Windows 7 Security

securityIt seems as though the entire world is abuzz with talk of Windows 7 being released today. Everywhere you look online, someone is discussing it. They talk about how fast it is, how cool some of the features are. However, you only really read about the security side of the new operating system if you look on the various tech sites. It’s as though the general population has forgotten about that important component… or have they simply written Microsoft off when it comes to security?

That train of thought needs to be stopped in its tracks. I have been doing this whole security thing for a long time now. I know what people say – “Microsoft sucks when it comes to security”. I won’t even bother to discuss the fact that it’s not truly entirely Microsoft’s fault. They cannot help that they are so widely used that people want to exploit what they’ve done. I challenge any one of you to create an operating system that is 100% secure. I would stake my reputation on the fact that it is not possible to do.

No, Microsoft isn’t perfect. No, Windows 7 isn’t 100% secure. However, out of the box (without additional protection software installed) it is by far more secure than any previous release that we have seen come out of Redmond. I’ve read on several different sites that the guess is around 90% of previous security holes have been addressed, and are no longer an issue. While it’s not a perfect number, it is darn good.

So what about Windows 7 is more secure? Windows 7 makes remote connectivity to corporate networks seamless, protects data on thumb drives, and offers fewer user account control prompts to bug users compared to Vista. The UAC now allows you to control how many prompts you see, by using a slider bar to make your changes. DirectAccess offers remote workers the same level of seamless and secure connectivity as they have in the office.

BitLocker extends the data encryption features that we first encountered in Vista. It now works with removable storage devices, such as flash drives. A password or smart card that has a digital certificate stored on it can be used to unlock the data. These devices can be used and modified on any other Windows 7 machines, as long as you know the correct password.

Windows 7 also has AppLocker as a feature. This allows computer administrators to control the software that runs on a corporate network. This ensures that only authorized scripts, installers and dynamic load libraries can be accessed by the users. It can also be used to keep software off of the machine that is undesirable.

Lastly, but not least, Windows 7 comes with IE 8, which has many security enhancements:

  • SmartScreen Filter – This replaces and expands upon the Phishing Filter found in IE 7.
  • XSS Filter – This protects against cross-scripting attacks.
  • Domain Highlighting – This puts emphasis on the relevant part of the URL so that you can easily determine the true location of the site you are visiting.
  • ActiveX Security – Security for ActiveX is substantially better, and allows for controls to be installed on a per-site basis.
  • Data Execution Prevention – DEP is enabled by default in IE 8.

All in all, I have to say that I am thus far very happy with how Windows 7 runs, as well as how secure it is. As I’ve already stated, no operating system is going to be 100% safe and secure… not even OS X or Linux. The only way you’ll get that 100% guarantee is to completely disconnect from the Internet, and never use it again.

What are your thoughts so far on Windows 7 in general, and the security improvements that the folks at Microsoft have come up with?