Pin Me

Here’s why you should consider switching to Windows Vista for more security

written by: Mark Muller•edited by: Bill Bunter•updated: 8/8/2011

Windows security has been given high priority in Vista development. The ten top security reasons to use Windows Vista will show why Vista is the most secure desktop operating system ever built by Microsoft - much more difficult to exploit. The best Vista security reasons include valuable tips, too.

  • slide 1 of 12

    This top ten security reasons to use Windows Vista generally apply to Windows Vista Business, Windows Vista Premium, Windows Vista Home as well as the Vista Ultimate edition:

  • slide 2 of 12

    # 1: User Account Control

    User Account Control (UAC) is a Windows Vista feature which prevents unauthorized changes and helps keeping malware out of your system by a method called Mandatory Integrity Control (MIC). MIC prevents processes to write to objects with higher integrity levels unless authorized by a computer administrator. This Admin Approval Mode (AAM) starts when a program or Vista needs permission to continue, and when unidentified application wants access to your system. UAC implements the principle of the least privilege in that all users including administrators only have standard privileges unless an operation requires administrative permissions and thus starts AAM.

  • slide 3 of 12

    # 2: BitLocker Drive Encryption

    BitLocker Drive Encryption encrypts volumes on your local hard disk including the Vista system drive to protect your system and data. You can work with the encrypted Vista normally, but if somebody alters the BIOS, changes startup files or when BitLocker Drive Encryption detects another anomaly which could pose a security risk Windows will not start until unlocked with your recovery password. BitLocker Drive Encryption is particularly useful if your laptop gets lost or stolen: even if the hard disk is inserted in another computer all encrypted content remains secure. BitLocker Drive Encryption is restricted to Windows Vista Ultimate and Enterprise editions, which also fully support Encrypting File System (EFS) to encrypt individual files.

  • slide 4 of 12

    # 3: Windows Resource Protection

    Windows Resource Protection (WRP) is a property of Windows Vista which protects executables, critical system files and folders as well as parts of the Registry from modifications unless invoked by the Trusted Installer, a Vista security entity which is more privileged than administrators and your local system account. Thus, the successor of Windows File Protection does not even let administrators make changes to these objects by default; if required WRP lets you override the access control list entries of protected objects on an individual bases though.

  • slide 5 of 12

    # 4: Services Hardening

    Until Windows Vista services often ran as LocalSystem with excessive privileges. Windows services in Vista are now configured to run with the least privilege to accomplish their purpose, so as to be less attractive targets for writers of malicious software. On top of that does Vista make use of service isolation by means of limiting access to a particular service’s resources to those services whose Security IDs are present in the resource’s access control entries, usually the particular service’s SID only. Also, user applications and Windows services can no longer share the same session in Windows Vista: Session 0 is now exclusively used by Windows services with no interactive processes. Last but not least do Windows services have a firewall policy associated so that the Windows Vista firewall prevents or restricts network access of services which have no network functionality by design.

  • slide 6 of 12

    # 5: Windows Firewall with Advanced Security

    The Windows Vista firewall basic configurations can again be made in Control Panel, but to view or configure the advanced security options you have to open a MMC snap-in, or type firewall in Start Search. You can set rules for incoming and outgoing connections in three profiles depending whether you use Vista at home, at your workplace or in public places. In addition to that can you apply rules based on connection type, e.g. server-to-server or tunnel, and configure a variety of monitoring options. On top of that has the IPSec (Internet Protocol Security) protocol suite for IP-based encryption and authentication been integrated in the firewall. In short, the Windows Vista firewall with advanced security is a full-fledged host-based firewall.

  • slide 7 of 12

    # 6: Windows Defender Integration

    Windows Defender, Microsoft’s anti-spyware removal tool, has been integrated into Vista, too. Windows Defender does not replace anti-virus software but is effective against other unwanted and potentially unwanted software. The software protects your system in both, real-time when accessing objects, as well as trough periodic scans of your entire system. Windows Defender also includes Software Explorer, a tool to inspect and configure security-relevant properties of your Vista computer including auto start programs for example.

  • slide 8 of 12

    # 7: Internet Explorer Protected Mode

    Internet Explorer in Windows Vista by default runs in protected mode with an integrity level lower than that of a standard user. This permits you to browse with an additional layer of protection against drive-by downloads (applications that install without user intervention, just by visiting a web site) and alterations of system files and computer configuration through a vulnerability in Internet Explorer. Applications may write to virtual temporary files of low integrity, but access to normal-integrity objects is only possible utilizing an intermediary security process.

  • slide 9 of 12

    # 8: Network Access Protection

    Network Access Protection (NAP) checks whether Vista-based computers connecting to a LAN or corporate network have the required security software, such as anti-virus software, installed and, equally important, if their security software is up to date. Computers not meeting the NAP requirements can be blocked, restricted or automatically updated. Thus, Network Access Protection particularly aims at preventing viruses and malware from entering the IT-infrastructure trough mobile or remote Windows Vista computers.

  • slide 10 of 12

    # 9: Anti-Phishing

    Windows Mail, which replaces Outlook Express as default email client in Windows in Vista, has an integrated phishing filter which analyzes incoming mails for deceptive links and URLs known as bogus Web sites. Vista’s Internet Explorer phishing filter goes beyond Windows Mail’s method of comparing URLs to a locally stored blacklist, and permits your browser to check the current Web address on the fly with Microsoft’s online database of blacklisted sites. A method to report a fraudulent web address is also included in Vista’s Internet Explorer of course.

  • slide 11 of 12

    # 10: Parental Controls

    Windows Vista Parental Controls lets you restrict the web sites your kids can visit based on Web address, content and age group-rating. With Windows Vista you will be also in a position to allow or deny your children to download files from the Internet. Parental Controls furthermore provides the option to give the nod or block specific programs, set time limits for your offspring’s use of the Vista computer, and control which kind of games they can play. In addition to that you can view an activity report about computer usage of each user you specify.

  • slide 12 of 12

    Conclusion

    Security has been on the forefront of Vista development and remains a key reason to upgrade to Windows Vista; the top ten security reasons to use Windows Vista generally apply to Windows Vista Business, Windows Vista Premium, Windows Vista Home as well as the Vista Ultimate edition. While the release of Windows 7 may be just around the corner, Windows Vista continues to be a preferred upgrade for the many home and business users who are still using Windows XP.

References

  • Author's own experience