Software // Enterprise Applications
04:10 PM

Vista's Security Challenge

Security features such as BitLocker, Network Access Protection, and reduced functionality mode help make this Microsoft's most-secure release.

100 Things You Must Know About Microsoft's Most Important Product Launch Ever
Vital Stats About Vista
No Surprises With Vista--Thankfully
Vista's Security Challenge
Office 2007: Bells And Whistles
A Look At Exchange 2007
Steve Ballmer's Own Top 10 List
Competitors' Take On Vista
Windows Vista Timeline
Windows Vista Image Gallery
Our Guide To The Guides

Yes, Vista is more secure, but Microsoft remains a primary attack target. "Vista being more secure doesn't necessarily make my organization more secure," warns Jeremiah Grossman, former Yahoo information security officer who's founder and CTO of WhiteHat Security.

BitLocker encrypts files, so they can't be read if a PC or laptop is lost or stolen. Conversely, BitLocker won't encrypt files if it suspects a PC has been lost or stolen--a defense against data tampering. There's an option to lock the boot process until the user supplies a PIN, much like an ATM card PIN, or inserts a USB flash drive that contains the key for decryption. Of course, that doesn't give you permission to leave your laptop on the front seat of an unlocked car.

Network Access Protection is one of the most widely anticipated features of Vista. When integrated with Cisco's Network Admission Control framework, NAP supports remote-access policy enforcement. PCs seeking to enter a network protected by Microsoft's, Cisco's, or some other combination of access control technologies get the equivalent of an airport security X-ray. If software's not up to snuff, network access is limited till things get fixed.

Vista's Software Protection Platform is Microsoft's latest get-tough approach to software piracy. If Microsoft catches someone with improperly loaded Vista, the operating system switches to reduced functionality mode, preventing access to Windows Defender anti-spyware software, Aero user interface graphics, and ReadyBoost, which supports a spare USB memory stick. Business customers who get Vista from Microsoft or established PC makers don't have to worry.

Forefront Client Security protects PCs, laptops, and servers from viruses and spyware, using Active Directory and Windows Server Update Services to distribute virus signature updates. Microsoft sees Forefront as a replacement for antivirus and anti-spyware products from other vendors. In beta now, it's due in the second quarter of 2007. Microsoft's challenge: Built-in security is rarely as effective as tech- nology developed by security specialists.

Forefront Security for Exchange Server offers antivirus engines from CA, Kaspersky Lab, Sophos, and others, using their combined power to respond to security threats. In beta and scheduled for launch in December, Forefront for Exchange grew out of Microsoft's 2005 acquisition of Sybari. Exchange Server 2007 comes with built-in spam protection, continuous replication, and rules that let admins and compliance officers set and enforce policies for e-mail, voice mail, and fax.

Security apps can be managed from Vista's Security Center
(click image for larger view)

Security apps can be managed from Vista's Security Center
Forefront Security for SharePoint Server (timed for release with Forefront for Exchange) can prevent certain file types, such as MP3s, from being posted to a user's SharePoint site. It includes antivirus scanning from CA, Kaspersky Lab, Sophos, and others. In addition, Microsoft is releasing updated "optimizers" for Office SharePoint Server and Dynamics CRM that provide, among other things, policy-based access and content inspection.



say Vista's security features are of most interest

User Account Control in Vista provides granular control over user accounts and eliminates the need to extend administrative privileges to users, a screaming weakness in Windows.

Office Trust Center lets users set security preferences for handling Office documents. It includes separate settings for VBA Macros, Active X controls, junk e-mail, application add-ins, and other features because users are likely to have different security sensibilities depending on what a file contains or where it's from.

Versions of Vista for 64-bit PCs will include Kernel Patch Protection (formerly PatchGuard) to prevent kernel modification. Microsoft worries malware writers might exploit the same interfaces security vendors use to detect and block rootkits, keystroke-logging software, and worms; thus, the lockdown. Symantec and McAfee object. They want kernel access.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 Digital Issue, April 2015
The 27th annual ranking of the leading US users of business technology
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of April 19, 2015.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.