Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Sunday, January 25, 2009

What's New in Windows 7 Security

One of the main reasons Vista evangelists encourage others to upgrade is security. Unfortunately, many have scoffed at User Account Control for being too heavy handed. Vista 64 users found that many Anti-Virus programs didn’t work. Vista doesn’t solve the most common reason for infections which remains user error. Windows 7 still doesn’t solve the problem of user’s being tricked but it does come with some serious improvements.


Bitlocker is Finally Useful
Bitlocker has been available in the more expensive versions of Vista but was never a tool I would have recommended.  Bitlocker encrypts your entire disk drive so you need a private key or password to access anything on the disk. While this may sound desirable, it increases the possibility of hard drive errors. It reminds me too much of when Microsoft added full disk compression to Windows to increase disk space. It was a great idea that led to more data loss then it saved.


Enter “Bitlocker To Go”. Bitlocker can now be applied to portable storage devices like USB flash drives. This is one of my favorite new features in Windows 7. The use of portable devices to store data has become very common.  It also means misplacing data in public areas happens far to often. You know darn well people working for banks and credit card companies are bringing their work home on thumb drives. Bitlocker To Go makes it less dangerous to all of us.

New Bitlocker in Windows 7 showing flash drives.
Bitlocker now shows and encrypts portable storage media


 User Account Control Options

The User Account Control feature now has some options.  You can turn if off completely or choose two middle settings. One of the options removes the annoying black screen that secures the desktop and lets you know the UAC dialog is coming.  I wish this was an option by itself . To disable the black screen on Windows 7 you’ll also need to agree to remove UAC when “I make changes to Windows settings”.  I’m still looking into what Microsoft considers “Windows settings”. Vista users can click here for instructions on how to remove the black UAC screen.

What would really be nice is to come up with a scheme that would keep UAC active but like many firewalls, allow you to mark particular programs or functions as permitted.

New UAC Dialog
New User Account Control options dialog



Smart Cards
Expect to see an increase in the use of Smart Cards in Windows 7.  Smart Card drivers were first introduced in Windows XP SP2 and enhanced in Vista but certification testing and installation wasn’t a simple process.  Windows 7 automatically detects which drivers are needed without any user intervention. Do you have a hard time keeping track of passwords? A smart card may be in your future.

I also expect to see applications using smart cards to combat software piracy. In the 70’s some software was released with little “dongles” that needed to be plugged in for the software to work. The dongles in the old days were easy to get around. Smart cards will require some serious and costly efforts to break when used to prevent illegal software distribution.

What I’d love to see is the ability to use a smart card in combination with User Access Control to give permissions to commonly used programs.


Local Security Policy
Windows 7 has plenty of security settings available if you’re helping someone else set up their computer. Unfortunately, additional security settings may not be obvious. One applet in need of help is the one used to set Local Security Policy settings. This is a very powerful tool that could really be easier to use. IT managers need to be familiar with this applet. If you’re configuring a home machine for family members knowing more about Security Policy settings is a real plus.  Just like RegEdit, this tool can really get you into trouble if you don’t know what you’re doing.  And like RegEdit, it should receive a major UI overhaul.

Local Policy Settings
Local Security Policy


Action Center

If you’re looking for a friendly interface for security settings you’ll want the “Action Center”.  This single, simple applet gives you access to many of the settings you’ll want to review when using Windows.

Windows 7 Action Center


Conclusion
Microsoft has obviously been listening to users and they know security is a huge problem. I’m sure they’d be happier if they could reduce the calls from infected users. Windows 7 addresses security as much as time and testing has allowed.  Personally, I would have liked to see more improvements in firewall and networking monitoring but they have to leave some functionality to 3rd party solutions.


Most of the security improvements in Windows 7 will never be noticed by users. Improvements in code to prevent buffer overflows, and other vulnerabilities has been a major focus in Redmond. We all hope, Tuesday Security Patch Days will be something we can someday reminisce about.


 

Labels: , , ,

Share on Facebook


9 Comments:

Blogger Corrine said...

Excellent article! I agree that I would also like to be able to particular programs or functions as permitted via UAC.

8:07 AM  
Blogger danielarbib said...

Great article. Can't wait to rid myself of Vista Ultimate and and forces retro at this time to XP/SP3

5:43 PM  
Anonymous Anonymous said...

Where can I find the template you are using on this blog?

3:39 PM  
Blogger Unknown said...

The original template was one that comes with blogger.com but it's been modified little by little over the years.

3:55 PM  
Blogger Frank said...

I have been using 7 for the past week and the only issue I have is wirh the sound drivers. No surrond sound, but what can you expect with a BETA issue. That's what it's for. If I need surround I'll boot into Vista, that's right I have a dual boot system and only booted into Vista for to check that all programs are working and to use my paragon back up. Never had issues with Vista and all my programs that date back to Windows 95 loaded in Vista and 7 without issue. So all you hackers who want to nethariously get to programs TO BAD. It seems to me that all the complaints are from you type of users.

8:29 PM  
Blogger Unknown said...

As an MSDN subsriber have been using W7 on two of my notebooks, x86 on an HP Compaq 6710b & x64 on a Dell XPS M1530. It's a hoot!!! To such an extent it is the primary OS on both these rigs.
Back to the point, there is apparently a flaw in the UAC, whether it be Vista or W7 with VB sripts utilising "SendKeys", I'll not post any links here, but from what I've been reading these past few days, it's older than I am.
Thanks for your wonderful insights Bill!

9:25 AM  
Blogger OldDog said...

How soon before Windows 7 is out for public use and purchase?

1:29 PM  
Blogger wiz2525 said...

I also agree that being able to select certain programs to operate while security features such as the firewall are left on would be a big help. A lot of these things are TSRs, though, so the idea of a disk to go with such programs is a little out of step with current usage. It would tie up a drive per program, or have you loading and unloading the 'security override' disks at each bootup, encouraging people to just leave the computer on rather than reboot. I'm running the beta version of 7 right now, and I love it. Of course there are problems, such as Panda telling me it can't install on this 'unknown' operating system... but it has solved a lot more problems than it has created. Good article, clued me in on some things to explore. (Never touched Vista)

8:30 AM  
Anonymous Anonymous said...

I've been using Windows 7 on a PC built for Windows XP for the last week - an older Foxconn board with a 2GHz Celeron and 1Gb DDR memory. So far, I'm liking it almost as much as I hate Vista. They actually delivered on the promise to clean it up so that it runs well without needing major hardware upgrades. I just hope they don't ruin what they have before its official release.

It's great that they put a leash on UAC. I performed a stock clean install with no customizations, and the only time UAC prompts me is when I install a new program or upgrade an existing program. No prompts when opening system folders, adjusting settings, and no prompts when uninstalling programs.

Wish they'd thought of that in the first place, before releasing that abomination called Vista.

9:24 AM  

Post a Comment

<< Home