Windows Vista was originally code-named Longhorn. The name Longhorn was heard as early as I was still in High School (1999). Even today, Windows Server 2008 is still internally called Longhorn Server. What surprise did this version of Windows bring to us? I think it is multi-dimensional: new kernel changes, new kernel features, new Windows services that support more tasks, less legacy support, new visual effects, new bundled applications and externally, new hardware.
Let's examine what Windows Vista brought us:
The CPU scheduling algorithm has been modified to make scheduling much more precise: on supported CPUs, an instruction-level precision clock will be used to precisely record how much CPU time is consumed by a thread. Also, the scheduling algorithm has also been modified to allow fair scheduling. This makes a CPU intensive program much less likely to affect overall responsiveness. Experiment: run a dead loop program and see rosh completion speed. In this way, Windows is comparable to Linux with the 2.6.24 kernel CFS (completely fair scheduler).
Memory management: Superfetch uses anticipatory fetching of memory pages on the drive when the system is idle, so that it is probable that when the pages are needed, they already exist in the RAM. It analyses the frequency a page is used, and also does some prediction using methods like Markov chain or AI. It may not be implemented for disk cache. Apparently this is not coming with no price: it consumes 40MB of RAM. It is good to get enabled on systems with at least 200MB of free memory, and really provides more responsiveness when a memory-consuming program quits. One interesting thing I found is that Superfetch uses "idle" priority I/O, but it fetches pages almost at full speed soon after a memory-consuming processes exits.
Knowledge point: memory paging optimizations. Before Superfetch, there were already three methods used to improve paging efficiency: read-ahead, write-behind and prefetching. Read-ahead and write-behind were used in the original version of Windows NT. Prefetching was introduced in Windows XP. Read-ahead: on every page-in, the system reads contiguous pages and expects them to be used. Write-behind: several page-out operations of contiguous pages are attempted to be combined into one write operation. Prefetching: in XP this is used to load files faster during system and application start-up. Note that page-outs are not guaranteed to map contiguous pages to contiguous page file contents, so contents in the page file may be fragmented. Windows Vista supports larger size read-ahead operations, such as in 1MB blocks (originally at most 64KB), so sometimes there is speed boost.
Memory management: ReadyBoost uses fast USB thumb drives to serve as a read-only cache of the page file and regular files. This is because of one simple reason: USB thumb drives are better at random read access than hard disk drives, but not as good at sequential transfers or writes. ReadyBoost tries to take advantage of both devices. It is most useful when the amount of RAM is a little-bit not enough, and there is still more than 100MB free RAM. If there is almost no free RAM, ReadyBoost cannot help. Superfetch is aware of ReadyBoost and it also loads data into the ReadyBoost cache. Experiment: with Superfetch on, enable ReadyBoost and see ReadyBoost cached bytes in Performance Monitor; compare it with Superfetch off. ReadyBoost itself only caches page outputs so it cannot work well with Superfetch pre-populating data into it. In its follow up version, Windows 7 ReadyBoost even supports up to 8 devices and 256GB space.
Symbolic links. This long-awaited feature finally comes. It works like a charm. Like in Linux, a symbolic link to a file shows its own path, but with the content of the file it redirects to. Unlike a hard link, a symbolic link doesn't have ownership to a file, and its target is not limited to the drive it resides. A symbolic link to a directory can also be created. Before symbolic links, there were junctions in Windows 2000, and Mark made a Junction tool for that feature. Junctions are like symbolic links, but they can only redirect directories (and also mount points, if you use the mountvol tool). Another difference is that junctions work on the server side, while symbolic links on a network folder are interpreted on the client side. You can use the mklink command to manage both symbolic links and junctions.
I/O priority and scheduling: I/O priority is introduced and one special I/O priority is implemented: idle. Processes with the idle I/O priority can only perform I/O when there are no other processes requesting I/O. I/O scheduling is implemented in order to make multi-media playback more smooth. Settings of these features currently cannot be modified through Process Explorer or Task Manager yet.
Cancellable I/O: some I/O operations can be cancelled now. For example, a file-open operation, when executed on a network drive, may sometimes bring the application to a halt state. Now this can be cancelled.
File and registry transactions. The Kernel Transaction Manager will allow applications to start a transaction of file and registry operations which can be rolled back.
Application Compatibility Wizard. This wizard was introduced in Windows 98 to warn users about incompatible applications which were designed for older versions of Windows.
System Restore. Now it allows restoring single files. This is done through Volume Shadow Copy.
Windows Search. This is a version of a desktop search engine. With its indexing facility, full-text search is much faster. You can use it to index your document archive directory and it will be able to search it. It also supports indexing PDF files and others.
Windows Defender. It prevents malware. Useful when you surf on the net.
Reliability Reporting. This feature summarizes and reports computer reliability, and shows it in Performance Monitor.
Windows Firewall. It is now much more advanced and has both inbound and outbound monitoring. Its advanced interface is quite useful. In addition, because computers sometimes use the same network adapter to connect to different networks, such as home network and corporate network, the network zone feature is introduced. Windows automatically recognizes the network as public, private or domain, and applies different firewall rules to it.
IPv6. Now it comes. One day with IPv6 we'll have one IP address for every computer.
Fast User Switching. Now this is allowed even when the computer has joined the domain. (Windows XP doesn't support this when it has joined the domain.)
New shared folder services. There are new services that enhance shared folder transmission, such as differencial compression, etc.
RAM requirements: After my testing, with 512MB RAM, Vista requires about 300MB to run properly (with my Lenovo drivers installed and bare system without anti-virus, etc.). With 1GB or higher, Vista requires about 400MB to run (my computer uses an Intel integrated display adapter which may consume system RAM, but Aero is not used; I'm not sure about stand-alone display adapters). However, Windows Update sometimes eats more than 400MB RAM, forcing me to turn it off.
No winhlp32.exe program (but can be installed through a patch). Internet Explorer drops the Offline Web page Favorites feature. IE 7 cannot be used as Explorer nor vice versa. The separation of IE and Explorer is a security enhancement to Explorer. With this, Active Desktop is also not supported. Side-bar widgets are supported for online content to be delivered.
Windows Address Book (wab) must be converted to Windows Contacts format before using. All folder information in the original wab will be lost.
The new WDDM display driver model prevents console or DOS windows to switch to full screen. This is a bad news for DOS users. In addition, Windows Server 2008 and Windows Vista x64 versions are 64-bit OSes and don't have NTVDM (NT virtual DOS machine) so they cannot run DOS programs at all.
CHM files may be blocked without notification. With Simplified Chinese titles in the Contents (compiled on machines with CP936 as the default encoding) it shows "cannot display the page" even if the system default character set is CP936. To solve this problem, in Windows Explorer, right-click the CHM file to open the context menu, and choose Properties. Then you'll see something like "the contents are blocked", and there is a button to "unblock". Click that button and it's done.
IME: Traditional IMEs through Windows 95 to Windows Server 2003 are no-longer supported perfectly in Vista. A new IME standard is introduced. For example, old IMEs can no longer be turned on or off through Ctrl-Space in a console window. Also, protected mode IE causes old IMEs to crash.
UAC: User Access Control. This feature is not only annoying, but also causing troubles for applications that were originally meant for administrative use. However, since most applications don't require administrative rights, it doesn't affect very much. In order to work around it, I launch an elevated administrator Command Prompt (by using "run as admin" on the Command Prompt shortcut) and then start the administrative application from the Command Prompt. Besides, it also hides the traditional "Run As" menu item in older versions of Windows (2003/XP/2000). Instead it replaces it with "run as admin". On the other hand, as an enhancement, for non-administrative applications, it applies "folder virtualization" on them to let them virtually write to "Program Files" or Windows folders, except for certain built-in programs such as cmd.exe and explorer.exe. Thus, for applications that depend on them, folder virtualization doesn't help when they invoke them, such as using the system() call in C. When an application requires administrative privilege (which can be done programmatically or recognized by Windows through a manifest embedded into the executable file), the UAC prompt pops up. It is launched in the "secure desktop" which is the same desktop as you press Win+L key combination to lock the computer, so that processes without administrative privilege cannot hijack it. It is called a "consent" dialog, and it has consent.exe launched. In group policy editor (gpedit.msc), there are options that can change the consent dialog, making it "consent" or "run as" or by-pass (elevate directly). UAC raises the security of Windows to a new level.
Protected mode IE 7. IE launches multiple child processes, and there are Web-interpreting processes that run JavaScript, ActiveX controls etc. in a very limited security context. This way, IE is much securer than before --- which is a little bit ironic, because IE still hangs sometimes, or crashes, even after disabling all extensions --- its quality still needs improvement. Sometimes a file is saved in secure mode IE. However the folder for secure mode IE is virtualized --- the saved file is actually saved in another directory. Then, Mark Russinovich needs to kick off his Process Explorer to find out a file saved by the protected-mode IE 7 designed by Robert Gu, one of my former managers.
Integrity level and icacls. Integrity level is the mechanism used by IE 7 to implement protected-mode IE. It adds more restriction based on the traditional NT 5 ACL, so that if potentially malicious code is run under a lower integrity level, they won't affect objects in higher integrity levels by themselves, unless higher integrity level processes explicitly read them or run them. icacls is a command-line tool that can replace the cacls command. icacls can modify ACLs and integrity level with flexibility. It can assign security on a folder or file, and it can change security inheritance. It can disable inheritance on a folder, reset ACLs of all sub-folders and files in them.
Session 0 isolation. Traditionally, Windows services run in session 0. It is the same case in Windows Vista. As background knowledge, with "fast user switching", each logged-on user has a session. If a user is logged on twice (which is possible on Windows Server 2003 and higher Server editions), there are two sessions for the user. However, the difference is that Windows Vista never shows session 0 to the user. A badly-written service may pop up dialogs in session 0, and it is actually a security flaw --- the correct way to communicate with the user is through some IPC mechanism, such as window messages, a named pipe or a TCP/IP socket. Thus, Windows Vista enforces session 0 isolation. Another interesting change is that in Windows 2003 and earlier, if you replace the logon.scr screen saver with some executable file you use, and wait at the log on screen until the log on screen saver is launched, you can launch a process with SYSTEM privilege (even higher than Administrator). In Windows Vista this way doesn't work any more.
Process address space randomization. For a native application (any application that is compiled into machine code, such as C/C++/Delphi/assembly), one kind of security attack is to inject code into its address space and call a Windows API. Because Windows API is loaded as DLLs, and in Windows, each DLL has a default load address. As long as the virtual address space is available at the designated default load address, the DLL is loaded there. This leaves attackers a high probability to successfully call an API. Now, applications have an option to be compiled to use address space randomization. This makes DLLs loaded at random addresses (can be seen using WinDbg), making attacking harder. Besides this, starting with Windows XP SP2, with the CPU's DEP (data execution protection) feature, Windows marks data pages of an application as non-executable, thus making code injection into data pages (which is a common case) harder to make an attack.
Aero. Aero is the new advertised "elegant interface", however it is too elegant that it is distracting the user's concentration when doing work. A lot of transitions: minimizing, maximizing, Task Bar preview, Alt-Tab preview, Win-Tab Flip 3D display. In Windows 7 it is enhanced more, with the new task bar concept like a Macintosh "dock".
Vista Basic. Vista Basic is not the XP-style theme. It is a Vista-style theme, but like that of the XP, it is not so distracting.
Classic. Like Windows XP classic and Windows 2000. Actually in the old Classic style in Vista, the look is like Windows 98, but the colors are modified, so it is not so original. You can change it to have an original taste.
Internet Explorer 7. It provides whole-page zoom functionality, allowing both text and graphics be zoomed (and Adobe Flash also supports this!). In IE 8, there is an addition --- the "compatible mode" button, allowing Web pages not written correctly for new IE be displayed.
Side-bar clock and Calendar. The side-bar gadgets are sometimes useful, such as reading the date/time and writing a note. However it takes about 15MB RAM so do not use it if the RAM is not ample and you don't need it. The Calendar is not so easy to use as Outlook is. However Mozilla Sunbird, another calendar program, is currently (year 2008) not usable under a normal user account either, so Calendar is still useful. Note that Calendar will not show alerts when it is not running. Though it schedules itself in Task Scheduler, it is still sometimes missing appointments, so keeping it running may be important.
Windows Mail and Contacts. I haven't used Windows Mail since I almost no longer use POP mail boxes. Contacts is an upgrade to Windows Address Book but cannot convert folder information from old WAB files.
Complex Control Panel and Task Scheduler. They have become too complex to let a novice computer user to fully understand them. However using them in an easy way is still OK.
New games. Chess Titan, etc. See for yourself.
IIS7. A whole new management interface, clear and powerful. Though not intuitive, after learning how to use it, you'll find it clear and powerful. However as Windows Vista components tend to consume more memory, this component may also be the case. Use it only when necessary or when RAM is ample.
Dictation (speech recognition): a shiny new feature. Try it out yourself.
Windows Explorer. Its browsing UI has changed a lot. It uses dllhost.exe to host shell-extensions so that badly-written shell extensions won't crash Explorer.
Conclusion: I like Windows Vista in its kernel changes, but I don't quite like it in losing legacy support and large memory footprint even with the minimum configuration. I both like and dislike its "modern" features. The complexity may make even a geek's head ache.