JackWise
GF Ouro
- Entrou
- Set 25, 2006
- Mensagens
- 5,490
- Gostos Recebidos
- 0
Notable Changes in Windows Vista Service Pack 1
Microsoft continuously improves the Windows Vista® Operating System by providing ongoing updates while working with software and hardware vendors to help them to deliver improved compatibility, reliability and performance. These updates are provided to customers directly by our hardware and software partners, as well as from Microsoft in the form of hotfixes distributed on a regular basis using Windows Update. Updates to Windows are also delivered directly to some affected customers and preinstalled by PC manufacturers.
Windows Vista SP1 is an update to Windows Vista that, along with improvements delivered via these other channels, addresses feedback from our customers and partners. By providing these fixes integrated into a single service pack which will be thoroughly tested by Microsoft and by industry partners and customers during the beta cycle, Microsoft provides a single high quality update that minimizes deployment and testing complexity for customers.
In addition to all previously released updates, SP1 contains changes focused on addressing specific reliability and performance issues, supporting new types of hardware, and adding support for several emerging standards. SP1 also continues to make it easier for IT administrators to deploy and manage Windows Vista. Service Packs are not intended to be a vehicle for releasing significant new features or functionality; however some existing components do gain slightly enhanced functionality in SP1 to support industry standards and new requirements.
This document describes many of the notable changes in Windows Vista SP1. For additional information about the changes in SP1, please see the forthcoming Knowledge Base (KB) article 936332, which is a compendium of all prior KB articles documenting updates to Windows Vista. Many of these updates are already publicly available and have been released via the Microsoft Download Center or Windows Update. All of these updates are included in Windows Vista SP1. The full list of these updates can be read in Hotfixes and Security Updates included in Windows Vista Service Pack 1 .
Setup Prerequisites
Windows Vista SP1 requires two prerequisite packages to install; a third is required for versions of Windows Vista that are BitLocker(tm) Drive Encryption capable (Window Vista Enterprise and Windows Vista Ultimate).
* The first of the three prerequisite packages required for the service pack includes updates to the servicing stack-the component that handles installation and removal of software updates, language packs, and optional windows features. This update is necessary to successfully install and uninstall the service pack; it also improves the performance and reliability of the service pack installation.
* The second of the three prerequisite packages includes updates required to reliably install or uninstall the service pack.
* The third of the three prerequisite packages contains an update necessary for proper servicing of Windows BitLocker Drive Encryption capable PCs.
Service Pack 1 Size
In order to make the improvements detailed in this document, a large number of individual files and components have been updated for SP1. Also, the language-neutral design of Windows Vista necessitates that the service pack be able to update any possible combination of the basic languages supported by Windows Vista with a single installer, so language files for the 36 basic languages are included in the standalone installer.
These facts result in a large stand-alone package, which is the delivery vehicle typically used by system administrators. (See Table 1 below for an explanation of the different delivery mechanisms for Windows Vista SP1.) However, most home and small business users will receive SP1 via Windows Update, which utilizes an efficient transfer mechanism to download only the actual bytes changed, resulting in an approximately 65MB download. This is similar in size to many common software and driver updates delivered by other software vendors over the internet and will not be a problem for most customers.
Usage Download Size (x86)
Standalone Package
· PCs without internet access
· System administrators
About 450 MB (5 Language package)
About 550 MB (Full 36 language package)
Windows Update
· Most home users
· Many business customers
About 65 MB
Integrated DVD
· New PCs
· Fresh Windows installations
N/A
Table 1: Windows Vista SP1 Delivery Mechanisms
Hardware Ecosystem Support and Enhancements
* Adds support for new UEFI (Unified Extensible Firmware Interface) industry standard PC firmware for 64-bit systems with functional parity with legacy BIOS firmware, which allows Windows Vista SP1 to install to GPT format disks, boot and resume from hibernate using UEFI firmware.
* Adds support for x64 EFI network boot.
* Adds support for the 64-bit version of MSDASQL, which acts as a "bridge" from OLEDB to a variety of ODBC drivers thus simplifying application migration from 32-bit platforms to 64-bit Windows Vista.
* Adds support for Direct3D® 10.1, an update to Direct3D 10 that extends the API to support new hardware features, enabling 3D application and game developers to make more complete and efficient use of the upcoming generations of graphics hardware.
* Adds support for exFAT, a new file system supporting larger overall capacity and larger files, which will be used in Flash memory storage and consumer devices.
* Adds support for SD Advanced DMA (ADMA) on compliant SD standard host controllers. This new transfer mechanism, which is expected to be supported in SD controllers soon, will improve transfer performance and decrease CPU utilization.
* Adds support for creating a single DVD media that boots on PCs with either BIOS or EFI.
* Enhances support for high density drives by adding new icons and labels that will identify HD-DVD and Blu-ray Drives as high density drives.
* Adds support to enable new types of Windows Media Center Extenders, such as digital televisions and networked DVD players, to connect to Windows Media Center PCs.
* Enhances the MPEG-2 decoder to support content protection across a user accessible bus on Media Center systems configured with Digital Cable Tuner hardware. This also effectively enables higher levels of hardware decoder acceleration for commercial DVD playback on some hardware.
* Enhances Netproj.exe to temporarily resize the desktop to accommodate custom projector resolutions when connecting to Windows Network Projectors.
Application Compatibility Improvements
Since the release of Windows Vista, the ecosystem has made great progress and the number of applications that have the "Works with Windows Vista" and "Certified for Windows Vista" logos has grown to well over 2000.
Thanks to the rich instrumentation capability of Windows Vista, we are able to understand the type of problems that our customers are experiencing (while respecting their personal information and privacy preferences). We use this information to focus improvements in Windows Vista, but we also share this information with our software vendor partners to help improve the reliability and compatibility of 3rd party applications.
It is our goal that applications that run on the Windows Vista Operating System today and are written using public APIs will continue to work as designed on Windows Vista SP1.
Microsoft has already released several application compatibility updates which will allow more applications to work seamlessly for the end user. These will appear in SP1, but are also available via Windows Update. For more information on previous compatibility updates, please refer to http://support.microsoft.com/kb/935280/ . SP1 contains additional application compatibility fixes for individual applications.
Reliability Improvements
Reliability improvements vary from PC to PC based on hardware, environment, and usage. Customers will experience varying levels of benefit.
* SP1 addresses issues many of the most common causes of crashes and hangs in Windows Vista, as reported by Windows Error Reporting. These include issues relating to Windows Calendar, Windows Media Player, and a number of drivers included with Windows Vista.
* Improves reliability by preventing data-loss while ejecting NTFS-formatted removable-media.
* Improves reliability of IPSec connections over IPv6 by ensuring by ensuring that all Neighbor Discovery RFC traffic is IPsec exempted.
* Improves certain problem scenarios where a driver goes to sleep with incomplete packet transmissions by ensuring the driver is given enough time to transmit or discard any outstanding packets before going to sleep.
* Improves wireless ad-hoc connection (computer-to-computer wireless connections) success rate
* Improves the success of peer-to-peer connections, such as Windows Meeting Space or Remote Assistance applications, when both PCs are behind symmetric firewalls.
* Improves Windows Vista's built-in file backup solution to include EFS encrypted files in the backup.
* An improved SRT (Startup Repair Tool), which is part of the Windows Recovery environment (WinRE), can now fix PCs unbootable due to certain missing OS files.
* Users who did not opt-in to the Customer Experience Improvement Program (CEIP) will be prompted again to join after installing SP1. The experience will remain the same and the default will continue to be opt-out.
Performance and Power Consumption Improvements
Performance improvements vary from PC to PC based on hardware, environment, scenarios, and usage, so different customers will experience varying levels of benefits. About 20-25% of these improvements will be released separately via Windows update, prior to Windows Vista SP1.
* Improves the performance of browsing network file shares by consuming less bandwidth.
* Improves power consumption when the display is not changing by allowing the processor to remain in its sleep state which consumes less energy.
* Addresses the problem of the Video chipset (VSync interrupt) not allowing the system to stay asleep.
* Improves power consumption and battery life by addressing an issue that causes a hard disk to continue spinning when it should spin down, in certain circumstances.
* Improves the speed of adding and extracting files to and from a compressed (zipped) folder.
* Significantly improves the speed of moving a directory with many files underneath.
* Improves performance while copying files using BITS (Background Intelligent Transfer Service).
* Improves performance over Windows Vista's current performance across the following scenarios:
* 25% faster when copying files locally on the same disk on the same machine
* 45% faster when copying files from a remote non-Windows Vista system to a SP1 system
* 50% faster when copying files from a remote SP1 system to a local SP1 system
* Improves responsiveness when doing many kinds of file or media manipulations. For example, with Windows Vista today, copying files after deleting a different set of files can make the copy operation take longer than needed. In SP1, the file copy time is the same as if no files were initially deleted.
* Improves the copy progress estimation when copying files within Windows Explorer to about two seconds.
* Improves the time to read large images by approximately 50%.
* Improves IE performance on certain Jscript intensive websites, bringing performance in line with previous IE releases.
* Addresses a problem that caused a delay of up to 5 minutes after boot with specific ReadyDrive capable hard drives.
* Improves the effectiveness of a Windows ReadyBoost(tm) device in reducing the time to resume from standby and hibernate by increasing the amount of data stored in the ReadyBoost device that can be used during a resume cycle.
* Includes improvements to Windows Superfetch(tm) that help to further improve resume times, in many environments.
* In specific scenarios, SP1 reduces the shutdown time by a few seconds by improving the Windows Vista utility designed to sync a mobile device.
* Improves the time to resume from standby for a certain class of USB Hubs by approximately 18%.
* Improves network connection scenarios by updating the logic that auto selects which network interface to use (e.g., should a laptop use wireless or wired networking when both are available).
* Improves the performance of the user login experience on corporate PCs outside of corporate environments (e.g., a corporate laptop taken home for the evening), making it comparable with PCs within the corporate environment.
* Reduces the time it takes to return to the user's session when using the Photo screensaver, making it comparable to other screensavers.
* Removes the delay that sometimes occurs when a user unlocks their PC.
* Improves overall media performance by reducing many glitches.
* In SP1, PC administrators are able to modify the network throttling index value for the MMCSS (Multimedia Class Scheduling Service), allowing them to determine the appropriate balance between network performance and audio/video playback quality.
* Windows Vista SP1 includes a new compression algorithm for the RDP (Remote Desktop Protocol) that helps reduce network bandwidth required to send bitmaps or images via RDP. The compression, which can be selected by administrators via Group Policy settings, is transparent to all RDP traffic, and typically reduces the size of the RDP stream by as much as 25-60%, based on preliminary test results.
* The Windows Vista SP1 install process clears the user-specific data that is used by Windows to optimize performance, which may make the system feel less responsive immediately after install. As the customer uses their SP1 PC, the system will be retrained over the course of a few hours or days and will return to the previous level of responsiveness.
* SP1 addresses a number of customer performance concerns with new print driver technologies, including XPS-based printing.
Security Improvements
* Windows Vista SP1 includes all previously released Security Bulletin fixes which affect Windows Vista.
* SP1 includes Secure Development Lifecycle process updates, where Microsoft identifies the root cause of each security bulletin and improves our internal tools to eliminate code patterns that could lead to future vulnerabilities.
* Service Pack 1 includes supported APIs by which third-party security and malicious software detection applications can work alongside Kernel Patch Protection on 64-bit versions of Windows Vista. These APIs have been designed to help security and non-security ISVs develop software that extends the functionality of the Windows kernel on 64-bit systems, in a documented and supported manner, and without disabling or weakening the protection offered by Kernel Patch Protection.
* Improves the security of running RemoteApp(tm) programs and desktops by allowing RDP files to be signed. Administrators now have the control to differentiate the user experience based on the publisher's identity.
* Data Execution Protection (DEP) is a memory-protection feature available beginning with Windows XP and Server 2003. SP1 improves security with a new set of Win32 APIs to allow programmatic control over a process's DEP policy. This will provide application developers with finer control on a process's DEP settings for security, testability, compatibility, and reliability.
* Improves the trustworthiness of data presented in Windows Security Center (WSC) by ensuring that only authenticated security applications can communicate with WSC.
* Improves security on wired networks by enabling single sign on (SSO) for authenticated wired networks. The single sign on experience presents the user with a single point of credential entry rather than being double prompted for local and network logon.
* For customers upgrading from Windows XP to Windows Vista SP1, the MSRT (Malicious Software Removal Tool) will not run as part of the upgrade. Rather the up-to-date MSRT offered monthly by Windows Update will help protect PCs.
* The cryptographic random number generation is improved to gather seed entropy from more sources, including a Trusted Platform Module (TPM) when available, and replaces the general purpose pseudo-random number generator (PRNG) with an AES-256 counter mode PRNG for both user and kernel mode.
* Improves security in smart card scenarios:
* Introduction of a new PIN channel to securely collect smart card PINs via a PC. This new capability mitigates a number of attacks that today would require using an external PIN reader to prevent.
* Enables smart cards that use biometric authentication instead of a PIN.
* Improves security over Teredo interface by blocking unsolicited traffic by default. This has already been addressed in a Security Update for Windows Vista (KB935807).
* Improves BitLocker Drive Encryption by offering an additional multi-factor authentication method that combines a key protected by the TPM (Trusted Platform Module) with a Startup Key stored on a USB storage device and a user-generated Personal Identification Number (PIN).
* Enhances the BitLocker encryption support to volumes other than bootable volumes in Windows Vista (for Enterprise and Ultimate SKUs).
* Improves the OCSP (Online Certificate Status Protocol) implementation such that it can be configured to work with OCSP responses that are signed by trusted OCSP signers, separate from the issuer of the certificate being validated.
* Enables a standard user to invoke the CompletePC Backup application, provided that user can supply administrator credentials. Previously, only administrators could launch the application.
* The Remote Desktop client in Windows Vista SP1 provides user interface improvements for user and server authentication. The RDP client streamlines the multiple steps end users must follow to providing their credentials to Windows Server 2003 (or earlier) Terminal Servers, and simplifies the management of previously saved credentials.
Microsoft continuously improves the Windows Vista® Operating System by providing ongoing updates while working with software and hardware vendors to help them to deliver improved compatibility, reliability and performance. These updates are provided to customers directly by our hardware and software partners, as well as from Microsoft in the form of hotfixes distributed on a regular basis using Windows Update. Updates to Windows are also delivered directly to some affected customers and preinstalled by PC manufacturers.
Windows Vista SP1 is an update to Windows Vista that, along with improvements delivered via these other channels, addresses feedback from our customers and partners. By providing these fixes integrated into a single service pack which will be thoroughly tested by Microsoft and by industry partners and customers during the beta cycle, Microsoft provides a single high quality update that minimizes deployment and testing complexity for customers.
In addition to all previously released updates, SP1 contains changes focused on addressing specific reliability and performance issues, supporting new types of hardware, and adding support for several emerging standards. SP1 also continues to make it easier for IT administrators to deploy and manage Windows Vista. Service Packs are not intended to be a vehicle for releasing significant new features or functionality; however some existing components do gain slightly enhanced functionality in SP1 to support industry standards and new requirements.
This document describes many of the notable changes in Windows Vista SP1. For additional information about the changes in SP1, please see the forthcoming Knowledge Base (KB) article 936332, which is a compendium of all prior KB articles documenting updates to Windows Vista. Many of these updates are already publicly available and have been released via the Microsoft Download Center or Windows Update. All of these updates are included in Windows Vista SP1. The full list of these updates can be read in Hotfixes and Security Updates included in Windows Vista Service Pack 1 .
Setup Prerequisites
Windows Vista SP1 requires two prerequisite packages to install; a third is required for versions of Windows Vista that are BitLocker(tm) Drive Encryption capable (Window Vista Enterprise and Windows Vista Ultimate).
* The first of the three prerequisite packages required for the service pack includes updates to the servicing stack-the component that handles installation and removal of software updates, language packs, and optional windows features. This update is necessary to successfully install and uninstall the service pack; it also improves the performance and reliability of the service pack installation.
* The second of the three prerequisite packages includes updates required to reliably install or uninstall the service pack.
* The third of the three prerequisite packages contains an update necessary for proper servicing of Windows BitLocker Drive Encryption capable PCs.
Service Pack 1 Size
In order to make the improvements detailed in this document, a large number of individual files and components have been updated for SP1. Also, the language-neutral design of Windows Vista necessitates that the service pack be able to update any possible combination of the basic languages supported by Windows Vista with a single installer, so language files for the 36 basic languages are included in the standalone installer.
These facts result in a large stand-alone package, which is the delivery vehicle typically used by system administrators. (See Table 1 below for an explanation of the different delivery mechanisms for Windows Vista SP1.) However, most home and small business users will receive SP1 via Windows Update, which utilizes an efficient transfer mechanism to download only the actual bytes changed, resulting in an approximately 65MB download. This is similar in size to many common software and driver updates delivered by other software vendors over the internet and will not be a problem for most customers.
Usage Download Size (x86)
Standalone Package
· PCs without internet access
· System administrators
About 450 MB (5 Language package)
About 550 MB (Full 36 language package)
Windows Update
· Most home users
· Many business customers
About 65 MB
Integrated DVD
· New PCs
· Fresh Windows installations
N/A
Table 1: Windows Vista SP1 Delivery Mechanisms
Hardware Ecosystem Support and Enhancements
* Adds support for new UEFI (Unified Extensible Firmware Interface) industry standard PC firmware for 64-bit systems with functional parity with legacy BIOS firmware, which allows Windows Vista SP1 to install to GPT format disks, boot and resume from hibernate using UEFI firmware.
* Adds support for x64 EFI network boot.
* Adds support for the 64-bit version of MSDASQL, which acts as a "bridge" from OLEDB to a variety of ODBC drivers thus simplifying application migration from 32-bit platforms to 64-bit Windows Vista.
* Adds support for Direct3D® 10.1, an update to Direct3D 10 that extends the API to support new hardware features, enabling 3D application and game developers to make more complete and efficient use of the upcoming generations of graphics hardware.
* Adds support for exFAT, a new file system supporting larger overall capacity and larger files, which will be used in Flash memory storage and consumer devices.
* Adds support for SD Advanced DMA (ADMA) on compliant SD standard host controllers. This new transfer mechanism, which is expected to be supported in SD controllers soon, will improve transfer performance and decrease CPU utilization.
* Adds support for creating a single DVD media that boots on PCs with either BIOS or EFI.
* Enhances support for high density drives by adding new icons and labels that will identify HD-DVD and Blu-ray Drives as high density drives.
* Adds support to enable new types of Windows Media Center Extenders, such as digital televisions and networked DVD players, to connect to Windows Media Center PCs.
* Enhances the MPEG-2 decoder to support content protection across a user accessible bus on Media Center systems configured with Digital Cable Tuner hardware. This also effectively enables higher levels of hardware decoder acceleration for commercial DVD playback on some hardware.
* Enhances Netproj.exe to temporarily resize the desktop to accommodate custom projector resolutions when connecting to Windows Network Projectors.
Application Compatibility Improvements
Since the release of Windows Vista, the ecosystem has made great progress and the number of applications that have the "Works with Windows Vista" and "Certified for Windows Vista" logos has grown to well over 2000.
Thanks to the rich instrumentation capability of Windows Vista, we are able to understand the type of problems that our customers are experiencing (while respecting their personal information and privacy preferences). We use this information to focus improvements in Windows Vista, but we also share this information with our software vendor partners to help improve the reliability and compatibility of 3rd party applications.
It is our goal that applications that run on the Windows Vista Operating System today and are written using public APIs will continue to work as designed on Windows Vista SP1.
Microsoft has already released several application compatibility updates which will allow more applications to work seamlessly for the end user. These will appear in SP1, but are also available via Windows Update. For more information on previous compatibility updates, please refer to http://support.microsoft.com/kb/935280/ . SP1 contains additional application compatibility fixes for individual applications.
Reliability Improvements
Reliability improvements vary from PC to PC based on hardware, environment, and usage. Customers will experience varying levels of benefit.
* SP1 addresses issues many of the most common causes of crashes and hangs in Windows Vista, as reported by Windows Error Reporting. These include issues relating to Windows Calendar, Windows Media Player, and a number of drivers included with Windows Vista.
* Improves reliability by preventing data-loss while ejecting NTFS-formatted removable-media.
* Improves reliability of IPSec connections over IPv6 by ensuring by ensuring that all Neighbor Discovery RFC traffic is IPsec exempted.
* Improves certain problem scenarios where a driver goes to sleep with incomplete packet transmissions by ensuring the driver is given enough time to transmit or discard any outstanding packets before going to sleep.
* Improves wireless ad-hoc connection (computer-to-computer wireless connections) success rate
* Improves the success of peer-to-peer connections, such as Windows Meeting Space or Remote Assistance applications, when both PCs are behind symmetric firewalls.
* Improves Windows Vista's built-in file backup solution to include EFS encrypted files in the backup.
* An improved SRT (Startup Repair Tool), which is part of the Windows Recovery environment (WinRE), can now fix PCs unbootable due to certain missing OS files.
* Users who did not opt-in to the Customer Experience Improvement Program (CEIP) will be prompted again to join after installing SP1. The experience will remain the same and the default will continue to be opt-out.
Performance and Power Consumption Improvements
Performance improvements vary from PC to PC based on hardware, environment, scenarios, and usage, so different customers will experience varying levels of benefits. About 20-25% of these improvements will be released separately via Windows update, prior to Windows Vista SP1.
* Improves the performance of browsing network file shares by consuming less bandwidth.
* Improves power consumption when the display is not changing by allowing the processor to remain in its sleep state which consumes less energy.
* Addresses the problem of the Video chipset (VSync interrupt) not allowing the system to stay asleep.
* Improves power consumption and battery life by addressing an issue that causes a hard disk to continue spinning when it should spin down, in certain circumstances.
* Improves the speed of adding and extracting files to and from a compressed (zipped) folder.
* Significantly improves the speed of moving a directory with many files underneath.
* Improves performance while copying files using BITS (Background Intelligent Transfer Service).
* Improves performance over Windows Vista's current performance across the following scenarios:
* 25% faster when copying files locally on the same disk on the same machine
* 45% faster when copying files from a remote non-Windows Vista system to a SP1 system
* 50% faster when copying files from a remote SP1 system to a local SP1 system
* Improves responsiveness when doing many kinds of file or media manipulations. For example, with Windows Vista today, copying files after deleting a different set of files can make the copy operation take longer than needed. In SP1, the file copy time is the same as if no files were initially deleted.
* Improves the copy progress estimation when copying files within Windows Explorer to about two seconds.
* Improves the time to read large images by approximately 50%.
* Improves IE performance on certain Jscript intensive websites, bringing performance in line with previous IE releases.
* Addresses a problem that caused a delay of up to 5 minutes after boot with specific ReadyDrive capable hard drives.
* Improves the effectiveness of a Windows ReadyBoost(tm) device in reducing the time to resume from standby and hibernate by increasing the amount of data stored in the ReadyBoost device that can be used during a resume cycle.
* Includes improvements to Windows Superfetch(tm) that help to further improve resume times, in many environments.
* In specific scenarios, SP1 reduces the shutdown time by a few seconds by improving the Windows Vista utility designed to sync a mobile device.
* Improves the time to resume from standby for a certain class of USB Hubs by approximately 18%.
* Improves network connection scenarios by updating the logic that auto selects which network interface to use (e.g., should a laptop use wireless or wired networking when both are available).
* Improves the performance of the user login experience on corporate PCs outside of corporate environments (e.g., a corporate laptop taken home for the evening), making it comparable with PCs within the corporate environment.
* Reduces the time it takes to return to the user's session when using the Photo screensaver, making it comparable to other screensavers.
* Removes the delay that sometimes occurs when a user unlocks their PC.
* Improves overall media performance by reducing many glitches.
* In SP1, PC administrators are able to modify the network throttling index value for the MMCSS (Multimedia Class Scheduling Service), allowing them to determine the appropriate balance between network performance and audio/video playback quality.
* Windows Vista SP1 includes a new compression algorithm for the RDP (Remote Desktop Protocol) that helps reduce network bandwidth required to send bitmaps or images via RDP. The compression, which can be selected by administrators via Group Policy settings, is transparent to all RDP traffic, and typically reduces the size of the RDP stream by as much as 25-60%, based on preliminary test results.
* The Windows Vista SP1 install process clears the user-specific data that is used by Windows to optimize performance, which may make the system feel less responsive immediately after install. As the customer uses their SP1 PC, the system will be retrained over the course of a few hours or days and will return to the previous level of responsiveness.
* SP1 addresses a number of customer performance concerns with new print driver technologies, including XPS-based printing.
Security Improvements
* Windows Vista SP1 includes all previously released Security Bulletin fixes which affect Windows Vista.
* SP1 includes Secure Development Lifecycle process updates, where Microsoft identifies the root cause of each security bulletin and improves our internal tools to eliminate code patterns that could lead to future vulnerabilities.
* Service Pack 1 includes supported APIs by which third-party security and malicious software detection applications can work alongside Kernel Patch Protection on 64-bit versions of Windows Vista. These APIs have been designed to help security and non-security ISVs develop software that extends the functionality of the Windows kernel on 64-bit systems, in a documented and supported manner, and without disabling or weakening the protection offered by Kernel Patch Protection.
* Improves the security of running RemoteApp(tm) programs and desktops by allowing RDP files to be signed. Administrators now have the control to differentiate the user experience based on the publisher's identity.
* Data Execution Protection (DEP) is a memory-protection feature available beginning with Windows XP and Server 2003. SP1 improves security with a new set of Win32 APIs to allow programmatic control over a process's DEP policy. This will provide application developers with finer control on a process's DEP settings for security, testability, compatibility, and reliability.
* Improves the trustworthiness of data presented in Windows Security Center (WSC) by ensuring that only authenticated security applications can communicate with WSC.
* Improves security on wired networks by enabling single sign on (SSO) for authenticated wired networks. The single sign on experience presents the user with a single point of credential entry rather than being double prompted for local and network logon.
* For customers upgrading from Windows XP to Windows Vista SP1, the MSRT (Malicious Software Removal Tool) will not run as part of the upgrade. Rather the up-to-date MSRT offered monthly by Windows Update will help protect PCs.
* The cryptographic random number generation is improved to gather seed entropy from more sources, including a Trusted Platform Module (TPM) when available, and replaces the general purpose pseudo-random number generator (PRNG) with an AES-256 counter mode PRNG for both user and kernel mode.
* Improves security in smart card scenarios:
* Introduction of a new PIN channel to securely collect smart card PINs via a PC. This new capability mitigates a number of attacks that today would require using an external PIN reader to prevent.
* Enables smart cards that use biometric authentication instead of a PIN.
* Improves security over Teredo interface by blocking unsolicited traffic by default. This has already been addressed in a Security Update for Windows Vista (KB935807).
* Improves BitLocker Drive Encryption by offering an additional multi-factor authentication method that combines a key protected by the TPM (Trusted Platform Module) with a Startup Key stored on a USB storage device and a user-generated Personal Identification Number (PIN).
* Enhances the BitLocker encryption support to volumes other than bootable volumes in Windows Vista (for Enterprise and Ultimate SKUs).
* Improves the OCSP (Online Certificate Status Protocol) implementation such that it can be configured to work with OCSP responses that are signed by trusted OCSP signers, separate from the issuer of the certificate being validated.
* Enables a standard user to invoke the CompletePC Backup application, provided that user can supply administrator credentials. Previously, only administrators could launch the application.
* The Remote Desktop client in Windows Vista SP1 provides user interface improvements for user and server authentication. The RDP client streamlines the multiple steps end users must follow to providing their credentials to Windows Server 2003 (or earlier) Terminal Servers, and simplifies the management of previously saved credentials.