Windows 7 makes remote connectivity to corporate networks seamless, protects data on thumb drives, and offers fewer user account control prompts to bug users compared to Vista, Microsoft said on Monday.
The software giant began an education blitz about the security features of the newest version of its operating system at the start of the RSA 2009 security conference.
Windows 7, which was released in public beta, will have 29 percent fewer user account control (UAC) prompts than Windows Vista has, and fewer prompts in general, according to Paul Cooke, director of Windows Client Enterprise Security.
"We've put users in control and allowed them the ability to tune the level of prompting" using a slider bar, he said in an interview.
Other new security features in Windows 7 are DirectAccess and BitLocker To Go.
DirectAccess offers remote workers the same level of seamless and secure connectivity as they have in the office. The system automatically creates a secure tunnel to the corporate network and workers don't have to manually substantiate a connection, Cooke said.
DirectAccess also allows IT administrators to patch systems whenever a remote worker is on the network, he said.
BitLocker To Go extends the data encryption features introduced in Vista to removable storage devices like USB thumb drives and flash drives. A password or a smart card with a digital certificate stored on it can be used to unlock the data. The devices can be used on any other Windows 7-based machine with the correct password. On XP and Vista machines the data on the drives can be read but not modified, Cooke said.
Smart-card provider Gemalto is offering multifactor authentication for Windows 7 for even more secure access to machines accessing the network, said Ray Wizbowski, director of marketing and communications at Gemalto. Now, a user can insert a card into a smart-card reader built into a laptop and either enter a personal identification number or use a fingerprint to access the data, he said.
Windows 7 also includes AppLocker technology that allows administrators to control the software that runs in the corporate network to ensure that only authorized scripts, installers, and dynamic load libraries are accessed. It also can be used to keep unlicensed software off machines, according to Cooke.