Skip to main content

Security features in Vista

Improved security is a major theme in Vista. It may be the most important determinant of the future success of the operating system. Many improvements are below the surface where greater control over what software can do to the system occurs. Other security features like User Account Control are very obvious. Overall, security features make up some of the biggest changes introduced in Vista. Many of these are very worthy but some are controversial. Here I will discuss some of the new features.

Under the hood

They may not be apparent but a lot of security measures are going on in the background in Vista. Here's some examples:

  • Buffer overrun protection - A large number of exploits have been making use of "buffer overruns". Vista manages memory in a way that helps reduce this problem.
  • Data redirection - The way in which applications can write to certain folders and Registry areas is controlled. Malicious software is prevented from changing sensitive system areas
  • Service hardening - Services run with a lower level of privileges than in XP and are restricted to actions that are appropriate to their intended function.

User Account Control (UAC)

UAC may be the most visible security change. Security experts have long urged that PC users should generally run their computers in an account with lowered rights. This ensures that the damage that a malware infection can do is limited. However, the limited user accounts in Windows XP were so restricted that most PC users continued to run in administrative accounts. By default Vista runs with reduced privileges but allows the user more flexibility. The method works by requiring user approval (and sometimes an administrator password) for a variety of tasks. However, the frequency of the popup messages requesting approval has caused many to consider this new feature to be a major nuisance. My personal experience is that it is very irritating at first but that you come to accept it as part of the price of increased security. An example of a typical popup is shown below.

Example of UAC popup

Much resistance to UAC has already been voiced and it remains to be seen how the technique works out when large numbers of systems have been installed. The problem may be that users will be sufficiently irritated that they will disable UAC. The Internet is already full of pages showing how to do just that. I will not reference any because I think that the average PC user is ill-advised to turn off UAC.

Unfortunately, another likely result is that, after seeing many warnings, users will become oblivious and simply click "Continue" without checking to see what it is that they are approving. This latter factor of "approval fatigue" could end up negating the benefits of UAC. We are asked to click things to approve them all the time and it is very tempting to want to get on with things and just say "Yes". How many EULAs do you read?

A final factor that I want to mention is mostly overlooked by Microsoft and others in the industry. The average home PC user doesn't really know enough to be able to distinguish legitimate services from possibly dangerous ones. There are many Windows services and functions with names that only an expert will recognize. When asked to approve or disapprove something, many occasions are likely to arise where Mom and Pop PC user will have no idea what is being referred to. Personally, I am afraid that this may turn out to be a major weakness of UAC.

Windows Vista Firewall

The firewall is an essential part of a computer's defense. Having the firewall in Windows XP SP2 turned on by default is credited by some security experts for greatly reducing worms. However, the firewall in XP is one-way, monitoring only incoming traffic. Vista adds two-way capability to its firewall but outgoing monitoring is mostly off by default. Furthermore, configuring the outgoing function is complicated and a number of commentators have said the difficulty means that the outgoing function is not worth much in practice. See this posting for some of the commentary.

Parental controls

Children are frequent users of the Internet and they are special targets for spyware. The Internet also has some seamy areas that parents may want their children to stay away from. Vista has a new feature that provides for parental control over a what a child can do on the computer. Both access to Web sites and logon hours can be restricted. You can also specify which programs a child is allowed to run. Each child must have a separate, standard account, which is then configured from the administrator-parent account. Of course, the administrator account should have a password that the child does not know. The figure below shows the various settings.

Internet Explorer 7 (IE7)

IE7 has a number of new security features including anti-phishing. Since IE7 can be used in Windows XP SP2, most are not unique to Vista. However, IE7 on Vista does have an additional safeguard called Protected Mode. This runs the browser in an isolated environment with reduced privileges. Incoming data can only be written in a temporary folder. This is an important defense against malicious downloads and scripts. More on security in IE7 can be read here.

Windows Defender

Defender is an anti-spyware program that is built into Vista. It has also been available as a stand-alone program for some time and will run in XP as well as Vista. Note that Defender is not an anti-virus program, which must be obtained separately. Also, its primary function is to block spyware rather than to remove already installed infections. Among anti-spyware programs, Windows Defender does not get top ratings so you may have to add an anti-spyware program anyway.

Security Center

There are many security aspects to Vista that cannot be covered in this quick survey. However, the figure below shows the Security Center where various settings can be configured.

Vista security center

Read More


Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

How To Hide Text In Microsoft Word 2007, Reveal It & Protect It

Sometimes what we hide is more important than what we reveal. Especially, documents with sensitive information, some things are supposed to be ‘for some eyes only’. Such scenarios are quite common, even for the more un-secretive among us. You want to show someone a letter composed in MS Word, but want to keep some of the content private; or it’s an official letter with some part of it having critical data. As important as these two are, the most common use could involve a normal printing job. Many a time we have to print different versions of a document, one copy for one set of eyes and others for other sets. Rather than creating multiple copies and therefore multiple printing jobs, what if we could just do it from the same document?  That too, without the hassle of repeated cut and paste. We can, with a simple feature in MS Word – it’s just called Hidden and let me show you how to use it to hide text in Microsoft Word 2007. It’s a simple single click process. Open the docum...
1 comment
Read more

Boom, the startup that wants to build supersonic planes, just signed a massive deal with Virgin

Have you heard about Boom? Boom is a relatively new startup that’s aiming to build something pretty crazy. They’re not building an app… or a social network… or even some new gadget for the Kickstarter crowd. Boom wants to build planes. Really, really, really fast planes. Specifically, they’re trying to design and build a supersonic passenger plane that goes 2.2x the speed of sound. If all goes to plan, they’ll be able to shuttle people from New York to London in 3.5 hours, and SF to Tokyo in 4.5. Sound crazy? I wouldn’t disagree. It’s worth noting that the company is in the very early days for something as intensive, massive, and hugely expensive as designing and producing a passenger aircraft. They’re still working on their first prototype, and hope to fly it by late next year. But it’s also worth noting that the team behind the plane has some serious talent in its blood: the company’s 11 employees have collectively contributed to over 30 aircrafts — having worked on thin...
Post a Comment
Read more

Fun Tools to Translate Your Name into Japanese Calligraphy

Japanese calligraphy is an artistic writing style of the Japanese language. Its Chinese origins can be traced back to the twenty-eighth century BCE. Calligraphy found its way into Japanese culture in 600 CE and is known as the karayo tradition. For Westerners, calligraphy is forever fascinating. However, it takes years to learn how to properly draw the signs. Two basic principles must be known to understand Japanese writing: there are different writing styles and different alphabets. Kaisho for example, is a writing style most commonly used in print media. Tensho on the other hand is used in signatures. Other writing styles are Reisho, Gyosho and Sousho. The alphabets include Kanji, Hiragana, and Katakana. Katakana is used for writing foreign words. It can also serve to highlight words, in analogy to capital letters as we know them from the Roman / Latin alphabet (Romaji in Japanese). Each Kanji character has a meaning of its own, while Hiragana or Katakana characters merely repres...
Post a Comment
Read more