did XP improve any Windows functions?

Earlier Windows versions had one "feature" that has been difficult to protect against misuse (by malware).

Individual programs can, with fairly simple setup, directly access memory and the processor. Win98 was the first version in which all normal Windows programs made all "hardware connections" by going through the "Windows layer" where they could be managed so that the potential for harm was reduced. Even in Win98, a program could easily request and get direct hardware control, although compliant programs weren't supposed to.

WinXP "hardened up" the protection layer, so that it's much more difficult for a program to get direct access, although it still can be done. The operator can decide to permit a limited direct access (essentially by allowing a "run as Win98") but normal Windows compatible programs don't get there.

WinXP is based on the "server grade" NT4 OS. Win2K was the first "user OS" to have NT4 base, but it was a bit too powerful to be easily managed by many users, requiring sophisticated management skills that were out of reach for most users. Most of the "extra features" of Win2K, while useful in a large network environment, were just excess baggage for more typical users.

WinXP incorporates NT4 "server level" security, but with a simpler user interface and with the addition of immensely powerful administrative tools (that most users don't know exist). WinXP includes nearly all the "networking" capabilities of NT4 and subsequent server OS versions with a few exceptions, a most obvious one being lack of a full function DNS module. WinXP still allows override of some default security features in ways that have made it more vulnerable than is desirable in the current internet environment.

Vista takes security a step further by making the "protection layer" almost invulnerable - maybe. Programs are not allowed to connect directly to hardware, but must use "program functions" included in the OS instruction set to request that information be passed to and from hardware. It remains to be seen whether this will be fully effective; but it's worth noting that Microsoft was forced to deliberately weaken the built-in hardware isolation to accomodate third-party AV builders who would otherwise have been unable to scan memory and drives at bit level to use their programs. (Vastly oversimplified, but I think it's the general idea.)

One of the areas where direct hardware access was commonly permitted in WinXP and earlier versions was in device drivers. Fully compatible drivers went through the protection layer as intended, but non-compliant drivers could bypass it in some cases. Vista has stated that the OS will not permit installation of any driver that isn't certified Vista compliant.

While this may cause some problems with legacy equipment it is intended to significantly improve performance and security. Most hardware devices can be connected and should perform basic functions using default drivers that are included in Vista.

Hardware makers who want to provide "extra features" will need to provide compatible drivers that incorporate the "extras" using approved program language. This isn't particularly difficult in most cases, but is an extra step (and minor additional cost) that many have ignored in the past. (I dont' recall ever seeing an Epson printer or scanner driver that didn't pop up an error message for being non-certified during installation under Win98 or WinXP, as one example.)

Most of the advertising for Vista has raved about "3-D display" and other marginally interesting frilly stuff. Much of the stuff advertised ain't gonna work if you don't have new and powerful hardware, but you're not really going to miss it unless you're just intentially into fadware. The real changes are - hopefully - of some significance for security and performance if the internet (or whatever replaces it) continues in the ways it seems to have been going.

John