By Andrew Garcia  |  Posted 2006-11-26 Print this article Print

-spyware and Firewall"> Anti-spyware and Firewall Vista comes bundled with the Windows Defender Anti-Spyware program. In previous tests, weve found Windows Defender to be an adequate solution for detecting, removing and preventing spyware, and that legacy continues in Vista. Windows Defender could make a decent second line of defense behind a corporations standard anti-virus/anti-spyware solution of choice. Because it lacks centralized policy control, status monitoring and reporting capabilities, corporations will need to have another solution in place to provide the documentation and controls necessary to comply with various regulations.
Through Active Directory Group Policy, we could control only a few Windows Defender actions: We could disable or enable the program, enable a few logging metrics, and configure SpyNet reporting characteristics. We could not schedule scans, do much to change the signature update checking interval or designate some form of centralized reporting. The controls we could enable apply only to Vista machines and not to legacy versions of Windows that had Windows Defender installed as a stand-alone application. Waiting in the wings to provide enterprise-grade management and reporting capabilities is Microsofts ForeFront Client Security suite. ForeFront, due in the second quarter of 2007, leverages the same anti-spyware capabilities as Windows Defender and the same anti-virus engine as OneCare. (A beta version of ForeFront can be downloaded here.) Vista marks the first Windows operating system to provide an integrated two-way firewall, which we found to be satisfactory overall. Whereas the integrated firewall that came with Windows XP blocked only inbound network traffic, Vistas firewall can also monitor and block outbound traffic, potentially cutting off unauthorized traffic from already installed applications. Is Vista unsinkable? Click here to read more. The basic Windows Firewall Settings configuration pane looks similar to the configuration pane of the XP firewall, although a new button to block all incoming settings has replaced the old option to prohibit policy exceptions. Drilling down, the Policy Exceptions page looks largely the same as with XPs iteration, but ICMP (Internet Control Message Protocol) exemption rules are conspicuously missing. These exemption policies, along with policy controls for outbound traffic, are now located in a new MMC (Microsoft Management Console)-based configuration screen called Windows Firewall with Advanced Security. Although we found the entire integrated firewall solution highly functional, we doubt it will gain much traction in a large enterprise that must continue to support legacy Windows operating systems for the foreseeable future. For the sake of management simplification, an organization that has already standardized on a third-party firewall solution for XP-based workstations will be highly disinclined to implement and manage Vistas Windows Firewall separately. Instead, they will more likely roll out the third partys Vista Firewall solution, whenever that becomes available. User Account Control Vistas UAC marks the first time that Microsoft has attempted to create an operating system on which the user is supposed to run with limited local rights rather than with administrator credentials. Central administrators can dictate two UAC modes: Users can be denied the rights to administrative functions, such as installing software and changing system settings, or they can be warned in a secured interface whenever an administrative action is being initiated. Run in the latter mode, UAC generates enough warning messages that users will likely become inured to the messages contents—likely clicking "yes," "yes," "yes" by rote. IT managers who figured out the ins and outs of LUA (Least User Privilege) on XP- or Windows 2000-based systems will likely not subject their users to this and will run UAC in the first mode described. We like the leap of thinking Microsoft has taken with UAC, acknowledging that users should not be running with administrative privileges 100 percent of the time. But UAC provides measures that diligent IT departments should have taken—and hopefully did take—long ago. Technical Analyst Andrew Garcia can be reached at Check out eWEEK.coms for Microsoft and Windows news, views and analysis.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel