Windows Vista - How Secure is the New OS?


Other Security Settings (IE7 and UAC)

Other Security Settings

You will also notice a "Other security settings" tab in the new Vista's Security Center that lets you manage the internet security settings as well as the user account control (UAC). We will go into them one at a time.

Internet Explorer Security Settings

As you would be aware by now, Windows Vista ships with the latest Internet Explorer 7 (IE7) browser, but unlike in Windows XP, the integration with Windows Vista and its better security oriented kernel offers a crucial operating option known as "Protected Mode". When IE7 is launched with Protected Mode activated, the browser functions with lower access rights than usually allowed. This effectively means, should any malicious code get triggered from a rogue website or an unsuspecting web-based e-mail, it can do little harm outside of the browser as it blocks interaction with all other system resources, applications, files and it can't install anything nor modify system settings. In short, it's almost like using the Internet within a sandbox (IE7), isolating the rest of your system.

Other important security aspects of IE7 exist, but these are not tied to the presence of the Vista OS. For example, ActiveX controls are disabled by default (outside of Trusted Sites zone and pre-approved controls). Users will then be prompted to selectively opt them in to a 'safe for use' list or reject running the control.

Another important feature on IE7 is the phishing filter. Phishing sites are on the rise. These look exactly like the original site, but are actually traps to lure you to input your user name and password. Common examples are Internet banking and online movie ticketing sites. Once you have keyed in your personal particulars on such phishing sites, they would then capture and have access to all your vital information like your credit card details for their own fraudulent use at least until the owner discovers what's amiss and notifies relevant authorities. What the phishing filter in IE7 does is to check the URL against a known database of suspected phishing sites. If you happen to stumble upon a suspected site, IE7 will pop out a window to warn you and recommend a right course of action so as to prevent you from stepping into the wolves' den.

User Account Control (UAC)

In Windows XP, there is a tendency to unknowingly launch an .EXE file, which could have been a virus or a Trojan. These days, it can be tough to differentiate between safe and harmful files, especially when they purport to be from your friends. To counter that, Microsoft has added an extra layer of security in Windows Vista. Known as User Account Control (UAC), it prompts you for approval or disapproval to allow a particular application to access the functional and critical portions of the Windows Vista OS. This is very helpful to prevent any malicious attacks that might try to mess up your system in the background without your knowledge.

Should an attack activate an action that wants to change your Vista settings, UAC will pop out with a prompt, which allows you to reject the execution. However, the UAC pop ups can be quite annoying at times. If you are installing a new application, trying to edit your security features or accessing critical functions of Windows Vista, UAC windows will pop out all the time and query if you want to proceed with changes to Windows Vista's core system. This feature can be deactivated but we recommend you keep it enabled so that you are always protected from malicious applications.

This is also probably the most significant change in the new OS compared to the security model in XP. For one, consumers are encouraged to use multiple accounts, especially accounts with lesser privileges for daily use instead of logging on as Administrator by default. Such a security model has been the bedrock of other modern operating systems like Linux or Apple's OS X, so in this case, it's a matter of Microsoft playing catch-up.