Sunday, 8 November 2009

Seven Security Improvements in Window 7

Windows 7 does come with a lot of eye-candy, but the beauty is not just skin deep. This new OS has got some enhancements in the security features and here is a list.

Spanking new Action Center

You can access the various security configurations in Vista by opening Security Center in Control Panel, but Windows 7 has done away with this in favour of a new Action Center. Here, you have security configurations as well as options for administrative tasks such as Backup, Troubleshooting And Diagnostics and Windows Update - everything at one place.

UAC with better malware protection

Ever since User Account Control (UAC) introduced in Vista, people have been complaining about how finicky it is because it keeps asking for permissions. UAC was designed to provide better protection from malware. Not just standard users, it bothers even administrator accounts when you need to do something requiring admin privileges. The only solution for users was to turn it off completely, which results in exposure to potential threats.
While UAC is still very much present in Windows 7, it can now be configured by the user at four different levels, which decide how bothersome it would be. The four settings are:

  • Always notify when programs try to install software or make any changes to computer settings, or if you try to make changes to Windows settings (UAC completely ON).
  • Notify when programs make changes but not if you make changes to Windows settings (this is the default).
  • Notify you only when programs make changes but do not dim the desktop (turn off Secure Desktop) while the UAC prompt is displayed. (This would be preferred by most users as it is a good balance of protection and nagging UAC prompts)
  • Never notify you. (Not recommended, as it is the same as turning UAC completely off.)
These settings can be adjusted by means of a slider.

AppLocker - Control your applications

To prevent people from running certain applications that may pose a security threat, XP and Vista had Software Restriction Policies, which can be configured by the administrator. This was a bit difficult to use for many people and was therefore not used much. Windows 7 comes with a new feature known as AppLocker, which does exactly the same thing, but it is easier to use and is more flexible to control. AppLocker can be used with domain Group Policies or on the local machine with Local Security Policy snap-in. You can see it in the left pane of the Application Control Policies node snap-in. Please note that old Software Restriction Policies is also still supported in Windows 7.

Natively supported Biometric security

One of the best known methods of security authentication is biometrics, which includes the use of fingerprint scans, retinal scan, or other physiological features unique to the user to determine his/her identity. Windows 7 comes with built-in support for fingerprint readers. While you may point that Windows did have this feature earlier, and even Windows XP laptops came with such a feature, they did require a third party application to be installed to achieve this. In case of Windows 7, there is native support for this, so you do not need to install any driver or software. You can configure fingerprint readers in the Biometric Devices applet in the Control Panel.

Improved BitLocker

While Vista did come with BitLocker, it allowed you to encrypt only the drive on which the OS was present, and after SP1 came, it would allow you to encrypt other fixed drives as well. But in Windows 7, you can use BitLocker to encrypt even your removable drives. This is a great feature since it is the removable drives that are likely to get lost or stolen than your fixed hard drive. Therefore, an  encryption of this kind is warranted, especially if there is important data on the drive.

To access BitLocker, all you need to do is open the BitLocker applet in Control Panel, pick the drive you want to encrypt and click Turn On BitLocker. Better still, you can even right-click on the drive icon in Windows Explorer and do this. The removable drive then appears in a section called BitLocker To Go.

PowerShell v2 - Powerful UNIX-like scripting

Windows PowerShell is a tool to automate tasks using cmdlets (commands that perform single tasks) and scripts made up of multiple cmdlets to perform complex and multi-step tasks. It is essentially a powerful UNIX-like command-line shell interface and scripting tool, as can be seen in the figure, and is for those with a penchant for programming. While this tool can be downloaded and run in Windows XP or Vista, it comes bundled with Windows 7. PowerShell v2, which is the newer version that comes in Windows 7, has an additional 240 new cmdlets and new APIs. It also has features such as the ability to invoke PowerShell scripts and cmdlets even on a remote computer. It also lets you manage various Group Policy security settings. PowerShell is considered very powerful because the cmdlets method requires fewer steps than using the GUI method.


Another nifty new feature of Windows 7 is DirectAccess. This feature allows remote users to connect securely to their corporate networks over the internet without using a VPN. The administrator can apply Group Policy settings and manage the mobile computers or even update them whenever the mobile machines are connected to the internet. The user need not be logged in on these machines for this. Multifactor authentication with smart cards is also supported by DirectAccess and it uses IPv6 over IPsec to encrypt the traffic. This feature is available only in Windows 7 Enterprise and Windows Server 2008 R2.