Leading up to next week’s public beta-test release of Windows Vista Service Pack 1 Release Candidate, Microsoft today has published a 17-page document outlining in fine detail exactly what difference SP1 makes to Vista.
Some of the contents has been shared in bits in the past, but this is so far the most comprehensive “changelog” we’ve ever seen and probably will see as the final version is not expected to differ much from the RC, with the exception of WGA modifications as described below. I’ve highlighted some of the most interesting changes which you may or may not already know.
This document describes many of the notable changes in Windows Vista SP1, with the exception of some updates to the Windows Genuine Advantage experience which we are still developing for our customers and will be released in a later build.
Hardware Ecosystem Support and Enhancements
- Adds support for new UEFI (Unified Extensible Firmware Interface) industry standard PC firmware for 64-bit systems with functional parity with legacy BIOS firmware, which allows Windows Vista SP1 to install to GPT format disks, boot and resume from hibernate using UEFI firmware.
- Adds support for x64 EFI network boot.
- Adds support for the 64-bit version of MSDASQL, which acts as a “bridge” from OLEDB to a variety of ODBC drivers thus simplifying application migration from 32-bit platforms to 64-bit Windows Vista.
- Adds support for Direct3D® 10.1, an update to Direct3D 10 that extends the API to support new hardware features, enabling 3D application and game developers to make more complete and efficient use of the upcoming generations of graphics hardware.
- Adds support for exFAT, a new file system supporting larger overall capacity and larger files, which will be used in Flash memory storage and consumer devices.
- Adds support for SD Advanced DMA (ADMA) on compliant SD standard host controllers. This new transfer mechanism, which is expected to be supported in SD controllers soon, will improve transfer performance and decrease CPU utilization.
- Adds support for creating a single DVD media that boots on PCs with either BIOS or EFI.
- Enhances support for high density drives by adding new icons and labels that will identify HD-DVD and Blu-ray Drives as high density drives.
- Adds support to enable new types of Windows Media Center Extenders, such as digital televisions and networked DVD players, to connect to Windows Media Center PCs.
- Enhances the MPEG-2 decoder to support content protection across a user accessible bus on Media Center systems configured with Digital Cable Tuner hardware. This also effectively enables higher levels of hardware decoder acceleration for commercial DVD playback on some hardware.
- Enhances Netproj.exe to temporarily resize the desktop to accommodate custom projector resolutions when connecting to Windows Network Projectors.
Reliability improvements vary from PC to PC based on hardware, environment, and usage. Customers will experience varying levels of benefit.
- SP1 addresses issues many of the most common causes of crashes and hangs in Windows Vista, as reported by Windows Error Reporting. These include issues relating to Windows Calendar, Windows Media Player, and a number of drivers included with Windows Vista.
- Improves reliability by preventing data-loss while ejecting NTFS-formatted removable-media.
- Improves reliability of IPSec connections over IPv6 by ensuring by ensuring that all Neighbor Discovery RFC traffic is IPsec exempted.
- Improves certain problem scenarios where a driver goes to sleep with incomplete packet transmissions by ensuring the driver is given enough time to transmit or discard any outstanding packets before going to sleep.
- Improves wireless ad-hoc connection (computer-to-computer wireless connections) success rate
- Improves the success of peer-to-peer connections, such as Windows Meeting Space or Remote Assistance applications, when both PCs are behind symmetric firewalls.
- Improves Windows Vista’s built-in file backup solution to include EFS encrypted files in the backup.
- An improved SRT (Startup Repair Tool), which is part of the Windows Recovery environment (WinRE), can now fix PCs unbootable due to certain missing OS files.
- Users who did not opt-in to the Customer Experience Improvement Program (CEIP) will be prompted again to join after installing SP1. The experience will remain the same and the default will continue to be opt-out.
Performance and Power Consumption Improvements
Performance improvements vary from PC to PC based on hardware, environment, scenarios, and usage, so different customers will experience varying levels of benefits. About 20-25% of these improvements will be released separately via Windows update, prior to Windows Vista SP1.
- Improves the performance of browsing network file shares by consuming less bandwidth.
- Improves power consumption when the display is not changing by allowing the processor to remain in its sleep state which consumes less energy.
- Addresses the problem of the Video chipset (VSync interrupt) not allowing the system to stay asleep.
- Improves power consumption and battery life by addressing an issue that causes a hard disk to continue spinning when it should spin down, in certain circumstances.
- Improves the speed of adding and extracting files to and from a compressed (zipped) folder.
- Significantly improves the speed of moving a directory with many files underneath.
- Improves performance while copying files using BITS (Background Intelligent Transfer Service).
- Improves performance over Windows Vista’s current performance across the following scenarios:
- 25% faster when copying files locally on the same disk on the same machine
- 45% faster when copying files from a remote non-Windows Vista system to a SP1 system
- 50% faster when copying files from a remote SP1 system to a local SP1 system
- Improves responsiveness when doing many kinds of file or media manipulations. For example, with Windows Vista today, copying files after deleting a different set of files can make the copy operation take longer than needed. In SP1, the file copy time is the same as if no files were initially deleted.
- Improves the copy progress estimation when copying files within Windows Explorer to about two seconds.
- Improves the time to read large images by approximately 50%.
- Improves IE performance on certain Jscript intensive websites, bringing performance in line with previous IE releases.
- Addresses a problem that caused a delay of up to 5 minutes after boot with specific ReadyDrive capable hard drives.
- Improves the effectiveness of a Windows ReadyBoost™ device in reducing the time to resume from standby and hibernate by increasing the amount of data stored in the ReadyBoost device that can be used during a resume cycle.
- Includes improvements to Windows Superfetch™ that help to further improve resume times, in many environments.
- In specific scenarios, SP1 reduces the shutdown time by a few seconds by improving the Windows Vista utility designed to sync a mobile device.
- Improves the time to resume from standby for a certain class of USB Hubs by approximately 18%.
- Improves network connection scenarios by updating the logic that auto selects which network interface to use (e.g., should a laptop use wireless or wired networking when both are available).
- Improves the performance of the user login experience on corporate PCs outside of corporate environments (e.g., a corporate laptop taken home for the evening), making it comparable with PCs within the corporate environment.
- Reduces the time it takes to return to the user’s session when using the Photo screensaver, making it comparable to other screensavers.
- Removes the delay that sometimes occurs when a user unlocks their PC.
- Improves overall media performance by reducing many glitches.
- In SP1, PC administrators are able to modify the network throttling index value for the MMCSS (Multimedia Class Scheduling Service), allowing them to determine the appropriate balance between network performance and audio/video playback quality.
- Windows Vista SP1 includes a new compression algorithm for the RDP (Remote Desktop Protocol) that helps reduce network bandwidth required to send bitmaps or images via RDP. The compression, which can be selected by administrators via Group Policy settings, is transparent to all RDP traffic, and typically reduces the size of the RDP stream by as much as 25-60%, based on preliminary test results.
- The Windows Vista SP1 install process clears the user-specific data that is used by Windows to optimize performance, which may make the system feel less responsive immediately after install. As the customer uses their SP1 PC, the system will be retrained over the course of a few hours or days and will return to the previous level of responsiveness.
- SP1 addresses a number of customer performance concerns with new print driver technologies, including XPS-based printing.
- Windows Vista SP1 includes all previously released Security Bulletin fixes which affect Windows Vista.
- SP1 includes Secure Development Lifecycle process updates, where Microsoft identifies the root cause of each security bulletin and improves our internal tools to eliminate code patterns that could lead to future vulnerabilities.
- Service Pack 1 includes supported APIs by which third-party security and malicious software detection applications can work alongside Kernel Patch Protection on 64-bit versions of Windows Vista. These APIs have been designed to help security and non-security ISVs develop software that extends the functionality of the Windows kernel on 64-bit systems, in a documented and supported manner, and without disabling or weakening the protection offered by Kernel Patch Protection.
- Improves the security of running RemoteApp™ programs and desktops by allowing RDP files to be signed. Administrators now have the control to differentiate the user experience based on the publisher’s identity.
- Data Execution Protection (DEP) is a memory-protection feature available beginning with Windows XP and Server 2003. SP1 improves security with a new set of Win32 APIs to allow programmatic control over a process’s DEP policy. This will provide application developers with finer control on a process’s DEP settings for security, testability, compatibility, and reliability.
- Improves the trustworthiness of data presented in Windows Security Center (WSC) by ensuring that only authenticated security applications can communicate with WSC.
- Improves security on wired networks by enabling single sign on (SSO) for authenticated wired networks. The single sign on experience presents the user with a single point of credential entry rather than being double prompted for local and network logon.
- For customers upgrading from Windows XP to Windows Vista SP1, the MSRT (Malicious Software Removal Tool) will not run as part of the upgrade. Rather the up-to-date MSRT offered monthly by Windows Update will help protect PCs. The cryptographic random number generation is improved to gather seed entropy from more sources, including a Trusted Platform Module (TPM) when available, and replaces the general purpose pseudo-random number generator (PRNG) with an AES-256 counter mode PRNG for both user and kernel mode.
- Improves security in smart card scenarios: o Introduction of a new PIN channel to securely collect smart card PINs via a PC. This new capability mitigates a number of attacks that today would require using an external PIN reader to prevent. o Enables smart cards that use biometric authentication instead of a PIN.
- Improves security over Teredo interface by blocking unsolicited traffic by default. This has already been addressed in a Security Update for Windows Vista (KB935807).
- Improves BitLocker Drive Encryption by offering an additional multi-factor authentication method that combines a key protected by the TPM (Trusted Platform Module) with a Startup Key stored on a USB storage device and a user-generated Personal Identification Number (PIN).
- Enhanced the BitLocker encryption support to volumes other than bootable volumes in Windows Vista (for Enterprise and Ultimate SKUs).
- Improves the OCSP (Online Certificate Status Protocol) implementation such that it can be configured to work with OCSP responses that are signed by trusted OCSP signers, separate from the issuer of the certificate being validated.
- Enables a standard user to invoke the CompletePC Backup application, provided that user can supply administrator credentials. Previously, only administrators could launch the application.
- The Remote Desktop client in Windows Vista SP1 provides user interface improvements for user and server authentication. The RDP client streamlines the multiple steps end users must follow to providing their credentials to Windows Server 2003 (or earlier) Terminal Servers, and simplifies the management of previously saved credentials.
Support for New Technologies and Standards
- Adds support for new strong cryptographic algorithms used in IPsec. SHA-256, AES-GCM, and AES-GMAC for ESP and AH, ECDSA, SHA-256, and SHA-384 for IKE and AuthIP.
- Adds the NIST SP 800-90 Elliptical Curve Cryptography (ECC) pseudo-random number generator (PRNG) to the list of available PRNG in Windows Vista.
- Adds support for SSTP (Secure Sockets Tunnel Protocol), a remote access VPN tunneling protocol that will be part of Microsoft’s RRAS (Routing and Remote Access Service) platform. SSTP helps provide full-network VPN remote access connections over SSL, removing some of the VPN connectivity challenges that other VPN tunnels face traversing NAT, web proxies, and firewalls.
- Adds full support for the latest IEEE draft of 802.11n wireless networking.
- Adds support for obtaining identity and invoke identity UI from an inner method via a new EAPHost runtime API as well as a configuration UI for tunnel methods. These APIs are useful for developers working on tunneling/multi-phased EAP authentication methods as well as those who implement networking supplicants which consume EAP authentications.
- Adds support for Windows Smartcard Framework to enable compliance with the EU
- Digital Signature Directive and National ID / eID.
- Adds support for the Parental Controls Games Restrictions for ratings from the Korean Game Rating Board (GRB).
- Enhances TCP Chimney network card support so that a TCP Chimney network card can also support Compound TCP.
- Adds support in the Wireless Client for a new FIPS (Federal Information Processing) compliant mode. This mode is FIPS 140-2 compliant because it moves the cryptographic processing from the wireless network card to an existing FIPS-approved cryptographic library.
- Enhances Windows Firewall and IPsec to use the new cryptographic algorithms that are Suite B compliant.
- Updated drivers are delivered primarily via Windows Update and directly from hardware vendors, not as part of a service pack. However, a small number of critical drivers are included as part of Windows Vista (e.g., display drivers, audio drivers) and some of these have been updated.
Desktop Administration and Management
- Allows users and administrators to control which volumes the disk defragmenter runs on.
- Allows users and administrators using Network Diagnostics to solve the most common file sharing problems, not just network connection problems.
- Enables polling of RMS server at regular intervals to identify new templates and download them to the local template store. Previously these templates were pushed to clients via a combination of Group Policy and scripting. Additionally SP1 provides an API for applications to query and access template in the template store.
- Windows Vista SP1 includes a new Security Policy (UAC: Allow UAccess), which allows applications to prompt for elevation without using the secure desktop. This allows a remote helper to enter administrative credentials during a Remote Assistance session.
- Allows administrators to configure NAP Clients to: Receive updates from Windows Update or Microsoft Update, in addition to WSUS (Windows Server Update Services), as is the case for Windows Vista today. Define the time a client has to retrieve and submit Statements of Health. This allows the NAP client to respond in time when a particular connection has a timeout requirement. Use DNS server records to discover health registration authority (HRA) servers when there are no HRA’s configured through local configuration or group policy.
- Allow healthy clients used by the Help Desk to establish IPSec connections to unhealthy machines to help resolve problems. This improves the supportability of NAP by allowing Help Desk technicians with health compliant machines to establish connections (e.g. remote desktop, file share) to help resolve issues.
- Allows administrators to add a WSD (Web Services for Devices) Print Device to remote Windows Vista or Windows Server 2008 machines. This can be accomplished by using the Print Management Console.
- Allows the administrators to use a new admin flag to allow WMI scripted enumeration of all contents in the CSC cache. This will enhance WMI scripted administration for offline folders in Windows Vista. Previously this was available only through the COM API.
- Improves printing to local printers from within a Terminal Server session. Allows users to rename or delete folders while working offline with redirected folders. This functionality is important to users that use Folder Redirection and work in offline mode for extended periods of time. This functionality is disabled by default but can be enabled by enabling a registry setting.
- Enhances the existing Vista EAPHost service by including an EAP (Extensible Authentication Protocol) Certification Program (ECP) Detection Mechanism. This mechanism makes delivery of EAP Methods submitted to the ECP available through Windows Update.
- Adds a WMI interface as a replacement for the MoveUser.exe tool which was removed from Windows Vista. This allows customers to remap an existing workgroup or domain user account profile to a new domain user account profile.
- Allows an administrator to configure properties of a network, such as the name, and deploy it network-wide via a Group Policy snap-in.
- Allows KMS (Key Management Service) to run within a Virtual Machine environment.
Setup and Deployment Improvements
- Enables global organizations to more easily deploy SP1 in a multi-lingual environment, as SP1 includes all 36 language packs. However, this change contributes to the increased size of the standalone package.
- Enables users to get updated Help content via a separate downloadable package. This package will be released around SP1 release.
- Enables support for hotpatching, a reboot-reduction servicing technology designed to maximize uptime. It works by allowing Windows components to be updated (or "patched") while they are still in use by a running process. Hotpatch-enabled update packages are installed via the same methods as traditional update packages, and will not trigger a system reboot.
- Improves migration and upgrade scenarios relating to the component that allows alternate text input “modalities” like speech, handwriting, and multi-byte character input editors in applications that were not written specifically to support them.
- Improves OS deployment by enabling 64-bit versions of Windows Vista to be installed from a 32-bit OS. This will allow IT professionals to maintain just a single WinPE image.
- Improves OS deployment by supporting the installation of offline boot critical storage drivers. WinPE will automatically look to a hidden partition for drivers. It will search that partition recursively, and if boot critical drivers are present they will be loaded. Non-boot critical drivers will be picked up and staged, but not loaded prior to the OS coming online.
- Improves patch deployment by retrying failed updates in cases where multiple updates are pending and the failure of one update causes other updates to fail as well.
- Enables reliable OS installation by optimizing OS installers so that they are run only when required during patch installation. Fewer installers operating results in fewer points of potential failure during installation, which leads to more robust and reliable installation.
- Improves overall install time for updates by optimizing the query for installed OS updates.
- Improves robustness during the patch installation by being resilient to transient errors such as sharing violations or access violations.
- Improves robustness of transient failures during the disk cleanup of old OS files after install.
- Improves the uninstallation experience for OS updates by improving the uninstallation routines in custom OS installation code.
- Improves reliability of OS updates by making them more resilient to unexpected interruptions, such as power failure.
- Improved instrumentation allows additional data to be sent to Microsoft via the CEIP (Customer Experience Improvement Program) when enabled. This telemetry data led to the identification of numerous issues that are addressed in SP1 and resulted in improvement in the reliability of OS servicing. (CEIP is respectful of personally identifiable information and adheres to terms discussed in the EULA.)
- After the SP1 version of the OPK (OEM pre-installation kit) is installed, further OPK updates will not be required if a servicing stack update is issued. (The servicing stack is the underlying set of binaries used to update the system). Post SP1, offline images may be updated using the servicing stack binaries contained in the image rather than the servicing stack binaries in the OPK.
- SP1 exposes Ideal Send Backlog (ISB) information to Winsock2 clients to enable better throughput over high bandwidth, high latency links when communicating with Windows Server 2008. Applications that are modified to use the new ISB info will provide better throughput when sending large amounts of data over such links to other Windows Vista or Windows Server 2008 machines. Applications not modified to take advantage of this change will function as before.
- SP1 includes throughput improvements to Send in TransmitFile/TransmitPackets and ftp.exe, when communicating with Windows Server 2008 over high bandwidth, high latency links. Ftp.exe and other applications using TransmitFile/TransmitPackets on Windows Vista SP1 will achieve better throughput when sending files over such links to other Windows Vista or Windows Server 2008 machines.
Feature or API Changes
- GPMC (Group Policy Management Console) will be uninstalled with Service Pack 1 and GPEdit will default to Local Group Policy editing. Following these changes, SP1 users can download an updated version of GPMC which will include new Group Policy capabilities including adding comments to GPOs or individual settings and searching for specific Group Policy settings.
- The MSN Connection Center Dial-up Internet Access connector was removed from the Windows Vista Connection Wizard.
- Includes a new Offline Files interface that exports the dirty byte count for a file that is modified offline. This interface is exposed both through the COM APIs and WMI provider for Offline Files.
General Improvements and Enhancements
- SP1 includes a number of changes which allow computer manufacturers and consumers to select a default desktop search program similar to the way they currently select defaults for third-party web browsers and media players. That means that in addition to the numerous ways a user could access a third party search solution in Windows Vista, they can now get to their preferred search results from additional entry points in the Start Menu and Explorer Windows in Windows Vista with SP1. 3rd party software vendors simply need to register their search application using the newly provided protocol in Windows Vista SP1 to enable these options for their customers.
- With SP1, Windows Vista will report the amount of system memory installed rather than report the amount of system memory available to the OS. Therefore 32-bit systems equipped with 4GB of RAM will report all 4BG in many places throughout the OS, such as the System Control Panel. However, this behavior is dependent on having a compatible BIOS, so not all users may notice this change.
- SP1 reduces the number of UAC (User Account Control) prompts from 4 to 1 when creating or renaming a folder at a protected location.
- Improvements in the Licensing User Interface and User Experience including more details in the help about activation and what happens if user does not activate; more detailed and descriptive dialog text; raw error codes replaced with easily comprehensible text.
- SP1 modifies the text in the Ultimate Extras Control Panel to describe the Ultimate Extras program in more general terms.
- Upon scanning a photo with the Vista scanning experience, SP1 will open Explorer rather than opening Windows Photo Gallery.
- Users are now required to enter a password hint during the initial setup of Windows Vista SP1. This change was made based on feedback from top PC manufactures that many customers frequently do not remember their password and because the administrator account is turned off by default on Windows Vista, these users do not have a way to access to their PCs. A password hint helps avoid this frustrating scenario.
- Improves compatibility with 3rd party diagnostic tools that rely on raw sockets by applying the same delivery logic to control (ICMP v4 and v6) and regular packages.
- While not reflected in the initial release candidate this week, we will also be making changes effective with SP1 in how we differentiate the experience customers have using non-genuine versions of our software. This is based on feedback we heard from volume license customers in particular as part of our Windows Genuine Advantage program.
- Also coming with SP1 but not in the current release candidate, we will also be including updates that deal with two exploits we have seen, which can affect system stability for our customers. The OEM Bios exploit, which involves modifying system files and the BIOS of the motherboard to mimic a type of product activation performed on copies of Windows that are pre-installed by OEMs in the factory. The Grace Timer exploit, which attempts to reset the “grace time” limit between installation and activation to something like the year 2099 in some cases.
Windows Vista Alignment with Windows Server 2008
Windows Vista is aligned with Windows Server 2008, meaning that many files are common to both products. A result of this design is that there are cases where a common binary is modified to enable a server scenario that has limited or no effect on Windows Vista SP1 capabilities. Here are few examples:
- File Sharing: The file sharing subsystem on Windows Vista only allows 10 concurrent inbound connections. Windows Server 2008 must scale to support thousands of concurrent connections. During the testing and customer feedback phase of Windows Server 2008 development, the file sharing subsystems are tuned and refined to optimize the file sharing stack for performance, scalability and reliability. This level of tuning and refinement are not typically applicable on a 10-connection limit client, but are critical to a file server role. Changes like this are done primarily for the server scenarios, although these changes may also benefit Windows Vista SP1.
- IIS 7: IIS was included in some Windows Vista SKUs to enable web-based developers to write and test their applications. IIS in Windows Server 2008 is a significant server role which requires Internet-level scalability and performance requirements. The IIS7 components have gone through significant performance and reliability enhancements since Windows Vista originally shipped, in order to be a large-scale server component. These changes do not affect most Windows Vista users who do not even have the IIS7 components installed, however because Windows Vista and Windows Server are aligned, these changes are included in Windows Vista SP1.
- Concurrent User Support: Key subsystems such as the Windows Logon process and the core kernel need only support user-switching scenarios on Windows Vista. However, on Windows Server 2008, where a Terminal Server may have thousands of users logged in simultaneously, these subsystems must be tuned for maximum performance and reliability. Changes like this are done primarily for the server scenarios, although they may also benefit Windows Vista SP1.