Skip to main content

Security features in Vista

Improved security is a major theme in Vista. It may be the most important determinant of the future success of the operating system. Many improvements are below the surface where greater control over what software can do to the system occurs. Other security features like User Account Control are very obvious. Overall, security features make up some of the biggest changes introduced in Vista. Many of these are very worthy but some are controversial. Here I will discuss some of the new features.

Under the hood

They may not be apparent but a lot of security measures are going on in the background in Vista. Here's some examples:

  • Buffer overrun protection - A large number of exploits have been making use of "buffer overruns". Vista manages memory in a way that helps reduce this problem.
  • Data redirection - The way in which applications can write to certain folders and Registry areas is controlled. Malicious software is prevented from changing sensitive system areas
  • Service hardening - Services run with a lower level of privileges than in XP and are restricted to actions that are appropriate to their intended function.

User Account Control (UAC)

UAC may be the most visible security change. Security experts have long urged that PC users should generally run their computers in an account with lowered rights. This ensures that the damage that a malware infection can do is limited. However, the limited user accounts in Windows XP were so restricted that most PC users continued to run in administrative accounts. By default Vista runs with reduced privileges but allows the user more flexibility. The method works by requiring user approval (and sometimes an administrator password) for a variety of tasks. However, the frequency of the popup messages requesting approval has caused many to consider this new feature to be a major nuisance. My personal experience is that it is very irritating at first but that you come to accept it as part of the price of increased security. An example of a typical popup is shown below.

Example of UAC popup

Much resistance to UAC has already been voiced and it remains to be seen how the technique works out when large numbers of systems have been installed. The problem may be that users will be sufficiently irritated that they will disable UAC. The Internet is already full of pages showing how to do just that. I will not reference any because I think that the average PC user is ill-advised to turn off UAC.

Unfortunately, another likely result is that, after seeing many warnings, users will become oblivious and simply click "Continue" without checking to see what it is that they are approving. This latter factor of "approval fatigue" could end up negating the benefits of UAC. We are asked to click things to approve them all the time and it is very tempting to want to get on with things and just say "Yes". How many EULAs do you read?

A final factor that I want to mention is mostly overlooked by Microsoft and others in the industry. The average home PC user doesn't really know enough to be able to distinguish legitimate services from possibly dangerous ones. There are many Windows services and functions with names that only an expert will recognize. When asked to approve or disapprove something, many occasions are likely to arise where Mom and Pop PC user will have no idea what is being referred to. Personally, I am afraid that this may turn out to be a major weakness of UAC.

Windows Vista Firewall

The firewall is an essential part of a computer's defense. Having the firewall in Windows XP SP2 turned on by default is credited by some security experts for greatly reducing worms. However, the firewall in XP is one-way, monitoring only incoming traffic. Vista adds two-way capability to its firewall but outgoing monitoring is mostly off by default. Furthermore, configuring the outgoing function is complicated and a number of commentators have said the difficulty means that the outgoing function is not worth much in practice. See this posting for some of the commentary.

Parental controls

Children are frequent users of the Internet and they are special targets for spyware. The Internet also has some seamy areas that parents may want their children to stay away from. Vista has a new feature that provides for parental control over a what a child can do on the computer. Both access to Web sites and logon hours can be restricted. You can also specify which programs a child is allowed to run. Each child must have a separate, standard account, which is then configured from the administrator-parent account. Of course, the administrator account should have a password that the child does not know. The figure below shows the various settings.

Internet Explorer 7 (IE7)

IE7 has a number of new security features including anti-phishing. Since IE7 can be used in Windows XP SP2, most are not unique to Vista. However, IE7 on Vista does have an additional safeguard called Protected Mode. This runs the browser in an isolated environment with reduced privileges. Incoming data can only be written in a temporary folder. This is an important defense against malicious downloads and scripts. More on security in IE7 can be read here.

Windows Defender

Defender is an anti-spyware program that is built into Vista. It has also been available as a stand-alone program for some time and will run in XP as well as Vista. Note that Defender is not an anti-virus program, which must be obtained separately. Also, its primary function is to block spyware rather than to remove already installed infections. Among anti-spyware programs, Windows Defender does not get top ratings so you may have to add an anti-spyware program anyway.

Security Center

There are many security aspects to Vista that cannot be covered in this quick survey. However, the figure below shows the Security Center where various settings can be configured.

Vista security center

Read More


Labels:

Comments

Post a Comment

Popular posts from this blog

How To Hide Text In Microsoft Word 2007, Reveal It & Protect It

Sometimes what we hide is more important than what we reveal. Especially, documents with sensitive information, some things are supposed to be ‘for some eyes only’. Such scenarios are quite common, even for the more un-secretive among us. You want to show someone a letter composed in MS Word, but want to keep some of the content private; or it’s an official letter with some part of it having critical data. As important as these two are, the most common use could involve a normal printing job. Many a time we have to print different versions of a document, one copy for one set of eyes and others for other sets. Rather than creating multiple copies and therefore multiple printing jobs, what if we could just do it from the same document?  That too, without the hassle of repeated cut and paste. We can, with a simple feature in MS Word – it’s just called Hidden and let me show you how to use it to hide text in Microsoft Word 2007. It’s a simple single click process. Open the document
1 comment
Read more

Clip & Convert Your Video Faster With Quicktime X & The New Handbrake 64-bit [Mac]

Recently a friend of mine asked for my help to find a video of a good presentation to be shown to one of his classes. He also requested for it to be iPod friendly as he would also distribute the video to his students. Three things came to my mind: Steve Jobs, Quicktime and Handbrake . Mr. Jobs is well known for his great presentations which are often used as references. I have several Apple Keynotes videos. For my friend, I decided to choose the one that introduced MacBook Air – the one that never fails to deliver the wow effect to the non-techie audience. It’s a part of January 2008 Macworld Keynote. First step: The Cutting To get only a specific part of the Keynote, I clipped the 1+ hour video into about 20 minutes using Quicktime X (which comes with Snow Leopard). I opened the movie using Quicktime X and chose Trim from the Edit menu ( Command + T ). Then I chose the start and end of my clip by moving both edges of the trimming bar to the desired position. To increase th
Post a Comment
Read more

Ex-Skypers Launch Virtual Whiteboard Deekit

Although seriously long in the tooth and being disrupted by a plethora of startups, for many years Skype has existed as an almost ubiquitous app in any remote team’s toolkit. So it seems apt that a new startup founded by a team of ex-Skype employees is set to tackle another aspect of online collaboration. Deekit, which exits private beta today, is a virtual and collaborative whiteboard to help remote teams work smarter. The Tallinn, Estonia-based startup is headed up by founder and CEO, Kaili Kleemeier, who was previously a Head of Operations at Skype. She and three colleagues quit the Internet calling giant in 2012 and spent a year researching ideas in the remote team space. They ended up focusing on creating a new virtual whiteboard, born out of Kleemeier’s experience collaborating with technical teams remotely, specifically helping Skype deal with incident management. “Working with remote teams has been a challenge in many ways – cultural differences, language differences, a
Post a Comment
Read more