Windows Vista - How Secure is the New OS?

Security and Family Safety in Microsoft's New OS

When you buy a product (be it hardware or software), it is natural to assume that it will work perfectly out of the box. On the contrary, this isn't always true, especially for the software industry, where most companies release patches/updates to resolve problems discovered during the product's effective life cycle. Microsoft is no stranger to this concept and has been practicing this ever since the company existed. Security issues are particularly problematic to both personal and company's productivity and in the bigger picture, a corporation's well operand Microsoft is always on their toes to provide solutions for their customers so that they would be less prone to malware attacks and the likes. One such instance that we vividly recall was the annoying malware issue plaguing the early days of Windows XP with Service Pack 1 (SP1) which caused system slowdowns and forced shutdowns. The malware problems then were so chaotic that Microsoft followed up with SP2 to put an end to those security flaws.

Like it or not, security problems can't be wished away with a magic wand. Even till today, Microsoft along with other third parties like Trend Micro and McAfee are constantly tracking malware activities and providing solutions to their customers on a weekly basis. Statistics show that up to one billion people in the world are using computers and have networking capabilities. Out of which 30 percent are potential cyber-victims to security threats. In today's context, cyber-victims are not just victims of malware attacks that mess up their computer systems. A large portion of the online attacks happening today are in the area of online identity theft and fraud transactions resulting from visiting phishing sites. With so many security concerns hanging over our heads, Microsoft isn't taking things lightly with their upcoming operating system (OS). In fact, security is a major focus in the development of Windows Vista to ensure its users can work and play on the new OS confidently and securely. You can expect a lot of new changes in Windows Visa that stands out from the current Windows XP operating system.

On that note, you might ask us what differences exist between Windows XP and Windows Vista with regards to security. That's what this article is all about and we'll show you some of the security benefits that Windows Vista users will gain when they migrate from Windows XP.

The Real Security Center is on Vista

In Windows XP SP2, there is a feature known as the Security Center within the control panel that allows you to quickly view and manage basic security related options (such as your firewall, Internet options and automatic updates settings). This one-stop center in XP is very handy and it is only natural that it gets ported over to Windows Vista. The concept behind the 'one-stop center' will remain, but you can expect more flexibility and features on Windows Vista to thwart those nasty attacks off your system. You'll find several new options in the latest security center, so we'll be stepping through each of them one at a time. To start off, here's how the Security Centers differ of the old and new:-

Firewall and Automatic Update Settings

Firewall and Automatic Updates on both XP and Vista look pretty similar. They allow you to select the type of Firewall you want to use and configure Windows for automatic updates.

Firewall

Automatic Updates

Malware Protection Settings

What's fresh in Windows Vista is the inclusion of anti-spyware protection that forms a new tab in the Security Center called Malware protection. Tracing the roots of this new functionality, it all began when Microsoft bought over the popular anti-spyware company, GIANT, and repackaged their application as Microsoft AntiSpyware. This was offered as a beta add-on to Windows XP in 2005. The second beta version was significantly revamped over time, and debuted in 2006 as the Windows Defender; still a beta though. By the end of the year however, Windows Defender was officially released and became an essential free download for Windows XP users under the Genuine Microsoft Software scheme.

Now in Windows Vista, Windows Defender is integrated into the new Security Center and plays a crucial role of protecting your system. Using its real-time scanners, its core job is to sniff out spyware from emails and websites, and prevents unauthorized installation of 'mining' utilities/software that slow down your system which can cause harm to your system or other systems. Like typical anti-virus applications, Windows Defender requires weekly updates so that you will have the latest protection against new spyware. Windows Defender in Vista also goes a step further to block all startup items requiring administrator privileges (basically those which aren't Vista compatible), thereby further making it tougher for any rogue programs to wreak havoc upon your system.

Under the Malware protection tab, you can also access your anti-virus settings. Through the partners' collaboration program, Vista will advise you if the virus list from the installed anti-virus application (Windows Live OneCare or Trend Micro's PC-cillin, etc.) in your computer is up-to-date.

Other Security Settings

You will also notice a "Other security settings" tab in the new Vista's Security Center that lets you manage the internet security settings as well as the user account control (UAC). We will go into them one at a time.

Internet Explorer Security Settings

As you would be aware by now, Windows Vista ships with the latest Internet Explorer 7 (IE7) browser, but unlike in Windows XP, the integration with Windows Vista and its better security oriented kernel offers a crucial operating option known as "Protected Mode". When IE7 is launched with Protected Mode activated, the browser functions with lower access rights than usually allowed. This effectively means, should any malicious code get triggered from a rogue website or an unsuspecting web-based e-mail, it can do little harm outside of the browser as it blocks interaction with all other system resources, applications, files and it can't install anything nor modify system settings. In short, it's almost like using the Internet within a sandbox (IE7), isolating the rest of your system.

Other important security aspects of IE7 exist, but these are not tied to the presence of the Vista OS. For example, ActiveX controls are disabled by default (outside of Trusted Sites zone and pre-approved controls). Users will then be prompted to selectively opt them in to a 'safe for use' list or reject running the control.

Another important feature on IE7 is the phishing filter. Phishing sites are on the rise. These look exactly like the original site, but are actually traps to lure you to input your user name and password. Common examples are Internet banking and online movie ticketing sites. Once you have keyed in your personal particulars on such phishing sites, they would then capture and have access to all your vital information like your credit card details for their own fraudulent use at least until the owner discovers what's amiss and notifies relevant authorities. What the phishing filter in IE7 does is to check the URL against a known database of suspected phishing sites. If you happen to stumble upon a suspected site, IE7 will pop out a window to warn you and recommend a right course of action so as to prevent you from stepping into the wolves' den.

User Account Control (UAC)

In Windows XP, there is a tendency to unknowingly launch an .EXE file, which could have been a virus or a Trojan. These days, it can be tough to differentiate between safe and harmful files, especially when they purport to be from your friends. To counter that, Microsoft has added an extra layer of security in Windows Vista. Known as User Account Control (UAC), it prompts you for approval or disapproval to allow a particular application to access the functional and critical portions of the Windows Vista OS. This is very helpful to prevent any malicious attacks that might try to mess up your system in the background without your knowledge.

Should an attack activate an action that wants to change your Vista settings, UAC will pop out with a prompt, which allows you to reject the execution. However, the UAC pop ups can be quite annoying at times. If you are installing a new application, trying to edit your security features or accessing critical functions of Windows Vista, UAC windows will pop out all the time and query if you want to proceed with changes to Windows Vista's core system. This feature can be deactivated but we recommend you keep it enabled so that you are always protected from malicious applications.

This is also probably the most significant change in the new OS compared to the security model in XP. For one, consumers are encouraged to use multiple accounts, especially accounts with lesser privileges for daily use instead of logging on as Administrator by default. Such a security model has been the bedrock of other modern operating systems like Linux or Apple's OS X, so in this case, it's a matter of Microsoft playing catch-up.

BitLocker Drive Encryption

BitLocker is a new data protection feature available only to Enterprise and Ultimate editions of the Vista OS. When Bitlocker is activated, all files and folders in the selected volume will be automatically encrypted. Unfortunately, Bitlocker requires two conditions to work. You must ensure that a dedicated partition is set aside in your hard drive and your system must be equipped with either a Trusted Platform Module (TPM) 1.2 cryptography chip or a USB key containing the startup key. Probably the easier route would be to ensure that your system comes with a TPM chip, so be sure to check that with your retailer/manufacturer.

One very practical scenario for BitLocker is to safeguard your data from a notebook theft situation. Since this feature allows you to encrypt all your confidential data on another partition, even if you lose your notebook computer, no one else can access the data inside except yourself. Quite similar to Encryption File System (EFS)'s selective encryption, Bitlocker lets you encrypt the entire hard drive including Windows system files. This is unlike biometric scanners and the conventional user name/password logins, as Bitlocker renders the data on the notebook useless even if one extracts the hard drive and tries to access the data from another PC.

Parental Controls

The last security feature we want to highlight is the new Parental Controls section. Quite often the operating system gets messed up by children or ignorant users who may accidentally delete critical files or change some settings. Much like the administrator's configuration, the parental controls easily empowers you to forbid your child from accessing certain critical Windows options and applications and keeps track of the child's PC usage. This latter tracking feature can also limit users to operate the PC only during the allocated time slots so that your children won't be overindulging in playing games late at night without your knowledge.

losing Thoughts

Windows Vista has been much delayed, with Microsoft choosing to jettison quite a number of significant features (initially slated for Longhorn) in order to keep the delay respectable. Fortunately, its much touted security features seem to have been mostly intact. Compared to Windows XP, it has a more comprehensive security model, which should significantly cut down the number of security threats. While Windows Vista didn't come with a default anti-virus application, one can choose to use any Vista-compatible anti-virus application in the market including most supported third-party firewall and anti-spyware applications. Microsoft was probably wary of monopolistic accusations from third party vendors like Symantec and others when it made that choice.

With its revamped security model, Windows Vista should do a better job of protecting the operating system from ignorant users. We recommend that you give the beta or the RTM version a spin first and perhaps hopefully make the switch when the full retail version is made available in February 2007. Once you make the move, you will realize that there are other benefits that Windows Vista has over Windows XP such as the new Sync center and a host of other new applications like Windows Photo Gallery, Windows DVD maker and the Snipping tool among others in the Vista operating system. Do keep an eye on our articles here at www.hardwarezone.com as we'll be looking at other aspects of Windows Vista in the near future. Meanwhile for those intrigued by Vista and its offerings, start saving up so that when it arrives, you can splurge on it and quickly transition to the new OS with a lot less to worry about as far as security is concerned.

Of course with Windows Vista still being a Windows OS, there will always be a group of skeptics, but so far from our hands-on, Vista definitely seems safer, easier to configure and more capable than its predecessors ever were in the realm of security. Soon to be available in retail, hopefully Vista can prove its worth and shed off the negative perception of the Windows legacy. As Vista matures in the coming months, real hands-on feedback from the industry and community should trickle down. That along with our own assessment of Vista in real-world use, we should be able to better determine if all the security measures of the new OS can stand up against the wild Internet and stay true to Microsoft's claims. The jury isn't out yet on Vista's defense mechanisms in the end-user environment, but one thing for certain is that it holds a lot of promise at the moment.

Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.