This article looks into the improved security features of Windows Vista, the most secure Windows ever. Most of these features are new to Windows; however, there are some features included in the previous version of Windows, with some modifications.
1.User Account Control (UAC)
This new feature of Windows Vista tracks the user activities, and prompts when a significant system level activity is about to be performed. Vista allows no free user intervention to tasks that require administrative privileges, such as new software or hardware installation, uninstallation, editing system settings, etc. Vista presents a dialog with information as to the impact of the task in the offing, asking user credentials to proceed. Limited users have to enter administrator password, and administrators have to click on the ‘continue’ button presented.
This feature is great since it doesn’t allow any accidental modification to the system due to ignorance or inexperience of the user. Also, the system can be fully managed securely from a standard limited account (tasks requiring elevation may be done by entering the administrator password). It can however be a nuisance since the prompts may come for even very simple tasks, such as changing desktop background, resolution, etc.
2.Bitlocker Drive Encryption
This security feature is used to encrypt the entire system drive (usually the C:\ drive). This is in effect similar to the EFS (Encrypted File System) in XP, but here the entire drive is encrypted. Vista always checks if the system is starting safely and that any of the system files has not been modified. If any malpractice is detected, it will lock the entire system drive and require an encryption password from the user.
3.Address Space Layout Randomizer (ASLR)
In the older versions of Windows, the system files were loaded to a designated memory segment. This actually facilitated the attacks of such systems, since the attackers always knew where the system files reside in the memory. ASLR randomizes the memory location where system files are loaded every time Vista boots up, thus minimizing the possibility of such an attack.
4.Windows Security Center
The first time we saw the Windows Security Center was with XP SP2. In Vista, the Security Center not only monitors the firewall, Auto updates, and antivirus as in XP, it can monitor and control almost all the security features of Vista, such as the UAC, Windows Defender, etc. It works from the tray and pops up whenever a user intervention is required.
5.Windows Defender
Windows Defender, renamed from Windows Antispyware, is not just an antispyware application. It has deeper coverage than that. Windows Defender detects changes to IE settings, installation of add-ons, ActiveX controls, auto-start programs, or system configuration that may be caused by spywares. Defender, however, currently doesn’t give any protection against viruses, Trojans, or worms.
6.Windows Firewall
Windows Firewall, first shipped with XP SP2, incorporates major changes with Vista. The firewall mainly gives the inbound protection and a limited outbound protection, supporting packet filtering, IPv6 connection filtering, and configuration rules.
7.IE7 Protected Mode
Internet Explorer, with the brand new looks and tabbed browsing, which may be an afterthought of Mozilla Firefox’s success, is one of the best browsers out there.
The protected mode of IE7 lets it run with limited control, and thus prevents advanced tasks when browsing the Internet. Any malicious software trying to exploit IE to attack the system will not be successful due to its limited privileges. However, this feature is not available for the standalone IE7 browser supplied for the XP systems.
The protected mode, just like UAC mentioned above, may be an annoyance in the long term, since it blocks you from tasks, such as saving cookies from the sites you trust.
8.Phishing Filter
Phishing is a form of attack in which the attacker presents you a website that masquerades a genuine one. The phishing websites, which look exactly like the original website, might ask you to provide such information as user login, password, email address, credit card numbers, etc. If you provide any such information, the attacker gets them. Such attacks usually start with an email, claiming to be from the genuine party, with a link to the phishing website.
Vista phishing filter links to online database of millions of phishing websites. The feature checks the site status and warns the user if the site is found to be a phishing website.
9.Parental Controls
Parental Controls, which is introduced for the first time in Windows, lets the users control their children’s activities on the system. The parent can specify which of the programs, websites, or games the child has access to, and set time limit for using the system.
10.USB Device Lock Down
Using this feature, administrators can block the users from connecting USB devices, such as iPods, handhelds, cameras, storage devices, etc., to Vista. The corporate customers take advantage of this feature, as the company system administrators can restrict employees, access to the USB devices. This will make the company systems a lot more secure.
11.x64 Features
These features, available only on the 64-bit versions of Vista, are these: PatchGuard (protection from the modifications to the Vista kernel) protects kernel modifications. Digitally Signed Drivers ensures all the drivers in Vista are digitally signed. The removal of 16-bit subsystem (DOS) makes the system simpler and more user friendly, since all the tasks will now be completed through Windows GUI; however, this will reduce the compatibility of older applications in Vista.
No comments:
Post a Comment