Windows Vista Networking Reviewed
One of Windows Vista’s biggest improvements and source of problems to date is the all-new networking TCP/IP stack and front-end. Besides the (largely BS) security bulletin published by Symantec, there have been a host of other “previously neutralized” TCP/IP bugs that still existed in Windows Vista. But since then Vista has come clean. We haven’t been able to replicate any of the vulnerabilities detailed in Symantec’s security bulletins.
Vista’s new Network and Sharing Center is a very important step in bringing security down to the average man’s playing field. Our security professionals at NeoSmart Technologies have analyzed the host of options available in the Network and Sharing Center, and they do sufficiently address the shortcomings and major sources of insecurity in previous versions of Windows.
Improved TCP/IP Stack
Windows Vista’s major bragging point compared to any other modern (and big) operating a system is a TCP/IP stack written from scratch with complete IPv6 and advanced routing support. Most other operating systems have an ancient networking stack that is constantly being updated with new components. Besides the obvious negative performance and security impacts of such a model, it also means that the operating system will never completely interface with the newer features of the networking stack as well as it could if it were written from scratch.
But though the Vista networking stack may be new, it sure as hell isn’t from scratch. The TCP/IP stack has been rewritten from the start, but old code has been recycled, a practice that just means that you’ll be doing a lot of hard work but not reaping the benefits as much as you could. Vista’s networking stack wasn’t written with clean code, and as a result old holes and vulnerabilities existed; though they were patched in later updates of Windows XP, the fact that Vista used the original code meant that it was still vulnerable. Though the security vulnerabilities brought to attention by Symantec (everyone’s favorite company) may have been addressed, chances are there are still a couple (or more) bugs that were previously patched for other OSes that are still present in Windows Vista.
Besides the avoidable kinks mentioned, Vista has another disadvantage in using a brand-new TCP stack for a production-grade OS. All the past builds sent out to testers focused more on stability and performance tests, no one was too concerned with testing the security of the operating system, after all, that doesn’t really matter if the OS already crashes on its own. Only now can security professionals truly focus on finding vulnerabilities in Windows Vista. This doesn’t mean that there has to be bugs or holes in it, but it just makes it more likely.
But it’s not all bad news for Vista. The new networking stack far surpasses Windows XP’s or even Linux’s networking performance, with internet pages loading up to 8% faster than XP and up to 4% faster than Linux on identical web browsers in our tests (Opera 9.0.1 and Firefox 2.0 Beta). IE7 loaded pages 2% faster on Vista than on XP in our tests. Plus, Vista’s domain support is much more functional in Windows Vista than in previous versions to date, which will be a definite advantage in the corporate playing field.
Network and Sharing Center
We first reviewed Vitsa’s Network and Sharing Center when it first made its debut in build 5231. Since then it’s come a long way from the unstable program and buggy interface it was infamous for. The new Network and Sharing Center provides several very important security enhancements. Instead of making it hard for end-users to safely and securely set up a home network, the Vista Network and Sharing Center puts all the security tools where they belong: right in the users’ lap.
Users no longer have to go with an ‘all or nothing’ approach where you must choose between security or usability, with the new networking center it couldn’t be easier. A series of checkboxes and radio buttons let you choose what you want to do, from enabling viewing other PCs, sharing printers, files, and enabling passwords on file shares. It makes it really easy to keep security up and yet keeping everything simple.
What’s even more useful is it’s adaptable network profiles. Vista will remember every network you connect to, so it can have different security levels at work, home, school, and the local Starbucks without requiring the user to ever press a button. It would be nice to have per-network assignable static IP addresses, but for now, security’s good enough. Windows Vista has finally accomplished something special, and with the prevalence of wi-fi hotspots today, it’s just in time.
Vista’s new network stack isn’t perfect, and besides the possible vulnerabilities discussed, Windows Vista does have a couple more shortcomings. Wireless network reception under Windows Vista is several notches less than that under XP, but at the same time it doesn’t suffer from the “wi-fi lockup” symptoms that Windows XP was occasionally prone to. Nothing is perfect, and Vista’s networking stack isn’t an exception. It’s good, but it’s not perfect. It may be the best, that remains to be seen. It’s faster than the rest (including Linux and Mac OS X), but it’s not the most stable. The network center doesn’t freeze when renewing an IP (what XP’s “Repair Connection” button was famous for), but it doesn’t always succeed in renewing an IP when it should.. It needs more polishing before it’s ready for prime-time.