Skip to main content

Top 10 changes to security in Windows 7.

1: Action Center

In Vista, security configurations are accessed from the Security Center in Control Panel. In Windows 7, you won’t see a Security Center. That’s because it’s been absorbed into a new Action Center. The Action Center has security configurations as well as options for other administrative tasks, like Backup, Troubleshooting And Diagnostics, and Windows Update. Figure A shows the Action Center.
Figure A: The Action Center absorbed the functions of the Security Center.

2: Changes to UAC

User Account Control (UAC) was new in Vista, designed to provide better protection from malware. It makes all user accounts run as standard users, even administrator accounts. If you need to do something that requires admin privileges, it asks for permission. And asks. And asks. This in-your-face aspect of UAC has caused numerous complaints and has led some users to turn it off completely, thus exposing themselves to threats.
In Windows 7, UAC is still there, but now you can configure how “vocal” it will be. There are four settings you configure from the UAC settings in the Action Center. You can set UAC to:
  • Always notify you when you install software or make any changes to Windows settings (as Vista does now).
  • Notify you when programs make changes but not if you make changes to Windows settings (this is now the default).
  • Notify you only when programs make changes but turn off Secure Desktop, which dims the desktop while the UAC prompt is displayed. (This is my preferred setting.)
  • Never notify you. (This is not recommended.)
You configure these settings with a slider, as shown in Figure B.
Figure B: You can set when and how UAC notifies you with the slider. 
 www.zanox.com

3: Better BitLocker

I didn’t use BitLocker much in Vista. At first, it would encrypt only the operating system drive. That’s nice for laptops, but I didn’t need it for my desktop because that machine is physically secure. Then Service Pack 1 added the ability to encrypt other drives, and that was nice, but it applied only to fixed hard disks. What I really needed to encrypt were my thumb drives and flash cards and USB drives, since they’re removable and portable and more likely to get lost or stolen.
Windows 7 comes through and lets you encrypt removable drives. And it’s easy to do. Just open the BitLocker applet in Control Panel, pick the drive you want to encrypt, and click Turn On BitLocker. The removable drives appear in the section called BitLocker To Go (Figure C).
Figure C: You can now encrypt removable drives, like the Lexar USB flash drive, with BitLocker.
For more details about the BitLocker improvements and step by step screenshots of how to encrypt a drive with BitLocker in Windows 7, see this article.
Also note that, as with Vista, BitLocker probably won’t be included in the Home editions of Windows 7.

4: DirectAccess

A brand new feature in Windows 7 is DirectAccess, which allows remote users to connect securely to their corporate networks over the Internet without using a VPN. Administrators can apply Group Policy settings and otherwise manage the mobile computers and even update them whenever the mobile machines are connected to the Internet, regardless of whether the user is logged on to the corporate network.
DirectAccess also supports multifactor authentication with smart cards and uses IPv6 over IPsec for encrypting the traffic.

5: Biometric security

Arguably the most secure method of authentication is biometrics, or the use of a fingerprint, retinal scan, DNA, or other unique physiological feature to identify the user. Windows isn’t quite at the point of having built-in support for DNA sampling, but it does include built in support for fingerprint readers. Windows has supported the use a fingerprint sensor to log on, and many Vista laptops come with fingerprint sensors. But a third-party program is required to use it. With Windows 7, it’s part of the OS.
The Biometric Devices applet in Control Panel (Figure D) lets you configure fingerprint readers (which are the only kind of biometric devices supported).
Figure D: Now support for fingerprint readers is built into Windows.

6: AppLocker

Software Restriction Policies are included in XP and Vista and they seemed like a great idea. Administrators can use Group Policy to keep users from running particular programs that might present a security threat. But they’ve never been used that much because they aren’t easy to use.
Windows 7 has improved on the concept with a new feature called AppLocker. AppLocker is also included in Windows Server 2008 R2. It’s easier to use and gives administrators more flexibility and control. You can use AppLocker with domain Group Policies or on the local machine with the Local Security Policy snap-in. As you can see in Figure E, AppLocker falls under the Application Control Policies node in the left pane of the snap-in.
Figure E: AppLocker does the same thing as Software Restriction Policies, but does it better.
Win7 still supports the old Software Restriction Policies, too. Also note that AppLocker may not be available in some editions of Windows 7.

7: Windows Filtering Platform (WFP)

Windows Filtering Platform (WFP) is a set of APIs introduced in Vista. In Windows 7, developers can use it to integrate some parts of the Windows Firewall into their own applications. This will allow a third-party program to turn off certain parts of the Windows Firewall selectively if need be.

8: PowerShell v2

Windows 7 comes with PowerShell v2, the command-line interface by which administrators can use cmdlets (small “one liners” that allow you to perform single functions) to manage various settings, including Group Policy security settings. You can put multiple cmdlets together to create scripts. The cmdlet method generally requires fewer steps than using the graphic interface to perform the same task.
Windows 7 also includes the PowerShell Integrated Scripting Environment (ISE) (Figure F), a graphical tool for using PowerShell.
Figure F: Windows 7 includes both PowerShell v.2 and the PowerShell ISE.

9: DNSSec

Windows 7 includes support for DNSSec (Domain Name System Security), which is a group of extensions to the DNS platform that enhance security. With DNSSec, a DNS zone can take advantage of digital signature technology so that you can validate the authenticity of data that’s received.
According to the Port 53 Blog on TechNet, the DNS client doesn’t perform the DNS validation on its own but is security-aware, so it expects the server to return the results of validation. You can read more about this here.

10: Internet Explorer 8

Windows 7 comes with IE 8, which provides such security enhancements to the Web browser as:
  • The SmartScreen filter– Replaces/expands upon the Phishing Filter in IE 7
  • The XSS Filter — Protects against cross-scripting attacks
  • Domain highlighting — Puts emphasis on the relevant part of the URL so you can more easily determine the real location of the site you’re on
  • Better security for ActiveX and the ability to install controls on a per-site basis
  • Data Execution Prevention (DEP) enabled by default
If you liked this article, subscribe to the feed by clicking the image below to keep informed about new contents of the blog:
windows_xp

Comments

Popular posts from this blog

How to change the size of the touch and on-screen keyboard in Windows 10

Windows 10 PCs come with two keyboard apps, one is the OnScreen Keyboard , and the other is the Touch Keyboard . Basically, you don't need a touch screen to use the on-screen keyboard. It displays a virtual keyboard on the screen and you can use the mouse to select and press the keys. Although the on-screen keyboard app is very useful when we don't have a physical keyboard, its size is always a problem for users. You can move or enlarge the virtual keyboard from the icons in the upper right corner. If you want, you can also easily resize it. Changing the size of the on-screen keyboard is very easy. Type On-Screen Keyboard in your Windows search and run the desktop app, or you can also go via Settings > Ease of Access > Keyboard> Turn on the On-screen keyboard.   To change the size of the on-screen keyboard, move the cursor to the corner and drag it to the desired size. Resizing the touch keyboard is as simple as doing it! Just drag it and resize it us...

Designing the Windows 8 touch keyboard.

When we began planning how touch and new types of PCs might work on Windows 8, we recognized the need to provide an effective method for text entry on tablets and other touch screen PCs. Since Windows XP SP1, which had Tablet PC features built in, Windows has included a touchable on-screen keyboard. But those features were designed as extensions to the desktop experience.  For Windows 8, we set out to improve on that model and introduce text input support that meets people’s needs, matches our design principles, and works well with the form factors we see today and expect to see in the future. I’m writing this blog post on our Windows 8 touch keyboard using the standard QWERTY layout in English. As I look at it, the keyboard seems very simple and sort of obvious. This comes partly from having worked on it for a while, but also because keyboards are familiar to us. But there is more here than meets the eye (or, fingertips). We started planning this feature area with no preco...

How to install offline .NET Framework 3.5 on Windows 10 using DISM.

Windows 10 comes with .NET framework 4.5 pre-installed, but many apps developed in Vista and Windows 7 era require the .NET framework v3.5 installed along with 4.5. These apps will not run unless you will install the required version. When you try to run any such app, Windows 10 will prompt you to download and install .NET framework 3.5 from the Internet. However, this will take a lot of time. You can save your time and install .NET Framework 3.5 from the Windows 10 installation media. This method is much faster and does not even require an Internet connection. Here is how to install it. How to install offline .NET Framework 3.5 on Windows 10 using DISM. Contents: [ hide ] How to install offline .NET Framework 3.5 on Windows 10 using DISM. To install .NET Framework 3.5 in Windows 10, do the following: Insert your Windows 10 DVD, or double click its ISO image, or insert your bootable flash drive with Windows 10, depending on what you have. Open 'This PC' in File...