For years Microsoft has been cast as a company that didn't understand computer security. But the tide has been turning and now Microsoft is turning out some of the most secure software in the industry. Since Windows XP Pro SP2 and Windows Server 2003 SP1, Microsoft has been taking increasing flack for pushing too much security too fast on end users, often at the expense of security over functionality. This is quite a change from the past. For those of us with over a decade of experience in securing Windows, we can't believe our fortune. Will Windows Vista finally defeat malicious hackers and malware? Probably not, but it will make the job tough on those who mean to cause others harm.
This chapter covered the most significant new security features in Windows Vista. To recap, the features most likely to make a practical impact on your computing experience are:
User Account Control
Internet Explorer-Protected Mode
Mandatory Integrity Controls
BitLocker Drive Encryption
Portable Media Control
Device/Driver Control
800 New Group Policy Settings
More Secure Defaults
Harden Services
Secure Desktop
Startup Repair Tool
Improved Event Logs
Event Triggers and Event Forwarding
IIS 7
Improved Patch Management
Decrease Risk when admins are logged in
Potentially Less Admins Needed
Session Isolation
Previous Version client installed by default
Improved EFS
CardSpace
Windows Defender
Improved RDP authentication
IPv6
File and Registry Virtualization
Improved Crash Diagnostics
New Logon API
Believe it or not, as long as this chapter is, there are hundreds of other improved security features that could not be fit in this introduction. Nearly every application, aspect, and feature has been re-examined, starting with an increased focus on the Security Development Lifecycle, threat modeling, and a more secure programming language. Significant security improvements have been made to host applications, booting sequence, logon architecture, NTFS, encryption, Internet security, and networking stack. Windows Vista's new mandatory integrity controls, User Account Control, and file and registry virtualization are truly paradigm shifting changes, which will make Windows an even more secure platform choice.
Upcoming chapters will cover the major improvements in more detail. Chapter 2 describes how attackers and malware exploit Windows, and introduces a few areas of potential weaknesses in Windows Vista.