Right now, Windows 7 looks very much like Windows Vista because enhancements to the appearance and feel aspects of the operating system typically come late in the development process. Lucky for us, much of the awaited security functionality has already made its way into the beta build and we’re going to look at some of the new changes for Windows 7.
Old friends, new twists
Returning from Windows Vista are Kernel Patch Protection, Service Hardening, Data Execution Prevention, Address Space Layout Randomization, and Mandatory Integrity Levels
Windows XP SP2 to us by the Security Center. Windows 7 rejects this, and in its place an action center that integrates alerts from 10 existing Windows features: Security Center, problem reports and solutions, Windows Defender, Windows Update, diagnosis, Network Access Protection, Backup and Restore, Recovery, and User Account Control.
In Windows 7 to set the user agreement can prompt behavior using a slider, if they have administrative rights. Microsoft says that it would still be protected against malicious software, even if they never see another alert. While this may or may not be true, users have been conditioned to warnings that if they see something happening. Without them, maybe a false sense of security is to develop on the part of consumers.
Windows Filtering Platform
Windows 7 makes something like the Windows Filtering Platform (WFP). The idea is that third parties can take the advantages of the aspects of the Microsoft Windows Firewall into their own products. Microsoft says: “third-party products can also selectively turn parts of Windows Firewall on or turn off, so choose what software firewall to use and have it co-exist with Windows Firewall.”
While this sounds nice on paper, I can’t see a vendor teaming their product with the Windows firewall. Smart money says they’ll just use their own and ignore the Microsoft solution.
A nice thing to note about Windows 7 is that it is easier to configure that all important home network can. If users are affected by network problems, they curse the firewall and they are often rightly so. Windows 7 addresses the problem by taking over your home network setup and make sure the firewall does not interfere.
We also see that scrollbars were removed in the configuration settings screen, as has the Software Explorer feature, and real-time protection in Windows 7 has been improved to reduce the impact on overall system performance. A welcome change from the bloat of Vista.
Vista sailed along with a fleet of new security features, including BitLocker, a whole disk encryption tool developed, makes off your data even after an attacker with your laptop to protect. BitLocker uses a chip called trusted protection module (TPM). The Vista TPM transparently decrypted the drive once you authenticate with a password or a smart card. A laptop thief can break locked into the drive after boot a different operating system or move the drive to another computer.
BitLocker Drive encryption supports removable media such as Flash memory drives and portable hard disks in Windows 7 has been added. This means that sensitive information on all users mentioned their USB storage devices, as well as the physical drives on the host to keep.
As a side note to BitLocker, with groups to ban in writing all removable media, protected with BitLocker. It is a very useful tool against the very real problem podslurping known. This policy in place the employees still can drive virus-of-the month bring on an unprotected but they can not take away a unprotected copy of the personal database. It is also helpful to know that BitLocker to go provides users secure data sharing with other users, nor to the use of Windows 7.
That said, the testing I performed proved otherwise. I could not get this to work so I went to Microsoft and they confirmed that this is an issue in the beta build but will be fixed before final GA release.
Biometrics, System Restore and AppLocker
Biometrics enhancements include simple reader configurations, so that users stored manage the fingerprint data on the computer and control systems as Windows 7. And system restore provides a list of programs which be removed or added to the users more useful information before they decide to use the restore point. Restore points will also backup to choose a more extensive list of over a longer period.
I’ve seen, System Restore, as they solve caused more problems, I’m not a big fan. Yet users access often they, when they attempt to clean a real or imaginary malware problem. In Windows 7, you’ll at least a clear idea of collateral damage, resulting as it all programs and drivers removed or returned by calling a particular system restore point would lists. It is much better than to advise in place again and hope for the best, what you do now.
Another enhancement is AppLocker, accessed through Local Security Policy. It’s a way to control which programs users can and can’t use, and it’s a lot more flexible than Vista’s Software Restriction Policies. Still, it’s not for the average user. Most IT shops should be pleased with this enhancement. I can see it being tailored to just about any corporate need.
Virtually all the changes in the security area are simply tweaking and improving on existing Vista features. But then, that’s what Windows 7 is all about, right? While the enhancements seen thus far in the beta are nice, they aren’t stunning.
I hope to see even more improvements before Windows 7 hits the streets.