Skip to main content

Security features in Vista

Improved security is a major theme in Vista. It may be the most important determinant of the future success of the operating system. Many improvements are below the surface where greater control over what software can do to the system occurs. Other security features like User Account Control are very obvious. Overall, security features make up some of the biggest changes introduced in Vista. Many of these are very worthy but some are controversial. Here I will discuss some of the new features.

Under the hood

They may not be apparent but a lot of security measures are going on in the background in Vista. Here's some examples:

  • Buffer overrun protection - A large number of exploits have been making use of "buffer overruns". Vista manages memory in a way that helps reduce this problem.
  • Data redirection - The way in which applications can write to certain folders and Registry areas is controlled. Malicious software is prevented from changing sensitive system areas
  • Service hardening - Services run with a lower level of privileges than in XP and are restricted to actions that are appropriate to their intended function.

User Account Control (UAC)

UAC may be the most visible security change. Security experts have long urged that PC users should generally run their computers in an account with lowered rights. This ensures that the damage that a malware infection can do is limited. However, the limited user accounts in Windows XP were so restricted that most PC users continued to run in administrative accounts. By default Vista runs with reduced privileges but allows the user more flexibility. The method works by requiring user approval (and sometimes an administrator password) for a variety of tasks. However, the frequency of the popup messages requesting approval has caused many to consider this new feature to be a major nuisance. My personal experience is that it is very irritating at first but that you come to accept it as part of the price of increased security. An example of a typical popup is shown below.

Example of UAC popup

Much resistance to UAC has already been voiced and it remains to be seen how the technique works out when large numbers of systems have been installed. The problem may be that users will be sufficiently irritated that they will disable UAC. The Internet is already full of pages showing how to do just that. I will not reference any because I think that the average PC user is ill-advised to turn off UAC.

Unfortunately, another likely result is that, after seeing many warnings, users will become oblivious and simply click "Continue" without checking to see what it is that they are approving. This latter factor of "approval fatigue" could end up negating the benefits of UAC. We are asked to click things to approve them all the time and it is very tempting to want to get on with things and just say "Yes". How many EULAs do you read?

A final factor that I want to mention is mostly overlooked by Microsoft and others in the industry. The average home PC user doesn't really know enough to be able to distinguish legitimate services from possibly dangerous ones. There are many Windows services and functions with names that only an expert will recognize. When asked to approve or disapprove something, many occasions are likely to arise where Mom and Pop PC user will have no idea what is being referred to. Personally, I am afraid that this may turn out to be a major weakness of UAC.

Windows Vista Firewall

The firewall is an essential part of a computer's defense. Having the firewall in Windows XP SP2 turned on by default is credited by some security experts for greatly reducing worms. However, the firewall in XP is one-way, monitoring only incoming traffic. Vista adds two-way capability to its firewall but outgoing monitoring is mostly off by default. Furthermore, configuring the outgoing function is complicated and a number of commentators have said the difficulty means that the outgoing function is not worth much in practice. See this posting for some of the commentary.

Parental controls

Children are frequent users of the Internet and they are special targets for spyware. The Internet also has some seamy areas that parents may want their children to stay away from. Vista has a new feature that provides for parental control over a what a child can do on the computer. Both access to Web sites and logon hours can be restricted. You can also specify which programs a child is allowed to run. Each child must have a separate, standard account, which is then configured from the administrator-parent account. Of course, the administrator account should have a password that the child does not know. The figure below shows the various settings.

Internet Explorer 7 (IE7)

IE7 has a number of new security features including anti-phishing. Since IE7 can be used in Windows XP SP2, most are not unique to Vista. However, IE7 on Vista does have an additional safeguard called Protected Mode. This runs the browser in an isolated environment with reduced privileges. Incoming data can only be written in a temporary folder. This is an important defense against malicious downloads and scripts. More on security in IE7 can be read here.

Windows Defender

Defender is an anti-spyware program that is built into Vista. It has also been available as a stand-alone program for some time and will run in XP as well as Vista. Note that Defender is not an anti-virus program, which must be obtained separately. Also, its primary function is to block spyware rather than to remove already installed infections. Among anti-spyware programs, Windows Defender does not get top ratings so you may have to add an anti-spyware program anyway.

Security Center

There are many security aspects to Vista that cannot be covered in this quick survey. However, the figure below shows the Security Center where various settings can be configured.

Vista security center

Read More


Comments

Popular posts from this blog

ASUS VivoBook X202E Windows 8 Touchscreen Laptop Review And Giveaway

It wasn’t very long ago when prices of touchscreen Windows 8 laptops soared beyond $1000. Thankfully, those days are behind us, and portable computers can easily be purchased – touchscreen and all – for under $500. That’s precisely the demographic in which the ASUS VivoBook X202E falls. When compared to a high-end laptop, its specifications might seem modest, but for laptop buyers just looking for a way to browse the web, watch videos, use basic apps, and not spend too much money, something in this budget is perfectly suitable. The question is, of course, how does the ASUS VivoBook X202E compare to others on the market, and is it the one which you should be spending your hard-earned money on? Well, you’re just going to have to keep reading to find out. Best of all, we are giving away an ASUS VivoBook X202E to one lucky winner. Keep reading for your chance to take home this Windows 8 touchscreen laptop! Introducing the ASUS VivoBook X202E Laptop The ASUS VivoBook X202...

Samsung Galaxy Note 3 N9000 Review and Giveaway

When it comes to massive phones, nothing is more iconic than the Samsung Galaxy Note. It has gained popularity not only due to its size, but its additional features such as a stylus and a larger battery make it a more useful phone. Samsung released the third generation of the Galaxy Note in October, updating the phablet with a larger screen and improved hardware. Read through our review, then join the giveaway to win the  Samsung Galaxy Note 3 ! Competitors Of course, other Android competitors haven’t let the $640  Galaxy Note 3  be the only player in the phablet market. There are others such as the  Sony Xperia Z Ultra , the Samsung Galaxy Mega , and the other more common phones that are reaching 5″ screens such as the  Samsung Galaxy S4 , the  HTC One , and the  Nexus 5 . Unlike the normal-sized top contenders, the Galaxy Note 3 has a bigger screen and larger battery. It also offers specific features (surrounding the S Pen stylus) th...

Samsung Galaxy S5 Review and Giveaway

Few smartphones are as aggressively marketed as Samsung’s Galaxy S5. The S5 can no longer be considered brand-new — but it  is  Samsung’s flagship, at least for the next few months. With a gorgeous screen, a capable camera, a waterproof build, and a user-replaceable battery, the Galaxy S5 has a lot to offer… at least on paper. Let’s find out how good it really is. What Makes This Review Different There are about a million Galaxy S5 reviews out there. Why should you read this one? Two keys points make our review different: We bought our own device . Unlike many tech blogs, we don’t use a review unit Samsung gave us. We went out to the store and bought one, just like you would. This means everything you read here is truly impartial – we owe Samsung nothing. We used it for more than a month . Some sites rush to be the first to publish a review on a new device. That’s not how we do things. I used the Galaxy S5 as my main (and only) Android phone for nearly two months,...