8 of 11Image
After XP shipped in 2001, Microsoft got right to work on the next release of Windows. It was an ambitious undertaking. Then-Windows boss Jim Allchin had a long list of groundbreaking features that would go into the upgrade, which was code-named Longhorn.
Paul Thurrott covered the Longhorn project extensively in those early days, putting together a detailed FAQ, multiple screenshot galleries, and extensive coverage of the many times Microsoft excitedly showed off new Longhorn features to developers and partners.
For Longhorn, the high point was the 2003 Professional Developers Conference (PDC), where Microsoft showed off everything it had done so far and whipped developers into a frenzy over what they could do with Avalon and Indigo and WinFS (Future Storage) and Next Generation Secure Computing Base, aka Palladium.
And then the wheels fell off.
In January 2004, Allchin sent an e-mail to Gates and Ballmer admitting failure:
I must tell you everything in my soul tells me that we should do what I called plan (b) yesterday. We need a simple fast storage system. LH (Longhorn) is a pig and I don't see any solution to this problem.
It took a few months, but by August the die had been cast, and the infamous "Longhorn reset" happened. A 2005 Wall Street Journal article has the ugly details:
Microsoft would have to throw out years of computer code in Longhorn and start out with a fresh base. It would set up computers to automatically reject bug-laden code. The new Longhorn would have to be simple. It would leave bells and whistles for later -- including Mr. Gates's WinFS ...
On Aug. 27, 2004, Microsoft said it would ship Longhorn in the second half of 2006 -- at least a year late -- and that Mr. Gates's WinFS advance wouldn't be part of the system. The day before in Microsoft's auditorium, Mr. Allchin had announced to hundreds of Windows engineers that they would "reset" Longhorn using a clean base of code that had been developed for a version of Windows on corporate server computers.
Nearly three years of work went down the drain, and a demoralized development team had to kick into high gear to turn out Windows Vista two years later. It's no wonder that Vista, despite its excellent foundational work, was a mess when it shipped.
Screenshot credit: Paul Thurrott
One of the great failings of Windows XP was a default security model that gave the primary user account full administrative powers over the operating system.
In its documentation for IT professionals, Microsoft recommended that administrators configure standard accounts for users, to limit the amount of damage they could do if they were tricked into installing a malicious piece of software. But many Windows programs were written under the assumption that the user had full administrative privileges and wouldn't run under a standard user account.
So, for Windows Vista, Microsoft decided to get serious about tightening the screws on user account permissions. In the process they went too far, alienating users and creating the single most mocked, misunderstood, and despised Vista feature of all: User Account Control.
During the darkest days of the Vista era, I wrote a lot of posts about UAC. including one extremely popular set of instructions for taming UAC. That post included this succinct description:
The biggest misconception I hear about UAC is that it’s just another silly “Are you sure?” dialog box that users will quickly learn to ignore. That’s only one small part of the overall UAC system. The point of UAC is to allow you to run as a standard user, something that is nearly impossible in Windows XP and earlier Windows versions. In fact, with UAC enabled (the default setting) every user account in Windows Vista runs as a standard user. When you try to do something that requires administrative privileges, you see a UAC consent dialog box. If you’re an administrator, you simply have to click Continue when prompted. If you’re running as a standard user, you have to provide the user name and password of a member of the Administrators group.
What went wrong? For starters, there were way too many consent prompts—some of them in a cascade for a what should have been a simple task.
And it didn't help when a Microsoft executive publicly and proudly admitted that the point of the feature was to "annoy users." David Cross, a product unit manager at Microsoft, made that admission in a speech at a security conference:
"The reason we put UAC into the [Vista] platform was to annoy users — I'm serious," said Cross, speaking at the RSA Conference in San Francisco on Thursday. "Most users had administrator privileges on previous Windows systems and most applications needed administrator privileges to install or run."
Cross claimed that annoying users had been part of a Microsoft strategy to force independent software vendors (ISVs) to make their code more secure, as insecure code would trigger a prompt, discouraging users from executing the code.
That might have been literally true, but the subtlety was lost on exasperated Vista users, who felt personally offended at being used as human targets in a sniping war with third-party software developers.
Microsoft toned down UAC dramatically in Windows Vista Service Pack 1 and gave it a complete overhaul in Windows 7. And the bad publicity did indeed shame the most egregious software offenders into cleaning up their act. But the damage was done. Today, UAC may be far less annoying, but its reputation has never fully recovered. Microsoft learned a key lesson: features with this much disruptive potential need to be designed carefully from Day 1.
When people ask me what's the stupidest thing Microsoft ever did with Windows, I have an easy answer.
I even used that word back in June 2006, when I wrote Microsoft presses the Stupid button:
When you’re the Evil Empire, it’s only natural to get a bad rap for everything you do. Microsoft gets bad-mouthed a hundred times a week for things that would be perfectly acceptable coming from anyone else. Given that level of criticism, it’s easy to ignore the times when they’re just completely, egregiously wrong.
The uproar over Microsoft’s new Windows Genuine Advantage authentication software, which is now being pushed onto Windows users’ machines via Windows Update, is one of those occasions. Someone at Microsoft just pushed the Stupid button. And things aren’t going to get better until they stop pushing it.
But over the next two years, they made it worse, with activation servers that failed and unfairly branded innocent Windows users as software pirates. The program hits its low point, not surprisingly, in Windows Vista, when Microsoft released its toughest version yet:
Microsoft denies that this is a "kill switch" for Windows Vista ... Technically, they're right, I suppose. Switching a PC into a degraded functionality where all you can do is browse the Internet doesn't kill it; but it's arguably a near-death experience.
I long ago lost count of the number of words I wrote about Windows Genuine Advantage and product activation, but I don't regret a single one of them. I know they made a difference. Microsoft removed the "kill switch" in Windows Vista Service Pack 1, and in Windows 7 the activation experience seems to finally work.