Download Free Software Windows Vista

CinePlayer DVD Decoder Pack for Vista – Download

$14.99

Play DVDs on you computer with CinePlayer Vista DVD Decoder software.

CinePlayer DVD Decoder Pack for Windows XP – Download

$14.99

Play DVDs on your PC with CinePlayer DVD Decoder software for Windows XP.

Windows Vista Step by Step

$16.19

Experience learning made easy-and quickly teach yourself how to make the most of your Windows Vista experience. With Step By Step, you set the pace-building and practicing the skills you need, just when you need them! Personalize the way your computer works and looks Install programs and set up printers and other hardware Instantly search your entire computer and find exactly what you need Catalog your digital photos, burn CDs, and play games-have fun! Connect to the Internet and block unwanted content Fine-tune your PC"s performance and fix common problems Your all-in-one learning experience includes: Files for building skills and practicing the book"s lessons Fully searchable eBook Windows Vista Product Guide eReference-plus more resources on CD A Note Regarding the CD or DVDThe print version of this book ships with a CD or DVD. For those customers purchasing one of the digital formats in which this book is available, we are pleased to offer the CD/DVD content as a free download via OReilly Medias Digital Distribution services. To download this content, please visit OReillys web site, search for the title of this book to find its catalog page, and click on the link below the cover image (Examples, Companion Content, or Practice Files). Note that while we provide as much of the media content as we are able via free download, we are sometimes limited by licensing restrictions. Please direct any questions or concerns to booktech@oreilly.com.

Download Free Software Windows Vista

Safety and security features of Windows Vista News

User Account Control

Main article: User Account Control

User Account Control is a new infrastructure that requires the consent of users before authorizing any action that requires administrator privileges. With this feature, all users, including users with administrative privileges, run as standard user by default since most applications do not require higher privileges. If action is envisaged that needs administrative privileges, like installing new software or change system configuration, Windows prompts the user whether to allow the action or not. If the user chooses to let the process of initiating action amounts to a context greater privilege to continue. While standard users must enter a user name and password of an administrative account for a process high (over the shoulder of Credentials), an administrator can choose to be prompted by credentials consent or request.

UAC asks for credentials secure desktop mode, where the entire screen and disappeared temporarily disabled to present only the elevation UI. This is to prevent spoofing of the interface user or application requests elevation of the mouse. If the request for applicant did not rise before the focus change Secure Desktop occurs, then the icon flashes on the taskbar, and when the bet, the elevation of the user interface is presented (Even if it is not possible to prevent a malicious application of silence to get the focus).

More privileged Secure Desktop that allows applications running the system is not applicable in user mode can submit their dialog boxes in the office, so that any authorization system can assume that it is raising authentic. In addition, it can also help protect against attacks to break, to intercept Windows messages between processes to execute malicious code or distort the user interface, preventing the licensing process to send messages to process high privilege. Any process that wants to send a message to a process of great privilege for the high the highest privilege context, through the UAC.

Applications written with the assumption that the user is running with administrator privileges experienced problems in earlier versions of Windows when run from limited user accounts, it has often tried to write in the directories of all equipment or system (eg Program Files) or registry keys (HKLM particular) UAC attempts to remedy this using File and Registry Virtualization, which redirects writes (and subsequent reads) to location of the user in the user profile. For example, if an application attempts to write to program and the user doesn filesappnamesettings.ini has permissions to write to this directory, the script redirects to: UsersusernameAppDataLocalVirtualStoreProgram Filesappname.

BitLocker Drive Encryption

Main article: BitLocker Drive Encryption

Formerly known as "Secure Startup", this function provides a full disk encryption for the system volume. Using the command line utility, can encrypt additional volumes. BitLocker uses a USB or Trusted Platform Module (compatible with version 1.2 of the TCG specifications) to store your key encryption. Ensure that the computer running Windows Vista starts in a known state of well-being, and also protects the data against unauthorized access. The volume of data is encrypted with a Full Volume Encryption Key (FVEK), which is encrypted with a Volume Master Key (VMK) and stored on the disc itself.

Windows Firewall

Main article: Windows Firewall

Windows Vista has greatly enhanced the security server to cope with a number of concerns about the flexibility of Windows Firewall in a corporate environment:

IPv6 connection filtering

packet filtering output, reflecting growing concerns about spyware and viruses that attempt to "phone home."

With the advanced packet filter, rules can also specify the source and destination IP addresses and port ranges.

It can be configured for services by its service name chosen by a list, without specifying the name of full path of the file.

IPsec is fully integrated, allowing connections to be permitted or denied based on security certificates, Kerberos authentication, encryption, etc. may also be necessary for any type of connection. A Connection Security Rule can be created by an assistant in charge the complex configuration of IPsec policies on the machine. Windows Firewall can allow traffic on the basis that the traffic is IPsec protected.

A new management console snap-in named Windows Firewall with Advanced Security provides access to many advanced features, including IPsec settings, and enables remote management.

Ability to have separate profiles for firewall when computers are domain-joined or connected to a private or public network. Support for the creation of standards for the application server and strategy domain isolation.

Windows Defender

Main article: Windows Defender

Windows Vista includes Windows Defender, Microsoft spyware utility. According to Microsoft, which has been renamed "Microsoft AntiSpyware" as works not only from system to detect spyware, similar to other products on the open market, but also includes the security guards real-time control many areas of Windows for the changes can be caused by spyware. These areas include Internet Settings Explorer and applications startup configuration of the automatic download and add-ons for Windows, and Windows Shell Extensions.

Windows Defender also includes the ability to remove ActiveX applications that are installed and to block startup programs. It also incorporates the SpyNet network, which allows users to communicate with Microsoft, send what they consider to be spyware, and check what applications are acceptable.

Parental Controls

Parental Controls control panel

Windows Vista includes a range of parental controls for user accounts not domain. Windows parental control depends on the UAC to implement the reduction identities into account the rights necessary for online restrictions. An administrator may apply parental control restrictions for other users on the computer. Facilities include:

blocking Web content, including the ability to restrict browsing "Sites web for kids' Internet and the blocking of certain content categories "pornography", "Medicine" "E-mail on the Web Web Chat "and so on. Downloading files can also be disabled. Web content filtering is implemented as a Winsock LSP filter.

The limits of time when the account can be used. If enabled, users are prevented from connecting itself is not connected. If you log in and the deadline is reached, the user accounts are locked with Fast User Switching without requiring users to register in order to prevent the data stored in it is lost.

Restrictions the type of games can be played. An administrator can choose one of five different games services ESRB (U.S. & Canada), the system PEGI (Europe), USK (Germany) OFLC (Australia and New Zealand) or ZERO (Japan). Ratings are used to determine the game's highest rating allowed. As for blocking Web content, a number of content categories can be blocked regardless of game ratings.

Restrictions on software that can work. Implemented using software restriction policies in Windows.

Reports activity to monitor and record what is done under parental control through the event log interfaces

API to expose policy settings and constraints in the box, and the logging feature of the parental control feature to be extended or replaced.

File Cipher

Main article: File System EFS

Encrypting File System (EFS) Windows Vista can also be used to encrypt the swap file system and cache memory for each user of offline files. EFS is also more closely integrated with the enterprise infrastructure Public Key Infrastructure (PKI) and supports the use of PKI key recovery based on recovery of data through EFS recovery certificates, or a combination of both. There is also the policy of the new group to require smart cards for EFS, enforce encryption of the file exchange, provide a minimum key lengths for EFS, enforce encryption of the user's Documents folder, and prohibit certificates self-signed. The cache EFS encryption key can be deleted when the user locks their place of work or after a certain time.

The key change assistant Encrypting File System allows the user to select a certificate for EFS and to select and migrate files existing certificate using the new elected. The administrator license also allows users to export their EFS recovery certificates and private keys. Users are reminded to backup your keys SAI first use by a notification bubble. The key change assistant can also be used to migrate existing users of the facilities of digital certificates for smart cards. The wizard can also be used by the administrator or the users themselves in recovery situations. This method is more efficient and reencrypting to decipher the files.

Preventing exploits

Windows Vista uses the address Space Layout Randomization (ASLR) to load the system files random addresses in memory. By default, all system files are loaded at random from all 256 possible locations. other executables specifically a bit in the header of the Portable Executable (PE), which is the executable file format for Windows, use ASLR. To executable stack and heap assigned to is decided randomly. Loading of system files in random directions, it becomes more difficult for malicious code to know where the functions are treated by the system, which is unlikely as the intended use. This avoids attacks by remote execution Preventing buffer overflow attacks Back to libc.

The executable format Mobile has been updated to support embedding exception address in the header of the driver. Whenever an exception occurs, address of the controller is verified with the one stored in the header of the executable. If they match, the exception is handled, also indicates that the runtime stack has been compromised, and therefore the process is complete.

function pointers are confused by XOR-ing with a random number, so the actual address above is difficult to retrieve. It would therefore be to manually change a pointer, as the key obfuscation used for the pointer would be very difficult to recover. Therefore, it becomes difficult for unauthorized users function pointer to use it effectively. Metadata also heap blocks are XOR with random numbers. In addition, the checksums of blocks lots remain, which is used to detect unauthorized changes and damage to the battery. Whenever a lot of corruption is detected, the application is killed to prevent a successful exploit.

Windows Vista binaries include support for the intrinsic detection stack overflow. When a stack overflow in the Windows binary is detected, the process is killed then it can not be used to accomplish this feat. Windows Vista also stops bit more room in the buffer memory and not, as pointers and parameters provided in the area shortly memory. So yes building, failure data is needed to access these sites. However, memory exhaustion buffer are much less frequent than the buffer overrun.

Data Execution Prevention

Main article: Data Execution Prevention

Windows Vista provides full support for the NX (no-execute) feature of modern processors. DEP was introduced in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1. This feature appears as NX (TEUs) in processors AMD64 AMD that XD (EDB) on Intel, you can flag certain parts of memory containing data instead of executable code, which avoids overflow errors resulting from the execution of arbitrary code.

If the processor supports the NX-bit Windows Vista automatically applied based on the hardware Data Execution Prevention in all processes to highlight some of the pages of memory as segments non-executable data (such as batteries and battery), then the data can be interpreted and executed as code. This prevents exploit code that injected into the data and then executed.

If DEP is enabled for all applications, users benefit from the additional resistance against zero-day attacks. But not all applications are compatible with DEP and DEP are some exceptions generated. Therefore, DEP does not apply to all applications by default in 32-bit versions of Windows and is activated only for critical system components. However, Windows Vista has additional controls that allow policy NX software developers to allow protection NX hardware for your code, regardless of the application settings system compatibility. Developers can make their applications as NX-compatible when built, allowing protection to be applied when the application is installed and running. This allows a higher percentage of NX-protected code in the software ecosystem of 32 bits, where the default policy of the system is configured to support NX only to protect components of the operating system. Applications for x86-64, the compatibility is not a problem and does so by default DEP for all 64-bit programs. In addition, DEP is the only processor used in x86-64 versions of Windows Vista for better security.

Digital Rights Management

Main article: Route of media protected

New digital rights management and content protection features were introduced in Windows Vista to help digital content providers and businesses to protect your data against copying.

PUMA Protected User Mode Audio (PUMA) is the new user mode Audio (UMA) audio stack. His goal is to provide the environment for audio reproduction that restricts copying of copyrighted audio, and restricts the audio outputs license authorized by the publisher of protected content.

Protected Video Path – Output Protection Management (PVP-OPM) is a technology that prevents copying of protected digital video streams or video viewing devices that lack a equivalent copy protection (usually with HDCP). Microsoft says that without the restrictions of industry content may prevent computers from reading content protected by the refusal to issue license keys for encryption used by HD DVD, Blu-Ray Disc, or other systems of protection against copying.

Protected Video Path – User Accessible Bus (PVP-UAB) is similar to PVP-OPM, except that it applies encrypt protected content by the PCI Express bus.

Rights Management Services (RMS) support, the technology that will for companies using DRM restrictions of business documents, e-mail and intranets to protect them from being copied, printed, or even opened by unauthorized persons to do so.

Windows Vista introduces a protected process, which differs from the process usual in the sense that other processes can not manipulate the process state, nor the arguments of the other processes are in place in it. A method secure improved access to all features DRM Windows Vista. However, at present, only the protected applications Path processes can create protected video.

The inclusion of new features digital rights management has been a source of criticism of Windows Vista.

Application Isolation

Main article: Compulsory integrity control and user interface privilege isolation

Windows Vista introduces mandatory controls on the integrity of establishing levels of integrity in the process. A low integrity process can not access resources on a process integrity level. This function is used for insulation applications, where applications in a medium integrity level, as all applications running on the background standard user can not connect to the scale system processes ongoing high level of integrity, such as applications in administrator mode, but it can be connected in the lower integrity processes that Windows Internet Explorer 7 or 8. A method of privilege can not make a window handle validation process of higher privilege, not SendMessage or PostMessage to higher privilege application windows you can use hooks to attach to wire a higher privilege process, Journal can not use hooks to monitor a higher privilege process can DLLnjection a process privilege higher.

Windows Service Hardening

Windows Service Hardening services compartmentalized so that if a service is compromised, it can attack other services in the system. It prevents Windows Services for operations in systems files, the registry or networks that are not supposed to, reducing the total surface attack against the system and prevent the entry of software malicious services by operating system. Services are now subject to a service security identifier (SID) that you can control access to the access service as specified by the SID. A service SID can be attributed when installing the service through ChangeServiceConfig2 APIs or the command with SC.exe sidtype verb. Services may also use access control lists (ACLs) to prevent external access to private resources itself.

Services in Windows Vista will also performed in a less privileged account as a local service or network service, rather than the system account. Earlier versions of Windows ran system services at the session of the same name as the local user of the registered user (Session 0). In Windows Vista, Session 0 is now reserved for these services, and all interactive logins are done in other sessions. This is to help mitigate a class of exploits Windows password message system, called destructive attacks. The process of service that privileges provided in the registry value in RequiredPrivileges HKLMSystemCurrentControlSetServices.

The services also need explicit permissions to write to write to resources, based on each service. By using an access token write restricted resources that must be changed by a service they write access, so try not to change any other remedy. Services also the policy of pre-configured firewall, which only gives more privileges than necessary to function properly. The ISV Windows Service Hardening can use to build their own services. Windows Vista also hardens the named pipes used by RPC servers to prevent further processes to be able to remove.

Initial authentication and logon

Graphical Identification and Authentication (GINA), which is used for authentication and secure logon interactively has been replaced by providers of credentials. Combined with hardware support, information providers can extend identification the operating system so that users can log on using biometrics (fingerprints, retina, or voice recognition) passwords, PINs, smart cards and certificates, or custom authentication package and third party developers to create designs like. Authentication smart card is flexible certification requirements are relaxed. Companies can develop, deploy, and possibly implement mechanisms custom authentication for all domain users. Credential Providers can be designed to support single sign-on (SSO) authentication users on a secure network access point (advantage RADIUS and other technologies) and connection to the machine. information providers identification are also designed to support credentials specific application and can be used for authentication network resources, joining a field of machinery, or to consent to the account manager user. Also supports Authentication Services IPv6 and Web. A provider of security services news is available through CredSSP Provider Interface security support allows an application to delegate the user credentials from the client (using client-side SSP) to the target server (via server side SSP). The CredSSP is also used by Terminal Services to provide SSO.

Windows Vista can authenticate user accounts by using smart cards or a combination of passwords and smart cards (two-factor authentication). Windows Vista You can also use smart cards to store EFS keys. This ensures that encrypted files are accessible only when the smart card is physically available. When using smart cards for logon, EFS operates in a single session on how you use the connection smart card encryption files without requesting the PIN.

Fast User Switching is limited to computers Workgroup in Windows XP, now also be enabled for computers connected to a domain from Windows Vista. Windows Vista also includes support for managers authentication Read-Only Domain introduced in Windows Server 2008.

Cryptography

Main article: Encryption API

Windows Vista has an updated encryption API called Cryptography API: Next Generation (CNG). The CNG API is a user mode and kernel-mode API that includes support for Elliptic Curve Cryptography (ECC) and a series of new algorithms that are part of the Agency National Security (NSA) Suite B. It is extensible, with support for custom encryption API runtime plug CNG. It also integrates with the subsystem Smart Card Base CSP including module that implements all the standard features developers backend encryption and card manufacturers need intelligent not need to write complex DSP. Microsoft CA may issue certificates of CEC and the client certificate can enroll and validate certificates of ECC and SHA-2 based.

Revocation enhancements include native support for Online Certificate Status Protocol ( OCSP) to provide verification of the validity of the certificate in real time, CRL prefetching and CAPI2 diagnosis. Registration certificate is based on an assistant, allows users to enter data during registration and provides clear information on registration and expired certificates. CertEnroll, a new API COM registration database Xenroll replaces flexible programming library. roaming capabilities credential Active Directory to replicate key pairs, certificates and credentials stored on user names and passwords stored in the network.

Network Access Protection

Main article: Network Access Protection

Windows Vista introduced Network Access Protection (NAP), which ensures that computers that connect to a communications network or through a network are needed in health systems, as established by the network administrator. Under the policy established by the administrator, Teams that do not meet or get noticed and give access or limited access to network resources or completely denied access. PAN may also optionally provide software updates on a computer that does not meet the updated as necessary to access the network, using a server consolidation. A customer is given as a health certificate, which is then used to access protected resources on the network.

A policy network servers running Windows Server 2008 server acts as a health policy and customers need to use Windows XP Service Pack 3 or later. A VPN server, RADIUS server or DHCP server can also act as a server policy health.

Other TCP / IP security features

Safety interfaces (TCP / IP traffic filtering localhost), the firewall hook, the hook filtering and storage of data packet filter has been replaced by a new framework called Windows Filtering Platform (WFP). WFP provides filtering functions in all layers of the TCP / IP. WFP is integrated into the stack, and it is easier for developers to create drivers, services and applications that must filter, analyze or modify the TCP / IP traffic.

To ensure greater security during the transfer of data over a network, Windows Vista makes improvements to the encryption algorithms used to hide data. Support 256-bit and 384-bit Diffie-Hellman (DH) algorithms, as well as 128-bit, 192 bit and 256-bit Advanced Encryption Standard (AES) is included in the home network and protocol stack and Kerberos GSS messages. Direct support for SSL and TLS in the new Winsock API allows applications to control directly takes the security of your traffic through a network (such as providing security policy and requirements for traffic, check the settings security) instead of having to add code to support a secure connection. Computers running Windows Vista can do Part logically isolated networks within an Active Directory domain. Only computers that are on the same partition of a logical network will be able access to domain resources. While other systems may be physically on the same network, unless they are in the same logical partition, it will not be able to access shared resources. A system may be part of network partitions. Schannel SSP includes new suites encryption that support elliptic curve cryptography by what the ECC cipher suites can be negotiated within the framework of the traditional grip TLS hands. Schannel interface is connectable as advanced combinations of cipher suites can be replaced at a higher level of functionality.

IPsec is now fully integrated with the Windows Firewall and offers simplified configuration and improved authentication. IPsec supports IPv6, including support for Internet Key Exchange (IKE), AuthIP and data encryption, client protection, DC, integration with network access protection Network Diagnostic Framework and. To increase security and deployment of IPsec VPN, Windows Vista includes AuthIP extend the IKE encryption protocol to add features such as authentication with multiple credentials, authentication and asymmetric bargaining alternative.

Wireless security is improving with improved support for new wireless standards like 802.11i (WPA2). Security (EAP-TLS EAP Transport Layer) is the default authentication mode. Connections are more secure support at the connection point wireless access. WPA2 can be used even in ad hoc mode. Windows Vista improves security by joining a domain on a wireless network. You can use single sign-on to use the same credentials to join a wireless network and domain hosted in network. In this case, the RADIUS server uses the same for PEAP authentication to join the network and MS-CHAP v2 authentication to connect to the domain. A start-up wireless profile can be created on the wireless client, which authenticates the first computer to the wireless network and connects to the network. A this stage, the team still lacks access to domain resources. The machine to execute a script stored in the system or USB drive, which is authenticated in the field. Authentication can be done using a combination of user name and password wither or infrastructure the security certificate (PKI) vendor such as VeriSign.

Windows Vista also includes an Extensible Host Authentication Protocol (EAPHost) framework that provides extensibility for authentication methods commonly used to protect technology access network, such as 802.1X and PPP. Network enables providers to develop and easy to install new authentication methods known as EAP methods.

Windows Vista Service Pack 1 includes Secure Socket Tunneling Protocol, a new property Microsoft VPN protocol that provides a mechanism to transport Point to Point Protocol (PPP) traffic (including IPv6 traffic) via a SSL channel.

characteristics x86-64-specific

64-bit versions of Windows Vista to address hardware-based Data Execution Prevention (DEP), no backup software emulation. This ensures that the least efficient software DEP (which is only an exception handling security and unrelated with the NX bit) is not used. In addition, DEP, by default applies to all 64-bit applications and services on x86-64 and versions of 32-bit applications that opt-in. In contrast, 32-bit, software-enforced DEP is an option available by default, is enabled only for critical system components.

Upgrade Kernel Patch Protection, also known as PatchGuard prevents Third-party software, including kernel-mode drivers to modify the kernel, or any data structure used by the kernel anyway, if you detect changes, the system is off. This mitigates a common tactic used by rootkits to hide user-mode applications. PatchGuard is introduced first time in 64-bit edition of Windows Server 2003 Service Pack 1, and was included in Windows XP Professional x64 Edition.

in kernel mode driver versions 64-bit Windows Vista must be digitally signed, even administrators will not be able to install unsigned drivers kernel mode. A boot time option available to disable the verification of a single session of Windows. drivers in user mode 64-bit must not be digitally signed.

Code checksum integrity has signed the code. Before loading the binary system is compared to Make sure the amount that has not changed. Binary files are checked in order to obtain their signatures on the system catalogs. The bootloader checks the integrity of the Windows Vista kernel, the Hardware Abstraction Layer (HAL), drivers and start the boot. Outside the kernel memory space, code integrity checks binary loaded into a protected process and system installed libraries dynamic that implement the basic functions of cryptography.

Other features and changes

A number of specific changes in security and reliability have been made:

Software Restriction introduced in Windows XP have been improved in Windows Vista. A new level of user base were added on the level of security. The hash algorithm default rule has been updated since the sharp MD5 SHA256. Certificate rules can now be activated via the compliance Property dialog box within the extension of the snap.

To prevent accidental erasure of Windows, Windows Vista can not format the boot partition when active (right-click the C: drive and selecting Format, or by typing "Format C:" (Citations w o /) in the command prompt to give a message that the format of this volume is not permitted.) To format the primary hard drive (the drive that contains Windows), you must start the computer a Windows installation disc and select the "Repair your computer" the System Restore points by pressing F8 at startup.

Additional settings allow adjustments EFS encryption policies at the stake, if the files moved to encrypted folders are encrypted, the encryption of offline files cache files, and if quantified elements can be indexed by Windows Search.

User names and passwords stored (Credentials Manager) feature includes a new wizard for user names and passwords to backup and restore a file on systems running Windows Vista or later operating systems.

A new policy group policy adjustment allows display the date and time of the last interactive logon successfully, and the number of failed login attempts since the last successful logon with the same name. This will allow a user to determine if the account was used without your knowledge. The policy can be enabled for local users and computers joined to a domain functional level.

Windows Resource Protection prevents potentially adverse changes in the configuration of the system to prevent changes to system files and settings from any other process Windows Installer. In addition, changes in the registration unauthorized software locked.

In protected mode Internet Explorer: Internet Explorer 7 and later, several changes in security and anti-phishing filter, ActiveX opt, protection URL handling protection against attacks and cross-domain scripting tray false. It functions as a low integrity process on Windows Vista, you can write in the Temporary Internet Files folder, and can not get write access to files and keys register a profile of the user, protect users against malicious content and security vulnerabilities, including ActiveX controls. In addition, Internet Explorer 7 and after safer use of the Data Protection API (DPAPI) to store their credentials such as passwords instead of the less secure protected storage (PStore).

Location network integration with Windows Firewall. All new networks to connect to the cessation of payments "public place, blocking ports and listening services. If a network is marked as trusted, Windows recalls that the establishment of future connections to that network.

User-Mode Driver Framework drivers prevents access directly to the kernel, but access through a dedicated API. This new feature is important because most system failures can be attributed to improperly installed device drivers by other manufacturers.

Windows Security Center has been updated to detect and report the presence of anti-malware software, and to monitor and restore multiple configurations of Internet Explorer and user account security. For anti-virus software that integrates with the Security Center, presents the solution to everything problem in your own user interface. In addition, some Windows API calls were added to applications to retrieve the general health Windows Security Center, and receive notifications when the state of health.

Protected Storage (PStore) is obsolete and therefore read-only in Windows Vista. Microsoft recommends using DPAPI PStore to add new data elements or manage those that already exist. Internet Explorer 7 and later also be used in place of PStore DPAPI to store your credentials.

The built-in Administrator account is disabled by default on a clean install of Windows Vista. Can not access safe mode, and provided that are at least another local administrator account.