Truth About Windows Vista Security Revealed
The word “Security” has got many meanings,
each one at their own context. Generally, Security means
providing safety measures to some one who is in danger.
We use lockers to provide security for our house, from
thieves when we go out.
In early days of computing, security was not a major
concern. The computers were single user. So, there were
not many worries for security.
But, with the users started to use the computers to
store personal information, security concern started
earning much importance.
At the beginning, it all started with data encryption
and decryption, which was done, before and after, transferring
the data files, which contained personal information.
Without encryption, data copied can be accessed easily.
Encryption is a process of converting actual data into
unknown format using a key value. The key value was
kept secrete.
To get back the actual data, one needed to convert
back or decrypt the encrypted data, using the same key
value provided while encrypting. This process provided
security to data contained in the floppy, as the key
value was kept confidential. This was basic level of
security, and it is used till today, in securing some
highly secrete information.
Networking concept was introduced
However, the entire situation changed, when the networking
concept was introduced. Two or more computers started
talking to each other directly. “Talking”
in this context, refers to sharing information. This
enabled the users of computers to share information
directly. But, on the other hand, gave miscreants a
way for information thefts. This led to take high security
measures in the computer systems, which are supposed
to share information using computer network. As a result,
several companies started developing several programs
for protecting information from reaching to the wrong
hands.
Windows Vista security center
Windows Vista, a new operating system scheduled to
be released in first half of 2007, contain a set of
new security features which protect the system from
attacks, hacking, spamming, etc. It was about 4 years
ago, Microsoft chairman and chief software architect
Bill Gates, who announced that the company will be changing
its strategy in developing secured, robust applications
for secured computing. As a result of his plans and
visions, Microsoft incorporated several tools for security
in Windows Vista. Microsoft has announced that Windows
Vista will be the first version of Windows which falls
under its security development cycle.
As said above, to overcome latest security vulnerabilities,
Windows Vista included several security measures and
tools. These include:
- User Account Control
- Authentication
- Bit Locker Drive Encryption
- Windows Defender
- Network Access Protection
- Firewalls
- Internet Explorer Improvements
- Windows server Hardening
Vista User Account Control Security :
The User Account Control feature provides a level of
security to the standard users. There are two types,
they are, Administrator, Standard Users. The standard
users cannot run some of the programs; install some
of the drivers, as they are to be done by the administrators
generally. But, in Windows Vista, a standard user will
be allowed to install and run programs, if they are
permitted by the administrator.
The User Account Control in Windows Vista, is designed
in such a way that, whenever one standard user, attempts
to install certain programs, which contain doubtful
code or Unknown Publisher, it prompts for Administrator
permission for running the program. For example, let
us consider, in a Windows Vista installed computer,
there are two users namely, Tom and Jerry. User Tom
is Administrator and while, Jerry is a standard user.
User Jerry tries to run a program, which is not digitally
signed, which means it is a program from Unknown Publisher.
At the moment the program starts to run, a prompt will
be displayed, asking for administrator’s permission.
If Tom gives the permission, by entering password, user
jerry may be able to run. Otherwise, the program will
be stopped from getting loaded in to memory. Thus, the
computer will remain safe from unknown programs getting
executed.
- Administrator is an experienced user. So, one can
ask him to install the program, by setting the password
- Risk of attacks of spy ware, Malware will be reduced
Windows Vista Authentication:
Windows Vista gives authentication support for passwords
and smart cards. The authentication code will be stored
in the card. The card holder must swipe it before logging
into the system. This feature enables more secured logging.
The smart card support in Windows Vista makes organizations
to deploy and maintain this new authentication method.
Windows Vista directly helps programmers who give customized
authentication methods such as bio-metrics and tokens.
This authentication method will benefit large IT organizations,
where single factor authentication is not sufficient.
Bit Locker Drive Encryption:
Bit Locker Drive Encryption protects the PC’s
from thefts, from getting accidental tempered with data.
Basically, Encryption is a process of converting the
data in form to another form i.e. unknown form. Usually,
various encryption algorithms and mathematical formulas
are used for encryption/decryption process.
The Bit Locker Drive Encryption is a mechanism by which
one can protect an organization’s data, such as
confidential information related to business, functioning,
marketing etc. from hackers. The Bit Locker is tightly
integrated to Windows Vista. Bit Locker in Windows Vista,
provides a higher level of tamper detection, through
the use of 1.2 specification TPM chip and the Trusted
Computing Group (TCG) specifications. This is combined
with integrated data encryption to give most powerful
data protection, which is ever seen in Windows Environment.
Bit locker usually uses AES as encryption algorithm
and uses 128 and 256 bit key code to encrypt data. This
makes Bit Locker stronger in encryption technology.
When installed and activated, the Bit Locker will provide
encryption to entire operating system volume including
Windows System files and also to the hibernation files,
which makes high security to stolen data from the system.
One can use an advanced file system called Encrypting
File System (EFS) from within Windows Vista to protect
data. The users can enhance system security by enabling
the boot authentication process which prompts for pre-boot
PIN. One can enter it manually or can provide it during
startup by connecting a USB device to the system. The
Bit Locker Drive Encryption thus, directly enables one
to safeguard the real time data stored in the system.
Windows Defender:
This is perhaps the most useful tool in Windows Vista.
It is used to protect the system from spy wares, against
security threat, which is common today in the field
of Internet. Windows Defender is mainly focused on providing
security to individual systems. It does not include
features for enterprise management.
Spy wares and some unknown programs get installed into
the system without any consent from the user. Windows
Defender detects such programs and removes such programs.
Malware can be used to take personal information out
of the computers.
A hacker uses such information for his own purposes.
Some pop up’s too are used for the purpose. Malware’s
or spy ware’s functionality is to scan computers
illegally, and copy some of the important data without
any consent of the user. Think, what happens if some
one hack your business data, such as Account number
along with secrete code of ATM account!
Network Access Protection:
The network access protection mechanism prevent one
computer from joining the private network, if it is
not up to date with antivirus software, security updates,
and other latest update patches. Apart from this, Network
Access Protection can be used to protect the system
from remote client access as well as Local Area Network
clients.
Network Access Protection mechanism is used for maintaining
good health of the PC, when one works across different
networks. The Network Access Protection also ensures
good health of mobile computers. Often mobile computer
users keep traveling. Because of they keep traveling,
they don’t have the time to get security updates,
which takes lot of time to download.
Network Access Protection mechanism improves the security
of the mobile computers by ensuring that security updates
should be installed before one can get connected to
the private network. With Network Access Protection
mechanism one can deny access to his private network,
if the system is not up to date, and has got likely
chances of spreading viruses or spam, or Trojan horses.
Firewall Control
Firewalls usually blocks communication between two
computers. One can set the firewall to block communication
by making setting such that, it blocks certain port
numbers. Port numbers are number given to the data ports,
which is used for communication between the applications.
They are opened and closed by the applications, when
once the communication gets over. The Personal firewall
in Windows Vista is of similar functionality, which
is included with the Microsoft Windows XP Service Pack
2. Firewall includes application outbound filter, which
gives full control over the network traffic.
Windows Vista Firewalls will administrators to block
some of the applications from contacting or talking
with other computers. The Windows Vista Firewall is
designed in such a way that, it is configurable by Group
Policy Objects. Firewalls usually block many risky applications,
but could not do for some of them. Windows Vista’s
firewall enables administrators to set group policies
for the applications, to decide whether to allow the
connection or not.
Internet Explorer enhancements:
The default web browser in Windows Vista is Internet
Explorer 7.0. It has got several security updates. The
User Account Control is designed in such a way that,
it allows some users to only browse the web.
They cannot modify the settings and user files. This
ensures, if some site attacks potential vulnerability,
the code from the attacking site will not get executed,
because, the code will not get any rights to install
or get right to be executed in the attacked computer
system. Thus, it ensures full safety of the computer.
It also, includes a filter called as Phishing filter.
This helps users warned of attacks, if they try to
visit a site which has got dangerous code. This filter
works by checking the web content, for trusted information.
Thus, the new security features has helped one to reduce
the security costs. The secured features in User Account
Control and the Internet Explorer have enabled users
to have safe internet browsing without unnecessary toolbars
being added.
Windows Service Hardening:
Windows Service Hardening provides mechanism to protect
from attackers from performing to the file systems,
registry, network or any other resources, that could
allow the Malware to install itself or attack other
computers. Windows Service Hardening will reduce the
potential of damages that is caused to the system. Windows
Service Hardening will provide an additional layer of
security to the system by following the principle of
security, i.e. defense-in-depth. Furthermore, the Windows
Service Hardening provides security support for code
developers, by securing their code from attacks.
Windows Vista will provide security enhancements, and
other security features, which are new to the Windows
Family itself. One can make best use of these security
features, and enjoy the system in surfing internet,
watching Movie clippings etc. without much worries over
security.
|
