Tell a Friend05.15.06
Microsoft Vista
Microsoft has done it again with Windows Vista, its next generation replacement for Windows XP. Microsoft has fulfilled its promise to provide a more useable and secure operating system.
Vista has a revved up user interface that will make Apple blush. But, more importantly, Vista has some serious security changes under the hood. Some of these are a long time coming, while others are just plain "cool". Let's start with the "Should'a, could'a, then why didn't you!" category.
User Account Control (UAC)
UAC is also referred to as Least Privilege User Accounts (LUA). This means users will not require administrator-level permissions to run applications, which has been a nagging problem.
In Windows XP, users were often required to be local workstation administrators to use many applications because the applications required access to secure locations of the disk or registry. However, providing administrator-level access to the operating system can, and often does, lead to the workstation becoming non-functional due to incorrect use of system settings, or installation of non-approved applications. So, the dilemma is - applications require administer-level access, but you do not want the users to have too much power.
Vista has solved this problem by creating the Virtual Store. Virtual Store is a "safe area" where applications can read and write a customized user-level version of secure files and registry entries. Thus, you will not have to wait for the application developers to fix their code; Vista will provide secure access natively.
Windows Firewall now with outbound traffic control!
Service Pack 2 added the firewall feature to Windows XP, but it was limited to only securing incoming traffic. This was intended to prevent unknown, inbound traffic from harming the system.
Vista makes the solution complete because its firewall can be configured to filter both inbound and outbound traffic. This keeps the system safe from malicious code. Why this wasn't included in the Windows XP service pack is still a mystery.
Windows Services Hardening
Finally, services are the bread and butter of what it takes to make an operating system…well…operate. However, OS services are the largest attack-surface in the workstation. A carefully crafted malicious application could leverage the services in such a way to compromise the computer.
Vista services will have a personalized security ID to keep services from being impersonated. The services will also logon using a less privileged account. If a service is hijacked it will not have administrator-level access to the file system and registry.
BitLocker Data Protection
With Windows XP, if a computer's hard disk is stolen, its contents can be accessed by installing it in another computer or by loading another operating system on the same disk.
A great new feature in Windows Vista is a simple, but powerful, change to secure the disk and data called BitLocker Drive Encryption. A Trusted Platform Module (TPM) 1.2 chip will work with BitLocker to encrypt the entire disk drive and prevent unwelcome users from grabbing folders and files in the event the computer is stolen or lost.
Network Access Protection
This is the year of the self-defending network! A network that will detect workstations in need of virus updates or patching. A network that will quarantine those same workstations if they do not update from a central security server. A network like this will be a requirement for well-managed IT environments in the next few years.
Windows Vista contains key services that will work with network switches, routers, and servers to identify healthy and unhealthy computers. If a computer is quarantined, it will continue to have access to the security server to update itself. Otherwise, it will remain disconnected from the production network. Microsoft has called this newly supported process "Network Access Protection."