Windows 7 Security Enhancements

by Tom Steup.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on windows  

You are here: Categories » Computers and technology » Windows

Maintaining data integrity and system security on the PC is a constant job for IT people. The most often-heard beef about Windows (even XP) is that it’s too fragile and vulnerable to malware and hackers. Some say it’s simply not robust enough. Microsoft hears it, too, from ordinary users and experts alike. So with each new iteration of Windows, Microsoft tries to harden it against onslaught. Thus, Windows 7 has a new batch of data and security enhancements:

System Security Enhancements

Improved User Account Control (UAC)—In XP, users too often give themselves administrative privileges, which sometimes lets malicious programs run amok. Windows 7 gives everyone low levels of privilege until they need more. This will result in dialog boxes asking you to confirm certain things can run before they’re let loose. It’s not as intrusive as it was with Vista, but it still helps prevent secretive programs from running without your knowledge. Even better, you can adjust the level of confirmations that Windows 7 requests, so that only programs seeking elevated privileges cause alerts, but you’re allowed to install programs, change settings, and so forth (as long as your account possesses the necessary rights, of course). This is a big improvement over Vista, for sure!

BitLocker to Go—Vista introduced BitLocker, an encrypted and secure form of on-disk storage that only those with the right password can access. In Windows 7, BitLocker to Go extends this capability to USB drives, including USB flash drives (UFDs), so that you can secure some or all of the contents on drives or devices that you take with you on the road. This is a great way to protect against unwanted disclosure resulting from theft or loss of a notebook or a portable storage devices of some kind.

AppLocker—Windows 7 lets system administrators apply a kind of “whitelist” control to applications on user desktops. In other words, they can create lists of valid applications and use Group Policy objects to apply them to what users can see and launch on their desktops. If an application isn’t on the list, users can’t run it: What better way to keep them out of trouble?

Multiple active firewall profiles—In the Windows 7 environment, Windows Firewall settings depend on the firewall profile in use. Previous versions of Windows allowed only one firewall profile to be active at any one time. In Windows 7, each network adapter on a PC can apply whichever firewall profile is most appropriate for the type of network to which it connects (which will differ considerably from home, to office, to public/unsecured networks). Thus, if you’re working in an airport coffee shop and using a virtual private network (VPN) connection to access a server at your office, the firewall rules for the office VPN will apply to all traffic to and from that location, and the firewall rules for a public network will apply to all other traffic to and from your PC.

DirectAccess—This applies only to Windows 7 computers that belong to an Active Directory domain on a Windows Server 2008 R2 server. Within that framework, however, users can connect to office/domain network resources whenever they access the Internet. Connection speed aside, such Internet users have the same experience accessing office/domain network elements that they would if they were locally attached to that network. This technology also lets system administrators manage Windows 7 computers remotely, no matter where they may be at any given moment.

VPN Reconnect—This facility lets Windows 7 users automatically reestablish VPN connections as soon as they regain Internet access. This lets users turn off or disconnect their machines from the Internet at will, yet re-creates their secure office network connections as soon as they regain Internet access, using secure protocols that require no user interaction to set up and maintain.

Data Security Enhancements

Back up to network drive—On previous Windows versions, the only drives to which you could back up were those attached directly to your PC, either internally or via eSATA or USB. On Windows 7, any network-accessible drive becomes a valid backup target. For those (like us) with a MediaSmart Server already on their home networks, this is fantastic!

Manage AutoPlay behavior for CDs/DVDs—Recently, worms and viruses triggered by AutoPlay for CDs and DVDs have surfaced on the Internet, primarily in the form of BitTorrent-based ISO downloads. Burn a DVD from such a download, and you’ll contract a virus as soon as you run the setup or other default executable from that image file. Most antivirus programs, and thus most Windows systems, are defenseless against this kind of attack. Windows 7 lets you block AutoPlay behaviors on optical disks, and sidestep this kind of vulnerability. Bravo, Microsoft!

Create System Repair Disc—To create a bootable DVD that you can use to repair your system, click Create a System Repair Disc in the left column of the Backup and Restore Center and insert a blank DVD. This option is much easier than finding the installation media for Windows Vista—especially if you bought a machine with Windows 7 preinstalled and didn’t get an install disc! To access the Backup and Recovery center, type backup into the Start menu search box, and select that utility from the search results.

Improved Volume Shadow Copy—Windows Volume Shadow Copy Service (VSS) is responsible for creating restore points and for making copies of files as they change on your system. On Windows Vista, VSS could sometimes impose onerous burdens on a drive: 15% or more might get allocated to the System Volume Information folder (we had a situation once where 120GB on a 750GB drive went into that folder). For Windows 7, shadow copy space is limited to 5% of total drive space for drives over 64GB in size, and 3GB for drives 64GB and under in size. This helps keep shadow copy storage under control by default.

Include/exclude specific backup folders—When backing up in Windows 7, you now have the option of including or excluding specific folders from the volumes you elect to back up. This provides much greater control over backup content and activity, and allows you to set up and schedule multiple backup tasks to capture different data for each task.

Share
Leave a comment or ask a question
Total comments: 0

Windows Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
How To Get Rid Of Windows 7 Hanging Issue And Have A Fast Running Computer - The newest Microsoft Operating system, Windows 7 is not without its faults. The most common of these faults being the fact that it hangs and becomes unresponsive causing its users to become very (more...)
Things to Know About the New Windows 7 When Upgrading Windows Vista - On Thursday October 22, 2009, the much anticipated release of Windows 7 arrived. As I am sure you are well-aware, many PC users and PC experts were highly disappointed with Windows Vista; the go (more...)
Wireless Connection on Windows Vista and Windows 7 - Wireless networking is perfect when you want to connect devices in locations where it would be difficult or expensive to run Ethernet cables. Let's say your PC and the high-speed Internet equipment (more...)
Windows 7 Disable Memory Dump Files and Save HDD Space - If your computer crashes, it will create a dump file. From this dump file you can diagnose the source of the problem. It is unlikely you will need this file; if you do, you can always turn the opti (more...)
Shrink/Extend a Partition on Windows 7 Hard Drive - If you use multiple partitions on your hard drive, you may want to shrink or extend one of them-after realizing you want more space on another one of the partitions. ( Create a New Partition.) (more...)
Windows 7 Schedule Defragmentation - Defragmentation helps speed up access to data on your drive. In this tutorial, you'll learn how to schedule defragmentation so you don't have to worry about ensuring your drive is defragmented. (more...)
Reduce Windows 7 Boot Time - Does your computer boot slowly? If you shut your computer down regularly, this can be a real pain. Anything more than about 45 seconds tests my patience and I've used computers tha (more...)
Windows 7 Change Account Picture - Your account picture is used for the login screen, your start menu, windows meeting space, and more. When you first set up your account, you can choose one of the default images. In this tutorial, (more...)
Windows7 Device Stage - Device Stage is a new technology in Windows 7 that helps you interact with any compatible device connected to your computer. Device Stage lets you see device status and run common tasks. This a cur (more...)
Windows7 Action Center - Windows Action Center is an improved version of Vista's Security Center. The action center alerts you to problems with your PC and lets you know how you can resolve them. Notifications are delivere (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.