Windows 7 security: An overall improvement?
Microsoft is making some changes to User Account Control and the Windows firewall, plus extending BitLocker to removable devices in its next operating system.
Since Monday, I have been running a prebeta copy of Windows 7, the next operating system from Microsoft.
At first glance, build 6801 of Windows 7 appears very much like Windows Vista; that's because enhancements to the look and feel part of the operating system typically come late in the development process. Right now, the core programming is being set, and there are already some changes in how Windows 7 will handle computer security.
Gone is the Security Center, introduced in Windows XP SP2. Instead, there will be an "Action Center" that incorporates alerts from 10 existing Windows features: Security Center; Problem, Reports, and Solutions; Windows Defender; Windows Update; Diagnostics; Network Access Protection; Backup and Restore; Recovery; and User Account Control.
Changes to the User Account Control (UAC) may raise an eyebrow or two. While vastly unpopular in Windows Vista, the dialog boxes that pop up whenever a user tries to install new software, among other reasons, served a purpose.
In Windows 7, users can adjust consent prompt behavior using a slider control, if they have administrative privileges. Microsoft says they'll still be protected against malicious software, even if they never see another alert. I'm wondering if that's actually a bad idea: if people never see an alert, they might think nothing bad ever happens to their computer. We lose an element of user education.
Windows 7, which Microsoft unveiled at its PDC 2008 event this week, also introduces something called the Windows Filtering Platform (WFP). The idea is that third parties can take advantage of aspects of the Microsoft Windows Firewall in their own products. Microsoft says "third-party products also can selectively turn parts of the Windows Firewall on or off, enabling you to choose which software firewall you want to use and have it coexist with Windows Firewall."
I mentioned this feature to one major security vendor, which responded by saying it couldn't imagine running its product side by side with Windows Firewall. Also, if Microsoft had a compelling component in its firewall, this vendor said it would just build its own version, not use Microsoft's.
Other security features have been tweaked in the current build of the next Windows operating system. Scrollbars were removed in the configuration settings screen, as has the Software Explorer feature, and real-time protection in Windows 7 has been improved to reduce the impact on overall system performance.
Windows 7 extends BitLocker drive encryption support to removable storage devices, such as flash memory drives and portable hard drives. This means that users can keep sensitive data on all of their USB storage devices.
Biometrics enhancements include easier reader configurations, allowing users to manage the fingerprint data stored on the computer and control how they log on to Windows 7.
And System Restore includes a list of programs that will be removed or added, providing users with more information before they choose which restore point to use. Restore points are also available in backups, providing a larger list to choose from, over a longer period of time.
Returning from Windows Vista are Kernel Patch Protection, Service Hardening, Data Execution Prevention, Address Space Layout Randomization, and Mandatory Integrity Levels.
This information could change, as Microsoft nears the final build. Microsoft still expects to ship Windows 7 "within three years of Windows Vista," which means that it could be available sometime before January 2010.