Windows 7 Security Features Get Robust
February 18, 2009 Windows 7 Tips
Microsoft’s latest operating system, Windows 7, currently in public beta and is expected to ship later this year. In 
Windows 7, new security features have been added, popular features expanded and familiar features enhanced.
Much of the credit for the anticipated improvement goes to new tools such as Dynamic Driver Provisioning, Multicast Multiple Stream Transfer and Virtual Desktop Infrastructure.
Dynamic Driver Provisioning drivers are stored centrally, separate from images. IT professionals can arrange for installation by individual BIOS sets or by the Plug and Play IDs of a PC’s hardware. With Windows 7, as with Windows Vista, IT professionals can update system images offline and even maintain a library of images that include different drivers, packages, features and software updates.
Thanks to Multicast Multiple Stream Transfer feature, rolling out any particular images across the entire network or even installing individual images on desktops is faster in Windows 7. Instead of connecting individually to each client, deployment servers “broadcast” the images across the network to multiple clients simultaneously.
Virtual Desktop Infrastructure (VDI), another deployment model, allows users to access their desktops remotely. VDI supports Windows Aero, Windows Media Player II video, multiple-monitor configurations and microphone support for voice over IP (VoIP) and speech recognition. New Easy Print technology permits VDI users to print to local printers but this requires a special license from Microsoft and doesn’t offer the full functionality of an installed operating system.
Protecting Corporate Assets
Organizations may protect their assets with authentication for log-in once the OS is installed. Windows Vista included drivers for fingerprint scanners, and Windows 7 makes such devices easier for IT professionals and end-users to set up, configure, and manage. Windows 7 extends the smart card support offered in Windows Vista by automatically installing the drivers required to support smart cards and smart card readers, without administrative permission.
Windows Vista users have to repartition their hard drive to create the required hidden boot partition, but Windows 7 creates that partition automatically when BitLocker is enabled. Windows 7 extends the Data Recovery Agent (DRA) to include all encrypted volumes; as a result, only one encryption key is needed on any BitLocker-encrypted Windows machine.
BitLocker To Go is a new feature that lets users share BitLocker-protected files with users running Windows Vista and Windows XP. To unlock the protected files, an appropriate password (or smart-card credentials) must be used.
Windows 7 also introduces AppLocker, an enhancement to Group Policy settings that lets organizations specify which versions of which applications users have permission to run.
System Restore displays a list of specific files that will be removed or added at each restore point. Restore points are now available in backups.
The Action Center is a new, integrated Control Panel feature that gives Windows 7 users a central spot for locating tasks and common notifications under a single icon. Pop-up alerts are gone in Windows 7, replaced by a new task tray icon (a flag with an X) that provides streamlined access to the problem directly or to the Action Center for more information.
In Windows 7, you have additional options. A slider bar configures the appropriate notification level for your computer, and by default UAC will notify you only when programs try to make changes to your PC.
Improved Performance
Windows Defender, Microsoft’s antispyware product, gains a much-needed performance enhancement in Windows 7. Microsoft has removed the Software Explorer tool, declaring that the utility doesn’t affect spyware detection or removal.
Windows Filtering Platform (WFP) is another new feature – a group of APIs and system services that allow third party vendors to tap further into Windows’ native firewall resources, thereby improving system performance. WFP is a development platform and not a firewall in itself but WFP does address a few of Windows Vista’s firewall problems.
Windows 7 and WFP in particular permit multiple firewall policies, so IT professionals can maintain a single set of rules for remote clients and for clients that are physically connected to their networks.
Windows 7 also supports Domain Name System Security Extentions (DNSSEC), newly established protocols that give organizations greater confidence that DNS records are not being spoofed.
