Skip to main content

Security features in Vista

Improved security is a major theme in Vista. It may be the most important determinant of the future success of the operating system. Many improvements are below the surface where greater control over what software can do to the system occurs. Other security features like User Account Control are very obvious. Overall, security features make up some of the biggest changes introduced in Vista. Many of these are very worthy but some are controversial. Here I will discuss some of the new features.

Under the hood

They may not be apparent but a lot of security measures are going on in the background in Vista. Here's some examples:

  • Buffer overrun protection - A large number of exploits have been making use of "buffer overruns". Vista manages memory in a way that helps reduce this problem.
  • Data redirection - The way in which applications can write to certain folders and Registry areas is controlled. Malicious software is prevented from changing sensitive system areas
  • Service hardening - Services run with a lower level of privileges than in XP and are restricted to actions that are appropriate to their intended function.

User Account Control (UAC)

UAC may be the most visible security change. Security experts have long urged that PC users should generally run their computers in an account with lowered rights. This ensures that the damage that a malware infection can do is limited. However, the limited user accounts in Windows XP were so restricted that most PC users continued to run in administrative accounts. By default Vista runs with reduced privileges but allows the user more flexibility. The method works by requiring user approval (and sometimes an administrator password) for a variety of tasks. However, the frequency of the popup messages requesting approval has caused many to consider this new feature to be a major nuisance. My personal experience is that it is very irritating at first but that you come to accept it as part of the price of increased security. An example of a typical popup is shown below.

Example of UAC popup

Much resistance to UAC has already been voiced and it remains to be seen how the technique works out when large numbers of systems have been installed. The problem may be that users will be sufficiently irritated that they will disable UAC. The Internet is already full of pages showing how to do just that. I will not reference any because I think that the average PC user is ill-advised to turn off UAC.

Unfortunately, another likely result is that, after seeing many warnings, users will become oblivious and simply click "Continue" without checking to see what it is that they are approving. This latter factor of "approval fatigue" could end up negating the benefits of UAC. We are asked to click things to approve them all the time and it is very tempting to want to get on with things and just say "Yes". How many EULAs do you read?

A final factor that I want to mention is mostly overlooked by Microsoft and others in the industry. The average home PC user doesn't really know enough to be able to distinguish legitimate services from possibly dangerous ones. There are many Windows services and functions with names that only an expert will recognize. When asked to approve or disapprove something, many occasions are likely to arise where Mom and Pop PC user will have no idea what is being referred to. Personally, I am afraid that this may turn out to be a major weakness of UAC.

Windows Vista Firewall

The firewall is an essential part of a computer's defense. Having the firewall in Windows XP SP2 turned on by default is credited by some security experts for greatly reducing worms. However, the firewall in XP is one-way, monitoring only incoming traffic. Vista adds two-way capability to its firewall but outgoing monitoring is mostly off by default. Furthermore, configuring the outgoing function is complicated and a number of commentators have said the difficulty means that the outgoing function is not worth much in practice. See this posting for some of the commentary.

Parental controls

Children are frequent users of the Internet and they are special targets for spyware. The Internet also has some seamy areas that parents may want their children to stay away from. Vista has a new feature that provides for parental control over a what a child can do on the computer. Both access to Web sites and logon hours can be restricted. You can also specify which programs a child is allowed to run. Each child must have a separate, standard account, which is then configured from the administrator-parent account. Of course, the administrator account should have a password that the child does not know. The figure below shows the various settings.

Internet Explorer 7 (IE7)

IE7 has a number of new security features including anti-phishing. Since IE7 can be used in Windows XP SP2, most are not unique to Vista. However, IE7 on Vista does have an additional safeguard called Protected Mode. This runs the browser in an isolated environment with reduced privileges. Incoming data can only be written in a temporary folder. This is an important defense against malicious downloads and scripts. More on security in IE7 can be read here.

Windows Defender

Defender is an anti-spyware program that is built into Vista. It has also been available as a stand-alone program for some time and will run in XP as well as Vista. Note that Defender is not an anti-virus program, which must be obtained separately. Also, its primary function is to block spyware rather than to remove already installed infections. Among anti-spyware programs, Windows Defender does not get top ratings so you may have to add an anti-spyware program anyway.

Security Center

There are many security aspects to Vista that cannot be covered in this quick survey. However, the figure below shows the Security Center where various settings can be configured.

Vista security center

Read More


Labels:

Comments

Post a Comment

Popular posts from this blog

Build Your Own Awesome Personal 3D Avatar with Avatara

Do you use social networks and want to build your own awesome 3D avatar? Maybe you want to send someone a cute cuddly image of yourself (kind of)? Or maybe you have your own ideas of what you would do with an Avatar… Well look no further than Avatara which I discovered from the MakeUseOf directory . You can create 3d avatars out of pre-set up templates or create your own from scratch. To start, visit Avatara’s homepage . You will see this screen: Click Get Started to umm, get started! That will take you to this screen: You see that you can build your own Avatar using an uploaded head shot like the Obama one above (just an example, guys). Or roll with one of their awesome avatars. I chose to start with a blank avatar by clicking Start with a blank avatar at the bottom of the screen. That takes you to here: I clicked on the filter at the top and told it to filter out everything but male characters and then I saw this: I rolled with Buck and continued. You need to click Select...
1 comment
Read more

MoviePass drops pricing to under $7 per month, if you opt for the annual plan

MoviePass, the subscription service that lets consumers pay a monthly fee to see unlimited movies in theaters across the U.S., is slashing its prices yet again. The company announced today it’s now offering its service for $6.95 per month, down from the current price of $9.95 per month, when customers commit to a one-year subscription plan. That works out to a flat fee of $89.95 annually. The deal is a limited-time promotion, as opposed to a permanent pricing change, but MoviePass didn’t say how long the offer is valid. However, it is open to both new and existing subscribers – the latter who would receive a 25 percent savings on their current subscription if switching over to the annual plan. This is not the first time that MoviePass has dropped its pricing. When the company introduced its $9.95 per month, one-movie-per-day plan this August, down from $15 for 2 movies per month (or more in select markets like L.A. and NYC, and going as high as $50), it saw so many new sign-up...
2 comments
Read more

ASUS VivoBook X202E Windows 8 Touchscreen Laptop Review And Giveaway

It wasn’t very long ago when prices of touchscreen Windows 8 laptops soared beyond $1000. Thankfully, those days are behind us, and portable computers can easily be purchased – touchscreen and all – for under $500. That’s precisely the demographic in which the ASUS VivoBook X202E falls. When compared to a high-end laptop, its specifications might seem modest, but for laptop buyers just looking for a way to browse the web, watch videos, use basic apps, and not spend too much money, something in this budget is perfectly suitable. The question is, of course, how does the ASUS VivoBook X202E compare to others on the market, and is it the one which you should be spending your hard-earned money on? Well, you’re just going to have to keep reading to find out. Best of all, we are giving away an ASUS VivoBook X202E to one lucky winner. Keep reading for your chance to take home this Windows 8 touchscreen laptop! Introducing the ASUS VivoBook X202E Laptop The ASUS VivoBook X202...
Read more