. NAS) has become cheap enough to make tape drives obsolete. I disagree wholeheartedly. First of all, as other technologies have become cheaper, so have tape media. Tapes still provide more storage per unit cost than optical media and hard disks. Even DVDs are still far too small to perform full backups of most business users' data, and often are not rewriteable. And while NAS drives provide a nice solution for pure backup, they fall flat when it comes to archiving. If you need to save snapshots of your data for a significant period of time (a year, 5 years, more?), then you cannot keep all that data on hard disk drives. And since hard drives (or NAS) bundle the media with the reader/writer hardware, you cannot separate the data from the device. When you archive to tape, you pop out the tape cartridges, and throw them in a safe for archival. Try doing that with your NAS device, or USB hard drive!

Certainly, you have the option of employing a Disk-to-Disk-to-Tape backup solution, where data is backed up from your Vista workstation, to a server's disk, and then less frequently to the server's tape device. This may be a reasonable option, but why can't users choose to skip the intermediate step altogether? If your business data occupies many GB (or TB), then disk-to-disk transfer will represent a significant load on your network, and significantly more write wear-and-tear on your server's hard disk, which tends to be a critical component. Allowing workstations to backup directly to tape is often a good solution for the SMB user, but Vista all but removes that solution from your IT toolbox.

I have also confronted the scenario of trying to recreate an entire Vista installation (e.g. after a hard disk crash, or disk upgrade). One trial involved manually reinstalling the OS, and then using Windows Backup to restore a backup I had previously taken (and stored on the network). This was a miserable disaster. Despite only restoring a backup of a couple GB in size, the process was agonizingly slow because Windows continually prompted me for input when restoring files that already existed, or were in use. This included a slew of files where the source and destination file were exactly the same. Still, the prompting. Of course, during a restore process, these types of files will be encountered frequently. Had Microsoft really not considered how to gracefully restore an existing file? This is what happens when software companies decide to rewrite apps from scratch ... lots of usability regressions. Furthermore, many of my files would simply not restore properly, because the files were originally owned by a user account which did not exist by default. Any decent backup app would restore user accounts before the files they owned, but not this one. To make matters worse, the missing user account was one created by the SQL Server installation, and used a username that was longer than Computer Management will allow you to create manually. So, I literally could not restore those files to their rightful owners (without learning how to create long usernames outside Vista's GUI). Finally, while the backup populated plenty of folders under C:\Program Files\, many of those applications were not usable after the restore. The system state, aside from normal files, was not even remotely returned to its original configuration. As it turned out, I used linux to perform a successful backup/restore of my Vista installation.

Conclusion

Unfortunately, Windows Vista still lacks (October 2007 and counting ...) too many characteristics that serious business users depend on. Some problems may be resolved as time passes, but if we've learned anything about Microsoft, it's that they're always more interested in their next big thing than they are in fixing today's problems. As a business user, you're probably used to IT choices where the Microsoft solution is always a safe bet. But, if your decision is between migrating to Vista, or sticking with XP for a while longer, the best choice may not be the one Microsoft wants for you. And the good news is that you won't be alone if you choose to stick with XP. Hardware vendors are deciding to keep offering XP. Businesses are delaying the purchase of new computers because of Vista's problems. As long as XP continues to be the standard in the business community, you will have options. Right now, committing to Vista might just be too risky for your users to accept.



Microsoft, and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

powered by Debian

Copyright ©2003-2008 Enscand, Inc.
All Rights Reserved

Modified August 12, 2008
Privacy
Security
Environment