WASHINGTON—Theres a bushel of security enhancements in Windows Vista—they comprise the most important aspect of the new operating system and the most compelling reason to upgrade, analysts say—but theyre not all perfect, nor are they silver bullets.
Vistas BitLocker encryption, for example, is restricted from working alongside virtualization software, doesnt encrypt multiple disk volumes, and only ships to customers on Microsofts Software Assurance plan or with the Ultimate version of the operating system.
Each of Vistas security functions has similar quibbles associated with it—be they lack of features or license quirks—that enterprises must ponder. Given that, how does an enterprise determine which Vista security features to deploy and how to best deploy them?
Gartner analyst Neil MacDonald gave Gartners take here on June 4 at the research companys IT Security Summit. During his presentation, titled “Planning and Deploying the Security Features of Windows Vista,” MacDonald covered UAC (User Access Control), BitLocker, NAP (Network Access Protection), ASLR (Address Space Layout Randomization) and Windows Defender—the five heavyweights in Vistas new security lineup—providing pros, cons and advice on implementing each of those security features as well as other features that dont get as much attention.
But wait, you say. Youre not planning to deploy Vista any time soon, just like the majority of Windows users? After all, Microsoft has pledged security support for some variant of Windows XP until the end of 2013, making the suns setting on XP far from imminent. Fair enough, but bear in mind its not too early to start thinking of your enterprises Vista future, given that application vendors arent guaranteed to support XP for as long as Microsoft plans to.
“The bigger risk is not [the end of support and security fixes] from Microsoft but from application vendors,” MacDonald said.
With that in mind, eWEEK has put together five articles, each covering one of the top five Vista security features and Gartners take on its pros, cons and how to implement it, based on the companys presentation at its IT Security Summit.