Top 10 Windows 7 features #1: Action Center

How Action Center can succeed, and how it can fail

The opportunity for parties other than Microsoft to become involved in this new scheme of things is so strong that Betanews made third-party troubleshooting #8 on our Top 10 list. If the user can perceive everyone as involved in the maintenance process, then when problems do arise, he may at the very least take a few moments before blaming Microsoft in his mind, and fuming over the unreliability of Windows.

But getting everyone involved -- making Symantec and Sophos and ZoneAlarm just as much a part of everyday maintenance as Microsoft -- may very well have been Vista's biggest single uncompleted task. Way back in early 2004, Windows XP's engineers first proposed inviting partners and third parties into the security process so that their brands were featured as part of Security Center, originally planned for XP Service Pack 2. This way, if users chose brands other than Microsoft, Windows would be perceived as cooperating with, and accepting, those choices.

Enabling that cooperation required vendors to subscribe to a kind of interoperability protocol: the Security Center API. Rather than the olive branch XP's engineers originally hoped it would be, the API became a political football when leading security vendors Symantec and McAfee claimed it was withholding information from them, specifically by delivering an incomplete API that didn't open up access to such features as PatchGuard for 64-bit Vista -- features that made older security software for 32-bit computers either inoperative or irrelevant.

Those complaints led the European Commission to investigate whether Microsoft was in fact revealing "the entire API," when in fact, the Security Center API was meant to be a way for anti-malware packages to reveal themselves to the user, not to access the operating system. That's how Microsoft explained it to Betanews at that time. Unsatisfied with Microsoft's responses to the EC saying that its API was complete, and adding documentation in an effort to prove it, in early 2007, Symantec took the unprecedented step of publishing a white paper claiming to reveal deficiencies in PatchGuard and demonstrating how the system could be bypassed. If only the API would enable security software companies to bypass security measures without using stealth, their argument went, they could thwart efforts by malware to bypass those same measures using stealth.

It was a hail-Mary pass, and as an argument against Microsoft's API, it failed. But the white paper was the crack in the dam, the beginning of the feeling that spread throughout the user community that Vista was unstable. The argument against Vista mutated into something like this: The fact that Microsoft would go to such lengths to reinforce its security is an indication that something is insecure at the core.

The response to this argument, which Microsoft representatives and engineers both shared with Betanews years ago, would begin with a systematic rethinking of the Security Center API. If it worked, users would never notice it. Beginning with Vista Service Pack 1, Security Center would begin to recognize an expanded dialog with third-party software, a way for it to present a kind of manifest using an XML-derivative language so that Windows would recognize it for the tasks that it performed, and make those tasks explicitly available to users through a unified console. For its own benefit, this expanded API would enable Microsoft to trailblaze a bit, if you will, creating new classes of maintenance and troubleshooting facilities that it could introduce, while allowing competitors to follow along.

Again, if it works, the user won't notice it that much. Everything will continue to flow smoothly, and some users will think that Action Center is merely a renamed Security Center. It's not. It's the nucleus of a major restructuring of how the Windows client is maintained, which could yield tremendous benefits for the once suffering utility software business.
Security software vendors knew this was going to happen since the release of Vista SP1 in March 2008. They were notified that SP1 would recognize both the old Vista and the new Windows 7 versions of the API. But Windows 7 would only recognize the new version, and vendors had until September 2009 to make improvements.

If anyone had bothered to read that memo last year, they would have known when Win7 was to have been released, plus or minus a month or so.

For vendors that didn't get the memo, as Windows 7 Senior Director Paul Cooke blogged last month, their software will hoist a red flag in Windows 7: "We have removed the old API from the Windows 7 RC. Users who are running security software that does not use the newer API will see the 'non-compatible' message…from the new Action Center, which instructs customers to contact their security software provider."

The message in question may say that the older anti-virus software, for instance, "is on but is reporting its status to Windows Security Center in a format that is no longer supported. Use the program's automatic updating feature, or contact the program manufacturer for an updated version."
Windows users do not like red flags, and they tend to blame Microsoft for them before anyone else. So the possibility exists that the new Action Center API, as it may yet come to be known, could become the next political football. Vendors could complain once again, waiting until the last minute to do so like they did before. It's difficult to imagine Microsoft not seeing this possibility on the horizon.

So quite conceivably, the entire success of Windows 7 -- whether it's adopted early and willingly by consumers, whether businesses invest in it, whether it prompts those businesses to install Windows Server 2008 R2 to take advantage of it, whether it drives new rounds of software purchases -- depends on the reception given to this one single feature. Will it give consumers the feeling of power and control over their computers? Will it give them a sense of security without over-emphasizing the threats? And will it deflect efforts from competitors to make Windows seem insecure in order to drive sales in their direction?

Regardless of the probability that the Windows client will remain the market share leader throughout Win7's lifetime, billions of dollars in revenue, and the health and well-being of Microsoft in an economy that has already swallowed up General Motors and Chrysler, hinge on the success or failure of this one little flag in the corner of the taskbar. Hopefully the fact that the flag is white won't be a bad sign.