Security: How Vista Fights Vulnerability

For the first time, Microsoft is making public some details about how its upcoming Windows Vista operating system will help protect against security vulnerabilities based on administrator rights and logon limitations. It's attacking the problem by making it possible to do more without being logged on with all-powerful administrator rights. If you're working in user mode, you will be able to perform administrator privileges, such as installing an application, on a case-by-case basis rather than having to switch accounts. When users need to work in administrator mode, a Protected Administrator feature will let you set limitations to prevent an application from going outside its privileges.

Another useful new feature will be the ability to check for and remove worms, viruses, and other types of malicious software from a computer during the operating-system upgrade. Windows Vista also will include a new version of the Windows Firewall, which will offer outbound and inbound protection, an upgrade from the previous inbound-only version.

Every piece of old code is being tested for vulnerabilities, according to Microsoft. Vista will have access to profiles for each application's behavior and will limit access to the operating system based on that behavior.

IT staff will find it easier to make sure users, especially those off-site, keep up with security patches. A client-based scan agent will ensure that users who haven't kept up with operating-system and application patches won't be allowed to connect to the network; they'll be routed to where they can download critical patches first.

Windows Vista will support full-volume encryption using the Trusted Platform Model 1.2 security chip. The entire system partition can be encrypted in both the hibernation file and the user data. So, for example, if the measurements on the system chip are different from what was started at last boot, Secure Startup would prevent the system from booting to protect your data.