Sneak Peek: Security In Windows 7 Final Release

With attacks getting more sophisticated, Microsoft has declared that the final release of Windows 7 will have defenses against the most obnoxious, annoying and potentially devastating security threats out there, including rootkits, ID theft attempts, phishing and botnets.

Windows 7's security for the enterprise is based on critical foundations that Microsoft says ensure a secure platform, protect infrastructure and users, secure access anywhere and guard data from unauthorized viewing.

Security in Windows 7 is built upon the security of Vista. On the left of the accompanying slide are the fundamental security features of Vista. To the right are the enhancements that have been implemented in Windows 7.

The enhancements include a more streamlined User Account Control, Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR).

Internet Explorer has been criticized frequently as lax in security when compared to Firefox. The inclusion of DEP and ASLR should make it a more hardened browser.

On the left is an example of a detailed Failure Auditing report in Windows 7. Windows 7 auditing gives information about why a specific user was denied access to specific information and tracks changes by specific users and groups, among other audits.

The much maligned UAC in Vista gets a face-lift in Windows 7. Among the enhancements are better control for administrators over prompts and flexible elevation of applications.

AppLocker will allow administrators to stay in control of desktops. This feature provides simple, rule-based structures for specifying which applications are centrally managed by Group Policy. Rules also can be built based on application updates so admins can deploy updates to allowed applications without having to create new rules for each version update.

With formidable defenses that include ClickJack prevention, Extended SSL validation and Cross Domain Requests, IE 8 is in position to be Microsoft's most secure version of its widely used browser. To the left are enhancements in IE8's final release.

BitLocker is the full-disk encryption feature introduced in Vista. In Windows 7, BitLocker To Go is an extra that will allow administrators to secure those ubiquitous USB flash drives.

Microsoft is busy working with security software vendors to ensure that the final release of Windows 7 is compatible with the major third-party security products.

The question warrants asking: Will Windows 7 be as steadfastly secure as Microsoft is proclaiming? Pundits have already criticized what they felt was a major security flaw with UAC, which Microsoft said it would fix. Microsoft also released an out-of-cycle security patch for the beta version late last year.





Perhaps Windows 7 final RC will be Microsoft's most secure desktop OS ever. Perhaps it won't. One thing is for sure -- security experts as well as hackers will put it to the test.