Windows 7 Security: A Comprehensive Guide

With the launch of service pack-2, Microsoft claims Windows Vista is the safest and most reliable OS that the software giant has ever developed. In Microsoft’s Chief Operating Officer Kevin Turner words, it’s also the most secured OS in the planet including Linux and Apple Leopard. He claims Windows 7 to be the safest and most secured OS on the planet today. Micosoft used it’s Vista experience to leverage Windows 7. Microsoft had to break through a lot of compatibility issues to lock down user account controls. Well the question is that, will Windows 7 be the most secured operating system ever? Let’ find out.

Security Improvements in Windows 7

If you look at the build 7100 of Windows 7, you get the feel of Windows Vista. Typically, the enhancements of the look and feel part of the OS are imposed in the last stages of development process.

At the moment, the entire focus is on core programming and there are certain changes that clearly indicate Windows 7’s approach to computer security.

Let’s look at the improvements in the computer security.

In Windows 7 you don’t find the Security Center that was introduced in Windows XP SP2. The new OS is equipped with an Action Center that includes alerts from 10 existing Windows features

• Security Center
• Problem, Reports and Solutions
• Windows Defender
• Windows Update
• Diagnostics
• Network Access Protection
• Backup and Restore
• Recovery
• User Account Control

User Account Control

This is one of the most popular features with Windows Vista. Every time you try to install a new software a dialog box poped up. Windows 7 offers a slider control that allows you to adjust the prompt, given that you have the administrative rights. According to Microsoft the system will be protected even without the prompts. Things may not be the same without alert as it will loose user education.

Windows Filtering Platform

Windows 7 would be introducing something that’s called the Windows Filtering Platform (WPF). The core idea behind it is that the third parties will be able to take the advantage of the aspects of Microsoft Windows Firewall in their own products. This will also allows the third party products to use selective parts of windows Firewall on or off. This will enable the users to choose the software firewall that they want to use along with the Windows Firewall.

Biometrics Enhancements

Windows 7 incorporates the easier reader configurations. This will help the users to manage the fienger print data  stored in the computer as well as control how they log on to Windows 7.

System Restore

This Windows feature has long been used as a security tool. This time the System Restore option includes the list of add or remove program. This provides the user with information that helps them to choose the restore points. Further, there are restore points in the backups, so there is an extensive list to choose from over a period of time.

Other Security features

The Scrollbars in the configuration settings screen, Software Explorer feature and the real time protection features have been removed. Windows 7 has been optimized to reduce the impact on overall system performance.

Security features retained from Windows Vista

• Kernel Patch Protection
• Service hardening
• Data execution Protection Address Space
• Address Space Layout Randomization
• Mandatory Integrity Levels

Note: The above information might change according to the discretion.

Key Security feature of Windows 7: BitLocker To Go - Full Encryption in Drive

Windows 7 extends BitLocker drive encryption support to removable storage devices, such as flash memory drives and portable hard drives. This means that users can keep sensitive data on all of their USB storage devices.

For years, Windows NT-based version of Windows have supported the pre-folder encryption functionality via the Encrypting File System (EFS). BitLocker was full-disk encryption introduced Windows Vista. In Windows 7 Microsoft has enhanced BitLocker with the ability to protect removable storage devices such as USB-based hard drives, flash devices and other devices, such as USB.

This functionality is called BitLocker To Go. The technology is aimed squarely at enterprises.

In the enterprises there is a unprecedented risk of a user introducing an unprotected storage device outside the workplace. Specifically, the USB memory keys are small, convenient and quite easy to use, but they are easily lost. With BitLocker To Go enabled on the device, sensitive data can be protected in the event of loss or theft.
With BitLocker To Go in Windows 7 the enterprises can control USB storage devices in a better way. For instance, an enterprise might restrict USB storage device usage to those devices in a far more elegant fashion.

BitLocker is available in the Enterprise and Ultimate version of Windows 7.  This limitation is referred to as the ability to enable protection on a removable storage device. After BitLocker To Go is added to a storage device, the device can be used with any version of the Windows 7 including the starter edition.

In Windows Vista SP1 BitLocker could only work with fixed disks and not external USB drives. BitLocker received an upgrade in Windows 7. It’s easy to install and configure. Furher it doesn’t require manual portioning or any separate tool. Now you can simply right-click a drive in Explorer and choose Turn on BitLOcker from the context menu. There is no need for a new partition since Windows 7 creates a hidden partition for this purpose during the Setup.

Windows 7 offers Data Recovery Agent (DRA) support for all protected disk volumes. This allows the enterprises to store recovery data in Active Directory and recover volumes data if required.

BitLocker To Go is based on BitLocker technology and it optimizes the technical capabilities of BitLocker. It is compatible with all FAT (FAT32, exFAT, etc.) file systems as well as with NTFS. This increases its compatibility with current devices.

Installation and and Usage Of BitLocker To Go

Installation of BitLocker To Go is a straightforward. Follow the steps below to install

Step 1: Simply connected the removable storage device.

Step 2: Open computer, right-click the device and choose Turn on BitLocker from the pop-up menu that appears.

Step 3: Alternately run the BitLocker Drive Encryption control panel to view the status of BitLocker. BitLocker To Go on your various attached drives. To open the Start Menu and type BitLocker to find and start BitLocker Drive Encryption.

Step 4: In the interface simply click the Turn on BitLocker link next to the appropriate drive. The BitLocker Drive Encryption wizard would open up in a separate window.

Step 5: Now you’ll be asked to choose between the password and smartcard based locking. Choose any one of them.Using the smartcards you can manage the BitLocker certificates in Active Directory.  Smartcards offer two factor authentication - physical card requirement that needs a four-digit PIN.

Step 6: In this step of the Wizard you will be asked to store your recovery key. Using this key you will be able to recover the contents of a protected drive, in case you forget the password, lose your smartcard or suffer some similar problem.

Step 7: There are two choices: Save (to a text file) or print. Chose the one you prefer.

Note: Disk Encryption is really slow, BitLocker To Go takes more than 20 minutes to encrypt a 2 GB USB memory stick device.

Windows 7 security software

It is recommended to install a security software to help protect your computer from viruses and other security threats. It can keep the security software up to date. Before installing the antivirus software make sure that you don’t  have another anti-virus installed.

Microsoft is working with the software partners listed below and additional security independent software vendors (ISVs) to provide security software solutions tested on the Windows 7 Beta.

• Norton
• Trend Micro
• McAfee
• Kaspersky
• PANDA
• F-SECURE
• AVG

Concluding Note: Is Microsoft’s Windows more secured than Linux and Leopard

Let’s start with Turner words that Vista is also the most secured OS in the planet including Linux and Apple Leopard.

He further added “the ability to manipulate states and all the things, that was a very painful process for us to grow through, but we had to do it. And the reason that Windows 7 will be successful is because of the pain we took on Vista. Because from a compatibility standpoint, if it works on Vista, it will work on Windows 7. If it doesn’t work on Vista, it won’t work on Windows 7.”

We would have been obliged to hear an exaggeration of Microsoft’s dominance to universe, rest assure the security. Well, that would sound like Windows 7 is the most secure operating system in this Universe. To some extent we may agree with Turner. None of the operating system are probed and attacked as much as Windows, still it manages to keep the systems safe. Just compare it to Linux and Leopard, it seems as if viruses are not interested in those OS.

There are are numerous stories on Windows security breached, with a virus born almost every second. But if we delve deep into the matter in most cases you would find its sheer carelessness on user’s part who take no initiatives to protect their OS. Most of them don’t care to download the latest virus definition or running a decent firewall.

What’s more, nowadays you won’t find teenaged hackers with wacky ideas to dump porn links via viruses. Most of the crakers now develop viruses purely for commercial gains. Since there are far less Linux and Leopard users than Windows, the crakers will not be able to make potential gains by developing viruses for these OS.

In fact, Microsoft should be applauded for making an OS that can work with the million of different hardware combination that are possible with PCs.  It provides a stable platform for developers.  Windows 7 is anticipated as Microsoft’s key to success after hitch ups with Vista.