Security
It’s hard to give security features a fair review. If they’re well designed and do their job effectively, you never notice them. It’s also a challenge to illustrate esoteric parts of the Windows architecture, such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP). Both features are important defenses against malware that tries to exploit flaws in the operating system such as buffer overruns. Windows Vista introduced many of the core elements that make up the security platform in Windows 7, refined and, for the most part, improved.
One of the most controversial security-related changes in Windows 7 involves User Account Control. This useful but tragically misunderstood feature alienated Windows Vista users by the millions with what appeared to be incessant nagging. Windows 7 dials the UAC annoyance level way, way down. (Microsoft claims that the number of UAC prompts is down by 29% compared to the original release of Vista.) If your user account is a member of the Administrators group, you won’t see UAC consent dialog boxes for most functions you perform from Control Panel. You’ll see UAC prompts as you install applications, but after you’ve checked that task off your list you might go days without being bothered by UAC.
Two other changes in Windows 7 are designed to reduce the threat posed by USB flash drives.
The Conficker worm hops from PC to PC using a variety of mechanisms, one of which involves flash drives and some clever social engineering. To block that avenue of infection, Windows 7 disables AutoRun for removable media like flash drives and memory cards.
An even more serious risk of flash drives is the danger that a drive filled with confidential or sensitive data will be lost or stolen. One solution: an extension of the BitLocker feature introduced in Windows Vista and available only in Windows 7 Ultimate or Enterprise. BitLocker To Go allows you to apply BitLocker drive encryption to removable devices. After you enter a password, the contents of the drive are locked using extremely strong encryption. You can unlock (and re-lock) a BitLocker-encrypted drive using any edition of Windows 7; to set up the initial BitLocker encryption and manage encrypted drives, though, you need to be running Windows 7 Ultimate or Enterprise. (On systems running Windows XP or Vista, you can read and copy the contents of a BitLocker-encrypted drive after entering the correct password, but you can’t add or change files on the drive.) You can configure an encrypted drive so that it always unlocks automatically on any system where you’ve logged on with your user credentials.
For enterprises, which typically have most to lose when data escapes on a stolen or lost flash drive, BitLocker To Go is a killer feature. Check out the step-by-step instructions in the gallery and then try it for yourself.
In the gallery: The Windows Firewall, setting up BitLocker drive encryption, and unlocking an encrypted flash drive
Source: http://blogs.zdnet.com
Posts
No comments:
Post a Comment