Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Windows 7 Security Story May Appeal to Enterprises



 By: Brian Prince
2009-10-21
Article Rating:starstarstarstarstar / 4


There are 2 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Microsoft Windows 7 has a number of new security features designed to appeal to enterprises. But will they do the trick?

Microsoft Windows 7 is on its way tomorrow, Oct. 22, and it is bringing with it a set of security features Microsoft clearly hopes will appeal to enterprises.  

The Windows 7 security story has three main chapters that have received a fair amount of attention: DirectAccess, BitLocker To Go and AppLocker. With these, as well as features such as BranchCache and enhancements to UAC (user account control), officials at Microsoft have said they feel they are pushing out their most secure operating system yet.

Microsoft plugged Windows 7 security holes in its massive October Patch Tuesday. Click here to read more.  

"Windows 7 is built upon the security foundations in Windows Vista and retains all of the core technologies, such as Firewall, Windows Defender and User Account Control," Paul Cooke, director of Windows Client Enterprise Security, told eWEEK. "In addition to enhancing those security features, we listened to customer feedback and [wove] it closely into the development process of Windows 7 to deliver innovative new security features."

Resource Library:

Some of that resulted in DirectAccess. Based on IPv6 technology, DirectAccess works alongside Windows Server 2008 R2 to enable users to securely access corporate network resources on the net without a VPN connection. The technology takes advantage of IP Security for encryption and authentication, and integrates with NAP (Network Access Protection) to check for compliance before allowing client computers to connect to internal resources.

"More people are working from places other than the office, and accessing corporate network resources securely and maintaining connectivity using remote access solutions, such as VPN, can add complexity and effort," Cooke explained. "It's also harder for IT to manage those mobile PCs. DirectAccess is a new feature that helps solve both these issues. Using DirectAccess, workers can easily navigate to intranet sites or internal file shares and access documents from remote locations, without manually establishing a VPN connection."

Enterprises looking to upgrade or switch to Windows 7 can also count AppLocker as a key security feature. AppLocker allows administrators to use Group Policy to specify what applications, installation programs and scripts users can execute. With the Audit Only Enforcement Mode setting, administrators can determine what applications are used in an organization and test rules before deploying them, Cooke said.

"AppLocker also introduces publisher rules that are based on an application's digital signature, which makes it possible to build rules that survive application updates," he said. "For example, you could create a rule to 'allow all versions greater than 9.0 of the program Acrobat Reader to run if it's signed by the software publisher Adobe.' In this way, when Adobe [Systems] updates Acrobat, you can safely deploy the application update without having to build another rule for the new version of Acrobat."

To Gartner analyst John Pescatore, the whitelisting capabilities will come in handy as users continue to deal with an ever-growing number of malicious programs.

"I think the application control and "uber-whitelist" capabilities are likely the new [Windows 7] security capabilities that will make a difference," Pescatore said. "We have no shortage of blacklists and we know total lockdown doesn't work. With the ability to make sure apps the user downloads are either known to be safe or, if not, can have some restrictive policies applied, IT can increase security while letting the user have choice in applications."

Rounding all this out is BitLocker To Go, which encrypts removable storage devices such as USB drives. With BitLocker To Go, users can restrict access to the data with a pass code, as well as set a policy that requires users to apply BitLocker protection to removable drives before being able to write to them. The feature also provides configurable read-only support for removable devices on older versions of Windows so BitLocker-protected files can be shared.

"Analysts are predicting there will be over 1 billion USB flash drives by 2010, with the average USB flash drive holding almost 4GB of data and costing less than $10," Cooke said. "The scary part is that, unlike losing a laptop, users rarely seem to report, or sometimes even notice, the loss of a USB flash drive. BitLocker To Go makes your data secure so you don't have to worry."

The improvements come as Microsoftwhich still holds a large share of the OS markethas been hit with public attacks on its security reputation by Apple, as its Mac OS X is relatively malware-free compared with Windows. Still, Cooke said, Apple is actually behind Microsoft in that area.

"While it's admirable that Apple is improving their security model, it is far from innovative," he said. "The facts show that when it comes to security features, Apple is just adding features into 'Snow Leopard' now that have been part of Windows for years; for example, DEP (data execution prevention) and the on-by-default firewall shipped almost five years ago with Windows XP SP2 [Service Pack 2], and ASLR (address space load randomization) was first released over two years ago with Windows Vista. All of these features are included in Windows 7."

Apple did not respond to a request for comment in time for publication. But Pescatore said while Windows 7 is an improvement, challenges remain.

"Windows 7 is a definite security improvement over XP and it will definitely decrease the Windows desktop attack surface," Pescatore said. "But Windows still has to run on an infinite variety of hardware and still has to maintain compatibility with huge numbers of third-party appsproblems the Mac OS really has never had to deal with. So, Windows will always have unique security challenges."





  Reader Comments: Windows 7 Security Story May Appeal to Enterprises
>>> Post your comment now!
Why
Why I should bother about Windows 7 security when Im using non MS free security tool... (...
Posted At: 10-23-09
By: Gerron
Windows 7 Security
After Windows XP SP2 was released, the incidents in my company of malware and spyware went dramatically down from at least 1 machine (we have 45...
Posted At: 10-22-09
By: A Mirza
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Brian Prince
 


xr㶲0;; ʷ♵MR-bY^f&uT I)Rl+9%]%3nBIL}6Fh4#I"nZΈ]sfS?q;O ['T> Ƶ(ˑԫ1mSHnwݶFN-gP'^> \?g3QY|ߵ-m: ]'|w*Unp{#a_ʞz5EpHԸ#|x\'gO?0{/<Pcw̪ҴϏv;P;Uyah/@Zj#\DȁY{w4ɿTݑm:{R'-XdUZL b6S!1kkTը>lY}@|ݑ|YCXw:QtA3Mu_CԿ($fҀ [8#/yy̧ u"˭Uֶg5^q7ܙcgtZEؘ*ozcn1LjX=:/GyӝF3l˸;4 XSKC(DžJ|+1߶٣̝ wQkkR)(U:Gqغsm)9x] !LEuzv{yyAoy%vx/ȯ0FD_*QI- I|/LZ@WP NH5](E~7B-ÂhZAArIjaԳ|3+i*H,'IL~64z͛VIzӋVlM,!R42V,]?C{ˠjq{~v|qۺ:vy熜5?N]$/#t2 +?9V'_ZUlxmuH8=|`kh2`cRZ:H ?uN{_d[ןN.[$'mTzg_%0omYn^H.ލT|Y|ěy30si2)߆I&[ V4XliLuV!`B 0{fr@̀kfPXX@@N)61p9kM`3R˼ĿIK2_VJ-ɿEh+dԌTwIQa#ax̌_,ʹec^IR]E6\a>PY?vwܬ,U$*մޅ-~4ҢKsQ}iuOfǫ # EHYf7-vI0%ꨦUʇ,Vr*ǿX8ʍ??6m!SGñA S&M:gvϳ` 0h vz?1>PӚMjqOCGs>2胎6ml8-" ,70}HG:QI$wX0x=sOg6%H_¤>< v&z(tm`5$GC-ߟL=s#09wښ@<Qݻi`y1yjS?!Tgg,zzC Slm^l}``1 5g%qJr%FaA.G))(I.BD(ZHB!Al~ [$p Xdd++~CazGBjK%'BP*m=!đtܾZ*=hƚTL٣XB ^X/_2әJRj2mhƪń(VFNDl0Vf)@-Â?1bh琱@DOAЌ7_A}x@6};2@&{l6c{A3uNP"'Կ ;3u9\OwT/=]҃9 UQR }-z~7MAR?Ty v Bdj/h~W.Y 3EXVHdF!! = \Pȭi;NrB@S*,H@&md{Oq)f$ ,4tOݡ~P;24D֒f{ց$lJҴ.Z*![r5}a׼6F]RZRKPDlPc/X +ezdyM2&Io c=`zu; 8`3ǟG )a!c$Q+}neͨԪP -"|@( K ؈|Ё*tdj²w7ה!._07&v*> 0f&6XC˦>ouqA̫%uDw֠~3KJAUcϓasMD@knV2 &GmܡkC6fuEsƱ4St%ҶY8p_sk@l4$T2Paa0] elaؼU_ySeF3;!䆻!`T#f:qV*w[;$!UTͶwAQ xHkM8vهE1G{E;# :07f/|P"58h> B LΧRE\ ~1~1UŠP= ]gw`uX]oXL+*)K.pϟ  sWyGfY?K#y:T+BZmFVVR帨V*qvJwQ)40Ⱦ;c:0?O'F2k Oo)gn%ߙ[aecFHdeS7\@ +RUw.5bYGY hO7`sg'kF&: `LDnЬ 0ԴgsZ-V,?A ޯјD@\teOU)&Uj l|`ZsnG<֔H+?N-2Ǩi 01j-dpMU*Ղʾ_۳YWc7g)h"RkF:Fd@t=Έ+6RΘT8˯A)q>:(TX7cmE{^ac7U[o&F)g/Zק&hTJ4}&MnjíJAx[|8.s7poj%@(nsU-yFs =JTȭ><9~܄yeb@mbؗy@?}誦C}2YhSYpg#HٚIκVu LلY𫇥*ktݿy j9z{'q7ge-&sC dK30ާ' Yn:AjAyIhk+WL?<Yô;9Qo@Hms11 >To\Op/~F8ÄonթrVgPWtZ/3O6&ITx}GVUO4yģT1C y $v=.EЋg2<LئOlXo B5)@u%hrGSYq {a\/n/$h@^1Mu0@ЧL{%]M茻l\ATcfa2J4ۄ knq,ۇ: aT#CnƝj@iUI+T Z} 2AatA*}7*\FIvSf﩮 Ϛ8@|=f^%5RiEmT)玿ߓN-ӄ1zAbQ=Y @rvjT  eP.8N}+tSZ‚'T.n\&#I Eq8x 26/ȟ-1Ή{}VU'&/!(0H_dpCﻶ$\auv'@ޏ.cY4}޹Iv1AqqNku\4[/zQ~Z>gq O>*Κ:"c_>t>]Ivc[ q߲oUH3 J@#$=ĸ}/gvn>J76eFh0\ < 9Ni 8֕isOUSJ:\w9& 5.[X G>9l6nÏOM1k&05h8!x0M _GoIM21Bwyn xqX9}HK,qj;;=?PZSRɭeh:;U7Ujkݮ< #3Cӝ薃CLH׼!/  .#AI=gw;}T>eNx>IА[#=p>~愜003|5e'3 Cw+i{}p¾"CWqj[:+@^d$$$yUZ/WU3$]ue% >Yx2M3}l%3 =ћ4/MZ,d9_a}4؞qbLư2F'`-ݺܭ1J "i#ĠH[rMs _5 Z7:ar*|"Zy☖a%8\}5ߊ:"Y1!Ifmio-(oǜxk5-U5U֒k0K(p!$ 8M{fr+ (? ܇'Vxe[b[0| ttb9J{~>ːuYVQXrTCy_,,uӘVOcHZ͟~T ~a,:/Lĝ>'t0a)QVU$~41 <1|& lSqBٯ?WoH8PP$ X{٧kϽGWFcvn),(N~[Ho d { g C-1 q]`qޝF3͑3 v+ xjʯ(P,IGr7 -DZ? :˓2cV}zr jBD32Pq <9) \;]1>(GBMQT}(bҧs" */ՒLU㞓F,VbL;J^I?yD ^\Vk{I܂tJ|[g*U j)N4{DIk1$$Wy49R.%rBy:dJ}R S)eĒ8`[á 7KvWTԟ-_|Ц,l 062ŎZ =CgIoйoVbn݅ /Ot >m`sc;qVF NmjaV>,Ѣ E$=!ѯD ^i%xTGK3 zÙ-ܞd7W06Lw0<H O-cx;vH8YPk[3`/B]}yz۞_JᐡK," 1#'4;u0ے^Sn ;ep,>tf氻W:S{;s]ϗԂZ,[g5rtqn b;]%k#/"gl%<''''{2˪R޶'3KWWIx:Jj*ƝSK.=6or$Y7ҝG]O܌nb"AF,^aV/ z2V~sz&v> XuS0^pF[OPB[l"B+ʖc 9zVvZF}b< asujkg^':w0[:voUk; !rcl=>z`TnVrV k /ugV@1RsL%~UKػ$| |ÍVW\oXЀ0铃IK2\9rH:))D-F^?xv@@8]ߺvETm\u;ZbA62}LZYBH>^ʃo?hێm͵Ω0 IxBtK@m @ȼ#MԬE5:&;VJE:`WB+ℱfneO%3QI4PDFГ 5>&o4޵w f髝H0N<[p_Ukb2$M [-{8S[x~1̫C1@150&/KxsqS>CX<d7 tq4,FzD?SM=1k> *V8EX*96i[$jbJbfiA i!Fv3{Kb+jJ7F$qя`+jj5b^ #j>akjrF-?x$ǍE/]^|~8.2dR  /(_7Dm \sj61^R>&sjx VQ՜|咿<^YR zaltOƄFWe:=0)j"v+8 JDfxkp)؜>3-yM13bcC܋FJk&p]إ^J;7C6.W@O[jkwfhDP"ͪDV\`*{ 1橙nHte6+{$=y =8M/kZ瓔KPIV ף6:}HwMDF0U 2ki}ӓGV5U*5Y$qk_bF5m .xړGF^Gly rjMݳu5’'Y~j rO}K;TQ`o3ow[1E@'0eˡWǪcj*Kk (LMޝKj߶$Nd愑NWDmJ<\kJDwyj $Z(u-u/;OyX~)ʒ2Z+L6mIU+ ַg%=څ]`aiL"&NǠ\Xp,Z;`߷b~mz9|lFH$Ra).&µZ-'|͌V:m AOcL$z(W' #n%YVmIr .kh>aؕ{' )8 КXW/bJ 7n,wM07߄QT1 :{rPZ=U$G/tX1/b-#-ᰐ#N>xI52K= o~{@ܱr 8r,-D|tz['U}H?Km1@hb#3!,& Qylh]m5oaC3M|4~ 8E}'L$EuE) 21wKy–s\vc? {\nX\h[:L8!i?/7W]P)`#uA~b ̀ ZFiF(ЄG#=7.nrl%[0'lx Dz mDRPi c_x e\FiilCcЃ("|#@[7d 6C;b<1C|>Op`_P"aTq2x(cE@, ! v7UIu~Kf6`6u}``EP00a|L'0]5:PL3%%NnldaQ(b:M t?|n%nKM 9byN]ƒ $Bq0Ӝh6@2߰+3ʰLXUKsͲg2qȅ&JZ `xZNrdhz?{X~@|LBz،Pqq}}wnH4{zӺ:WyٹP֊_ԝٗUu-<6G_K}eP,eJFũ6uF\ «X]frxixɎ(bzh,.6tg$Z UüjUzu7LǜKOA~j؊km9ޗ g5^LWkJN]3C|𩍷fpt{r:X)` ZQe 3baۼlH窙&5+۸r((( FFy;HgfF)/?g#cF?~O/ZEk}y,WoeCZCL*/\nF(_fmWogOෳ~m~io}3 ΠOѫ_}P~Q(GFy0W{s?W0Wׁw2ɐ?/ r qAu7@?7Ӆw3߅w3e__P埀>eg(U1π۬r o3ڿ͠ = >k\픊$dK " SV9,3VD=VbMxG,DlDZJ5faOd_K0ʛQGЬa]#=D(se&m3?`bG@' @8NDw9[MAw/[`\{P[ЙqDޢD)Fy5|37}e\ 7㌠6駛V {x5C7Wuc=tfZ}yPS$dȪ)N(~P"D74\9)螩zȧoF ۘsuG`f߰- t6EM++J9wwrHi3""CQL`FTMVYI2ZY9,+ QPफ़h[iRo視 yVi8an%[z"z%~@,61k"ϼ/cA6of!3^ ^"_v:ic(<)R1 1@e^*u1*z6`%Q</Pqg~fMX>&-\ʠaCo^Ėٵv"n,4NwBj(1pgi;Ìs,!aރx7?m 4@{4Hr(9Pųl1AЉ>bNܶ6 \=wVp*O¸ +ps?f F纓sX]%Qg %uqœj@@rv=~fX3&`~ImId b2OF:༓H_c%3S&"l }_|i9Gj!fIw" a(< bt N@U}Œ 1,ԟ#1@ Y{)n㠃Ռ[#|FWMPL\=O=j"6pΖl{jS鱻$Vr.Q =FwUcTx/ē_| 3+R1=zH|k,XoND !-^Πb/ysԷeEQ&PL–c#U%,yHRݤO[=$sDs݅ ߠ(b/<% * >#.X&">m?'.}Au;K"@"xrtPŗ;׶  Mm'#8C>ܸlQ޺%76x}Ҁ Χ^pgUvy*K*>`HA1^PM&2R8WD Q)YBAł?Vg;Y\) 3/* '8BU(][x[9ċO'W<߶JP+jdV(l:ؖ?^ c/pĶ`:#Vڕ*zYD1e~}=3Ӳg(q",@PpP+Kei$Vit9npS`hvp#b }u+y!.0: .X=l׉P#nH[TFM®,:v` {^];=k{!*kWЅnaTx囸9m@>{zwn}C\:1V`wY=g[8K cd. , $8jVI{{a0&iE-㨤t`C v_ʉ~ph;?҈Y>A wVǰYF!Ƨۅ7'TS*4.v>Ͻn̯]2xDh^N"?X=<,KN~LʅkcPֽk xٚջU$bC)yAC9Xqk @OunB<]SL&j1Bi6a1}bfYW`2-Z.<̳(`,Lv"VKJMΡmjP2aڇl*~H&&l{k+ЃD~xFs-^PQ> χ"@TNENE<<*ID~y)Vg@sOg |>":Ƹ0X+n:' ޗX{yB(;W=n]~9!3L*`.g֯Ͱ>!2D!6xfEhEisşKO||:Š6Ҝ%!tnΚi B"Ew8;k]}LVzS_%ȕ/g2f#xoUA5̚J"4&o)FҢpL\岞*jaKm>8n~;1{6JܖmJ@UN9VKI+^iDNƇ΢c>tgLt )2)v}ml-c6C-{)zp*