Windows Vista Security and Data Protection Improvements. New features make Windows Vista even more secure than earlier Windows client operating systems. Published: June 1, 2. By Tony Northrup. Security threats evolve constantly. To stay protected from threats on the Internet and wireless networks, the Microsoft Windows client operating system must also evolve. Windows Vista is the most secure and trustworthy Windows operating system yet, and it will help organizations achieve their business and computing goals with confidence. ![]() This paper describes the most significant security improvements, the benefits they provide, and why the new features matter to IT professionals. On This Page. Overview. User Account Control. ![]() Authentication. Anti- Malware. Network Access Protection. Firewall. Windows Service Hardening. Internet Explorer Enhancements. Data Protection. Overview. Microsoft is making fundamental investments in technology to help make customers more secure. Efforts include using a security development lifecycle to develop more secure software and providing technology innovation in the platform to provide layered defense, or defense- in- depth. ![]() Windows Vista includes many security features and improvements to protect client computers from the latest generation of threats, including worms, viruses, and other malicious software (collectively known as malware). User Account Control allows users to be productive and change common settings while running as a standard user, without requiring administrative privileges. This prevents users from making potentially dangerous changes to their computers, without limiting their ability to run applications. Windows Vista's built- in Web browser, Microsoft Internet Explorer (IE), includes many security enhancements that protect users from phishing and spoofing attacks. New features include protected mode Internet Explorer, which helps protect user data and configuration settings from being deleted or changed by malicious Web sites or malware. Windows Defender detects many types of potentially suspicious software and can prompt the user before allowing applications to make potentially malicious changes. The new outbound filtering in the firewall provides administrative control over peer- to- peer sharing applications and other similar applications that businesses want to restrict. Windows Service Hardening limits the damage attackers can do in the unlikely event that they are able to successfully compromise a service. As a result, the risk of attackers making permanent changes to the Windows Vista client or attacking other computers on the network is reduced. Click Start, Control Panel, Security Center, or you can simply click the shield icon in the task tray. ![]() Security Software For Windows VistaAdministrators can use Network Access Protection to prevent clients that do not meet the internal system health policy from connecting to the internal network and potentially spreading malware to other machines. Enterprise users with computers with appropriate enabling hardware benefit from protection of data on lost or stolen computers with Bit. Locker. A computer with Bit. Locker enabled will have its entire Windows volume encrypted—protecting data, files, e- mail, and intellectual property from unauthorized users trying to break into a computer. Finally, to ensure that IT departments have a wide variety of authentication mechanisms to choose from, Windows Vista includes new authentication architecture that is easier for third- party developers to extend. Ultimately, this will lead to a wider choice of smart cards, fingerprint scanners, and other forms of strong authentication. Together, these security improvements will make users more confident in using their PCs. ![]() Running as an administrator results in a desktop that is hard to manage and has the potential for high support costs. Deploying desktops with standard user permissions can result in cost savings because a non- administrative user no longer has the ability to accidentally improperly configure the network or install an application that might affect system stability. Running without administrative privileges is challenging today since many applications fail to run and end users get frustrated by the inability to perform common tasks such as adding printers. In Windows Vista, the User Account Control (UAC) initiative introduces fundamental operating system changes to enhance the experience for the non- administrative user. For example, in the enterprise context, a mobile laptop user will be able to set a WEP key to attach to a secure wireless network, install a printer, download and install application updates, setup and configure a Virtual Private Network (VPN) connection, and perform many other standard tasks, all while running as a non- administrator. User Account Control leverages the Windows security user model to distinguish between administrator and standard users. The standard user account is an account that has no computer administrator privilege. When a user whose account is a member of the local Administrator account logs on to a Windows Vista computer, they are logged on as a standard user by default. When the user wants to perform a task that requires administrative privileges, such as installing an application, Windows Vista explicitly prompts the user for permission or for credentials, depending on the security policy that is chosen. This process helps ensure that malware cannot silently install on a user’s computer. Unlike Windows XP, however, standard users are not automatically blocked from performing tasks that require administrative privileges. Windows Vista explicitly prompts a standard user to enter valid credentials for a local administrator account before it will allow the standard user to perform the task. For those times when an administrator needs to use their administrator privileges, they don't have to use Run As because Windows Vista can automatically prompt them for the required credentials, as shown in Figure 1. Figure 1: Windows Vista automatically prompts you for administrator credentials when an application requests them. Although there will be some exceptions, most applications will run equally well under either the administrator account or a standard user account. Many applications will not run on Windows XP without administrative privileges today because they attempt to make changes to file and registry locations that the user cannot access, such as C: \Program Files, C: \Windows, or HKEY. ![]() Registry and file virtualization in Windows Vista redirects per- machine file and registry writes to per- user locations if the user doesn't have administrative privileges. This enables standard accounts to run applications that need to write to areas of the registry or file system that only administrators can access—without making changes that impact the whole system. Benefits. User Account Control allows organizations to move to a better- managed desktop with potentially lower support costs. User Account Control reduces: The need for organizations to re- image computers due to user configuration changes. The Windows Security Center has been improved in Windows Vista. The Security Center more closely resembles a large panel of On switches than a command post. Vista Internet security 2010 is a new version of OS-specific rogue antiviruses. To be more precise, it is a same fake antivirus like XP Or Win 7 Internet security. The risk of system- level impact by malware. To understand the benefits of User Account Control, consider the following scenario of Don Hall, a remote user that is traveling for business. Don has a laptop with Windows Vista installed and runs as a standard user. During some free time in his hotel, Don browses to the Internet and attempts to download a game. Don is not aware, however, that the game is a Trojan horse, and the game attempts to install malware that starts automatically when the computer starts. However, because the malware requires administrative privileges to install and Don is running with a standard user account, Don’s computer will not be infected with the malware. Later, Don needs to install a new printer driver in order to print a document to the hotel printer. Because the driver is signed by a company that the IT department trusts, Don will be able to install the driver without administrator privileges. ![]() See our expert and unbiased reviews of the top 10 antivirus software programs of 2017. Compare the best antivirus software for free. There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release. Group: DoIT Help Desk. In this way, User Account Control protects users while still enabling them to be productive. Why It Matters. With Microsoft Windows XP and earlier versions of the Windows operating system, IT professionals had two choices: Give users administrative privileges and deal with support calls resulting from improper software installations or configuration changes. Give users restricted privileges and deal with support calls when applications don't work properly. With Windows Vista, you do not have to make compromises. Users can be productive and protected from system- wide malware installs while still being able to run most applications. Ultimately, this means fewer support calls and less engineering time spent configuring applications to run under restrictive privileges. Because many customers are looking for alternatives to passwords for authentication, Windows Vista makes it simpler for developers to add their own custom authentication methods to Windows, such as biometrics and tokens. Windows Vista also provides enhancements to the Kerberos authentication protocol and smart card logons. Deployment and management tools, such as self- service personal identification number (PIN) reset tools, make smart cards easier to manage. A common Application Programming Interface (API) model for smart card developers also makes tools easier to develop. Benefits. The smart card improvements in Windows Vista make it easier for organizations to deploy and support this built- in authentication method. Windows Vista directly benefits developers who offer customized authentication mechanisms such as biometrics and tokens by making it easier to implement the authentication mechanism. This benefits IT departments indirectly by granting them more choices from third- party vendors. Why It Matters. For many organizations, single- factor authentication is not sufficient. IT organizations that place a high value on security need multi- factor authentication.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
November 2017
Categories |