|
|
|
Windows 7 Security Enhancements Summed Up
By: Larry Seltzer
2009-04-23
Article Rating:  / 3
There are 0 user comments on this Network Security & Hardware story.
Windows 7 Security Enhancements Summed Up (
Page 1 of 2 ) OPINION: Enterprises can expect security of authentication, data protection, privilege levels and the DNS to improve for users running the next client version of Windows.The evidence that Windows Vista is far more secure than Windows XP, both in
theory and in practice, is abundant. With new features and standards, Microsoft
hopes to make Windows 7 even more secure, especially for enterprises.
A paper on the company's Technet site explores several
new security features in Windows 7, most of which have an enterprise angle
to them. In all cases, there's nothing completely new, but there is better
design and easier implementation for IT and users of strong security
capabilities.
The Windows
Biometric Framework is part of a general reworking of the log-on process
that began in Vista. Earlier log-on architectures were
built into special programs called GINAs, which were complex and difficult for third
parties to add on to with biometrics and other modifications. Vista
replaced GINAs with a Credential Provider infrastructure, and WBF fits right
into this model.
WBF includes a standard interface for biometric device drivers, a standard
set of services provided, APIs, management services including group policies,
and user interface components. Both kernel-mode and user-mode drivers are
supported, with user-mode drivers helping with overall system stability. There
are ways for applications to work with biometric authentication, and the actual
biometric data is never exposed to them; it's easy to change a password that
has been compromised, not so easy to change your fingerprints. The initial WBF
implementation will only support fingerprint devices, but it can be expanded in
the future.
Numerous enhancements have been made to BitLocker
drive encryption in Windows 7. Management has been made more consistent and
easier to use. Setting up BitLocker drives in Vista can
be cumbersome, especially when the operating system is already installed.
Windows 7 improves this in several ways. The setup of Windows 7 creates a separate
active system partition, and the BitLocker setup on an existing system will
repartition the system in an appropriate way.
BitLocker To Go makes it easy to use BitLocker on removable media such as USB
drives. A group policy allows the default for USB
media to be read-only unless they are encrypted with BitLocker To Go. And data
can be recovered from any BitLocker To Go device by using a special enterprise
key. Some read access is available for BitLocker To Go media on Windows Vista
and XP, but not write access.
UAC changes in Windows 7 have already generated some controversy. The main
change is that, by default, when the program performing the elevation is a
Windows program, identified as such through digital signature, no UAC prompt is
performed. The idea is that you need not be prompted for purely administrative
tasks and can focus on the really risky operations, like installing new
software. This change also eliminates some cases with Vista
where users would get two prompts for what seemed like one operation.
Some researchers noted that one of those Microsoft programs was the Control
Panel program that changes UAC settings, and thus no UAC prompt was required to
disable UAC altogether, and they showed a way for a program to make this
change. I
argued that this was actually logically consistent and that Microsoft
shouldn't change the behavior, but they decided to force a prompt in at least
some of these cases.
In addition, many internal operations, like changing the screen resolution
and resetting network interfaces don't trigger UAC prompts.
|
|
�������x}kw89�v2��zۑrd[5-ēG m䐔�?qܳbV�K�J#힍c�P�
UBPλ$9д�,JvΰSã&w$5vv~]� ��zNUԫ�1en�Շ]̱]��k��
�kGx�&R~x'wx�;`KQ;Q
�eɄIP�Qߕͩ>m^~lv��.pѲ�eb�^�Q+$ЁCE9�J��Dq�DRgEQ�߱� [t�f�9v W*,�'�8սi�/
J�<��7�ϛkb�|�=k�|�-xa+Z>�Xq�8��b#0+#O3�ְB�1BE�8 u�"J3v�%
j�ڪFQp'z:pa>D�9�z�v
r<�r6CݟP��Ґ��c"�9l˾,ЙfXqi �́J5(�J\S�(rww3s[=7q*sܼL�_gJY4Ew/ڧ9�@(�`�nKVj0�Ns#�ϭwq@ΰ�[A~Nw"�DT)�Jj\(�LDC{a�jLlha9 3P�+%JV�4E;
KHR�Ә])����N,ԐX�ۭޱdji]ZWWnZGW wb٘XB�ji@�e$�X�Y2�oME%us%'+r>ju�83�Bәm�iqmUϯ~�6O^En�[Cy�Cm0MߑRMRs�~:�\$R�G$'uH{�3�`HmDi[ܺȑ\�y�˽+�aXXPYsٹ!lrYYT'*daeAUiӡ7QO
.�ϱǍVuLn�[nC�8%gk�,0']ez|�c\�7W�J�EJX=(BA*�EL@�J�n!S[�ö@�.�C:gV},}P��ZG>/=S:4g@א���Q�mQ�ޡ85�ݘ���iH'j0i�|
+���wG|Lnž�*ԇ9[i5PC5u�|h�TR}l;>4��PhRP<�sx70ܚ@[Sh�%]Ҽk:���?`#0. Z-{����BeV~�}�̢�Ps�̧�mM�rAݛS9nZ@c@<:�{%w2R}'9>�M #RRP@�4�"BQF��
�T� * gsCX"C@#'�@@1w;�B/VKŤ�\*y"�JM'8ΜWKR�x&,�S,ЂW-KKBAfsf(4{~6�cbB$|#'"�Xr`Y
�\+|�)l
V.hiȨ׃4`�z=ǎVj%EU��G@VTyq&|ΦÙo0吶=t�f�3hWa OwH{�Ja�95� �->MG3{68wD�&�j�7k_>L>HQoĸGF�7`SӀ)4*d�ps�P�y�%2B� հpUedܣ!=?�p*JNCjVzv}v�MAR?�T�ܼ?
b>Ȝ 8C��\Գ*AB �glBB��{�ڠ[3R漒:-�=Mrʲ�#�A]_�R/0}KęRT8%'1La�qWa3�� �9P��8PJ$l%K+ w一�T-=�t]OD�<}�6LG�tфP�
;q� �JYY�,b=*4jKz
V�Ä끈7�_E3�c�%�tDe*tk²w잴�ה�)Τ_(�'W��y+l�U�~cC�L�mRGE}Buߴ�V!WK.ZS^dX.)�Uq��l"�zd\s˰0X�@rFe9w٘A�u\?Џh�SKܴg���3M~��N�PQ@1�"^Ou/��5GaNjN~S=g�B�7�.B@ŁǨ<.��[Po5>>8آTQ݀*�E)'.E�6a }�d��]D�z�m�4`H���_xHE"}�[+pp����L��U.(L0�:�K�r�2b,����T�B$⦼�4�݀Ēhb�tXQH ]j3nA���Y >{�V�v0aA�@=&��{%K��eX0�x!_(ƨOUqс,u�`��t�V87f=�<�@;
vQ�#h��R�&�`�j@$�
p�LM{2jLvg
`�\7~,p$�3�i炚H]bRXE�G�Ùt)D�kް)?F]SԨ�ສTjՂ/Y3^t
n�)h5#���#2�pg��r)hLk*�W vO�
#�VX]ў#Wh
xV IR~kZѢ
�'yͤUpR|9yM���^7�zFnsU-yl�F��o��-JTȵ#}�{-%�r jk�nQ��VJt5dDfbN'�¥�F5c�;�k�*)<�Wk*�+
��. r��uf0e�m�=_�?�M]�[L4Gzɖ0Ǡh'� ��Yn�AjAy̧ \`3�ⵚV+g|l6#i��TD\7��3��v��V�\�k~N^
ܬ:R.�@�R\�)Hǖ1|]��4|Yyޘ4>JiӈG�2cdQ��HV�z\ 4�g4<��c>�o
4y��@QZm�o\[,+e|cO�R|�m$\EC>+m�^L�\XP�Y\\&CUX)TԒ�/IXqA90B�0VB3ڛ5^,@�N|C!k��~4I#̸z/Ɨ��hs�k' G�N�yA]6{%MMh;k^@�Lcfzu8,-o�*M&l��Ԇuz�lȪ�+> 2*ijAROsG:Lpz]�zߍ
�eRԧ{{+7}3݀ G�L+߭q*��EI@*�5�]�*;_ 3�ss8>zB�bzQ=Y�@r�r�jT
�t2�R@BZFb.XO}+�&,=���=a?qp549^�I�CVj e&g+�,ʸ @48&C�_~ۅVkUeAb��cE6 7cyH�~��jg�^Ѝ ?�PX2"NrE^)�>)hlsѓN/x:h��?�t۽vb���9m?��ZrwPa`�6*/['���:.yCj�Gyn8dB&;�v�B�,
H
o�Hq�3'^li�[{<>n_|x�Y�:p0\^��!Ѱa�8ͫ��nQs��EKJ:\[�r��܃g��,<
Y#B�WǍ���fpR`N�Q~H��6Q`���!/suܺĂ.s^ל$�"j�\N3$n,ʆq� ۯ}gI�9�_aY�,$oǭU���f�~3bt4zQt"wۿBOo1r�!~�_!c�ߗ&8��~�PV=8̫rh%縕zq3�~<)}B/g-9˙�~@Ҵ�v(���o�"tUϭ+}21CjG�Yk�.N�m�-ŧ
[O|�BB�Y~�J9ńK~2Rq;Is6�v[�[&O!`N�S2%Ia�# �m$IjSf�k��C@$ğ_IIv(+VH'dA͋�r��Ú�mfyg?l]7�"�=�O&0?v�\$0F �q�k�5@�� RްÇ[0%ŤYGJ^KJpVKUV�4@ �� �#e���Z���
#ӼZ�;hUZ"6Akm#O�<�h;n�;
�G�@)3^X�2k=7(�v
̳,��]97_>_mzloQU2C�Zс?1n�Qݘ�4�v�zv`�rgS@
{cN��O[[ıwp߆
?O*yr�+aG�Vɵ9� y�Cg6v1C;#ͳ^4/NA��̯��O$U
:t{D�o�7mT�T�~e6x�?HPߚc=p9!M[wۭݷ2ߒ�_
Goc$Ǯv'ݺw�>m84�Ǡ���R�#I1$�$Z^T@,*s攤vCȔ�X�N�Gƽ�bZ@Ɍ7CCz
���f=#tzooo>ȥ݅~=,~�O�g뻌�w.�G!GoqSxw|}ԒH>r&jD p54{qJ9Ntu�s`T�zH^أ�Xڽ]�v�U��uquOy-S����רO Z�;x�鼱~��2��>
A�ؖrnbL��2��HB%F�e5w#�c�''cc3ψ�F%%k&Sϱg6A� jmg�wBqVE0p>-�Kpb��ulD[cCƣd�:XP|;�ߌ93{C�8�l�RSgeW6o,)�?�.��j{\nn���B�{7d\
�]�fKn~�&v/w��NM�Viyˏo�.�k9WjJUɻbe&{'�@54G%Y)�ȕ�̯,:�v��L~�ZI$lT��}@7�eOG)XstcjY�
�¥@�z�思��dG[s�� br*;�yI.]|sn!Eg4�v>/&灇H�d yq#O8�Rh ex=I�;9*M8/cȜe��pS�5`zJe(s@��cL',^6�1a�~3dVWf!X�
� :wRY�+���h�c(]�(ݤ3��plXibDXx���\�eFIjh'�XPǦ��M2�X!~*5X���LI�I˟^q�#qw�O.+q��Db)7'�?0ߦANb8=>�k}X�rMXE}e$ͧLoEрWs4�/5R}�˺Eo�]{�GH,F3�$b*JD�Z)1Zg�?t4�߰@D={7?x�?\�ȮyO-66,�{�'v7o_�.^<ݮ�R�J�H�~ˉVF(�B�&C2\M:��b,1a�YU$�H�Շg~ @Rs�ӕRXPKx�d����0G���t?s1�
>on%5%%0\hز/^̍y��$U䉾�Ҟ��Rԛ
��ͯ%4��J[Ǻ.�+RdU�q'!H$� �*H�Q}�[�y�U7QtHeMa=CGI*��f.ZI-mB\���0`$^3`@�Em�_RN�_PN!9�n�%A@%
t#;X0���,A@@JE-W
%�~�쇪�`-�ka2V�ZHXk�fOE2h�5�io�,kHדD ��J'JHG�ϙR\JZV`��/!�9<��ɫ"G"mv_rf-?7Q�鶤KW�ܘt���;I�mAlAC�dY'89�&���Hg�}ݬmE��I)HjiS h9�w��T\h����*ZR\�o�����5 f�RVȞpxDGH!u�
2rۯ8������7�7�7�7�{A�O5�Dzl�N_/5Tjeu~
xW~b�E9L;P$CX9YN,Hc
̪HtI����4&&u
�(.6e*l�j�1�OռONqa���$ qW ���۹pLѰ��xz,~�/!=-R~C��'��K�N`L
J�V2VI?"b%_بa�u&ÆY|)^n�c=u=H�\,[/y@a(o`__9 m8n�<1mݲ�0fzR.�(ﴄx3e6Zbb�Ƚhb6�`w�36T|eD4y�F�O*!a_nǍ{IGΔVS0N5�eЁDg�M=}�hA^'�C��G�]xd
ٍWuj�.."R7L7
B�.�'RV+Vj+W�HX�KX�j`kA^+#Y@S9(4)rW66666ȦPnV}6�ʗ����\s(R6�[P�nrM]�OL;<#%I\��K�ȷ�zX[�(C���zń�N���c�&sa��n=Zэ9^Z�%vn&в$gSfՑ�5� $�i>GD}u�5*b߅mغȷ�FH�v;�pO;mM[\Sb�d���@.h�cِ]�w=�`C�n)+T*I}6{@;Pe�茠�ٿcg�8^S�`܀S*g�x\sZLv�� �,�kƦc|4$}�Qoq'Rݠ/Ba��@�amI��Y06XD�Qm
LQ�ì�3�?PmdQ^szb2QB�Q
Q?Dת̩xn��?�¤�t'O,η v2.E��(!
|��5�ι�E.P�i�7�W!Oė;JqG8Q�ZY1Z3ʑu1秢VG}mc9\hX݊U�{$e
&:�Baf0삕�q{��{30cY�q'%"j\˥�rs鳐+A#AI�҂�B4"�w�ĨWܬ"9wHbW:.ɩ{Ԗ��FX(�zx"�Z�"�'"�KI�H�
,]^<�
?���X�R�y3�Mukaİ>FS�Y�h=Y!hcb9j�.\l(I^,:-vi=_@Fw�3
n �獦"�rIo�$TG ?+R(��U��<^Sci�� �kgCyZULX[��kLO&@zXUZW�fںڰr+ ~K-y�5�J4s�5�D7�X}̸�9�Ԙ�<.*� =,eO4�|
I1.r c?4k�lM/5
��?�)3$[]Zh ��0.�S5)��Z'6
W=fhjJE�Ք�gx'ڹ9��L�qG:�g�^RI+�T[g=q1�,�V�K&�z攇�:a%��?(BA)bm27}CD@'���}l4t_c hҕm2���47�Y<̑3|+9S�F;V�wܤRW3>ݿİ:B��1~dϋ:wm"=2?O��66mIU+ 7�g%۹caiL*r4�>SmS�� X�t4 K
Sig~Rn*,<+sY�l�ZqA`.iUh9MFV�qqjk
4�al�~��T�TbЍ�B1KM;InP}7Y?d=`
��\
u/x{~ B
{=Hl~G�&}*�4�;-\7-��O>k��>o%W0�O�Fn�mx+{VzK";{|�Q����̊XL�t4*$�W��[=~{LfRO��a��W"L�_X9!,x|tZZ&e}�HKm1Di�b#3�!?�X�^�_�b.@��h]wZ^몋���<�gD"#xu�vMuqE0tS E��LJyp�I|�T+�Lj�5� [z>˘80[,;�?�pa)}?�u|1[AG)��bʑ"-Qo]*5
���}�`�T`sԢ'薈�d5B&(q�iK8v3ҿ@g�,�>v9g�g�g�ssyFρ>3�<>G/2�?gBiF o�~�{1�?��s�w1~�h'�?��ɐ/@��q /3_�\eO���诗A@?V�A_!sV:sF>�>g�үҁ~3�Ψ�:s$eC%.^O�p�3Ka� /Wa uq^�yVV =^`dk��x.�rg�f{�%n;k?�/:uи
CJW=k ϼdmMuZ8VҦnp_/ΣD�+��sV業I'x�Eq\*�g�ل}�@CXy#u��'eFWTC�o�sd^ {Wrr6VD-VbbM�x{yǾJCsl��¾Ⱦ>u-ۥ=�ǒ{Ь`gn]!=aDzE?|�[2��xI0P? ۓ{� �W\�wpSn$x?5����W-Mԭ�ڎvڝ{f*43vd;�w6�S췡\2�< Nܾϝf�ţu.dl<5&\eףj(+�@J�~��@au�f�z:t}a_��zHyֿl~hlZ/'K�*{�MoNDT�N)pB ��^a��ɠ1zI]���6ZyC=C>}58]Wn8Wnm
ď;c���e�I@*�5VZ*;_�"���#G1�Q5YUdJ*'�jeV*V�&�� �K}#
P .=M^d FЇZCO�3CX*ḃ}5�@h P�>1�=:6�d{X�QU,�Yi^\dp�0,{xy�Nث�ڎy�@��7s�J��5v�;)��AـD@.3*(c5q)
߄�ٕz"n�,T;o�=�2vgj�Y }bqqkq�D4x�O��k -*x�q5mJ+gL#�[�o�t�_]x#z>+$pgBͫK>^p_e��˪U&��R�>h�E�ja�J%cD�$QEY�H:\h:I5�{w{���=�KFe�8sнo?r8�]]^�:O~���9�^�ocp�p�h�1��6`��{X
v;n��^��p����I�v͘zOB�>��^icо(u�$Q|�5f$1x_06�)+xl�ӕ�g-1��L=-a��J6$wd9!^��c@8>�cc6H-m�gtlC�k��:.kvԙ%zO_|y
��$Gl;�rc7ǚ1)`L::D@z!_�|�8$´�}dd03](u l70-d�tx ]q�%;�jS(���&]y�K-}�x�� �*;sH6V\6�C�cr�]��%q["�
��'o�M*_�IxbHqpC>a��v�EE3`A�^|e�D${@'�
�ۆOn���C��~��]S!-�wn��SL+�J�m[)���h2-0�ƴ�8�3&�0��n=ձ]w�
� 7G=Ƌ�rx{KkG۹pL%^�}HPVFߗݜ����OXo|
8�O.�h�6�A�Q%נ
�<{{�(N~<)1��gvE{&�{݄68��.�@W6��54�b�Yy&���W[OP��Q
lt*��X<�Ŵ"&D0�;'R:4sh;�Y3TFH6c?p�ft��@í]�Ng"a7<#�/ah�Cgy�bSS2w�$Yw��fg@��ȟ8#}E.4�8b{@T,ﺽ/gvf/Pt.zI}eT�궾�Z�;~v��?;Ktۿˌ�Xi*.㉓[�%GU���n�WO�RB^zIɜK�\UK$%X/ffTN$Ƈ̎}�6tcLp�)�ͱeRX[`l/Z6v�q�>*��
|
Network Security & Hardware 
