A first look at Windows 7 security enhancements

The User Account Control was designed to improve security on Windows Vista. Every time a user attempts to perform an action that requires more escalated privileges, the UAC prompts asks them for administrative credentials. Unless an administrator authorizes an action, the user can not proceed. If the user is logged in as an administrator, the UAC will display a nag screen every time administrative action is performed.

UAC nag screens are designed to inform the user of what's going on in their system. For example, if malware attempts to corrupt the system, a UAC nag screen would appear to warn user before the malware could act.

While these two features have potential to minimize security risks, Microsoft has received more complaints than accolades about them. Both users and system administrators alike have complained how these prompts interrupt their workflow. In an effort to appease customers, Microsoft redesigned this UAC feature for Windows 7.

UAC changes in Windows 7
In Windows Vista, the OS alerts users to any major configuration change. When designing Windows 7, Microsoft wanted to reduce the amount of prompts users received. Therefore, in Windows 7, the users only receive prompts if an application attempts to make a configuration change. If the changes are initiated by the user or by the OS itself, a prompt will not appear.

Keep in mind though, that this is the default behavior. Unlike Vista, Windows 7 can be configured so that you can control the number of prompts that you receive. In Windows 7, the Security Center in the control panel has been replaced by the Action Center as seen in Figure A. This serves as a ce...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Windows desktop security tips Structuring patch management in seven steps Underlying causes of inconsistent patch management Monitoring user activity with network analyzers Microsoft's Patch Tuesday brings a bumper crop of security fixes Using third-party technologies with Microsoft's NAP Understanding Microsoft's NAP's internal and external components Microsoft's NAP can ensure security compliance Top 5 registry keys for Windows XP Secure Windows XP before a Windows 7 upgrade Nine common password oversights to avoid Microsoft Windows 7 operating system Windows 7 launches, offers salvation from Vista Converting Windows 7 deployment images to virtual hard drive files Using Windows 7 to configure workstations for optimal power management MDOP for Windows 7 available now An intro to Windows 7's Deployment Image Servicing and Management tool Guide to converting from Windows XP to Windows 7 Manage the desktop image lifecycle to limit work, ensure security Microsoft Desktop Optimization Pack 2009 R2 adds Windows 7 support Has Microsoft corrected Vista annoyances in Windows 7? Protect your computer from direct attacks in Windows 7 Microsoft Windows Vista operating system Windows 7 launches, offers salvation from Vista An intro to Windows 7's Deployment Image Servicing and Management tool Guide to converting from Windows XP to Windows 7 Choosing the best way to install images Has Microsoft corrected Vista annoyances in Windows 7? Microsoft's August patches run the gamut Your questions answered: The Windows 7 upgrade quandary Windows Vista users get little pricing relief on Windows 7 Combining folder redirection with roaming profiles IPv6 protocol, Windows Vista features simplify peer ad-hoc networking

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary desktop management  (SearchEnterpriseDesktop.com) Vista  (SearchEnterpriseDesktop.com) Vista glossary  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

ntralized place for managing security and other pressing issues.

[IMAGE]
Figure A Windows Security Center has been replaced by the Action Center. (Click on image for enlarged view.)

Notice the User Account Control Settings link on the left side of Figure A. Clicking this link will take you to the screen shown in Figure B. This figure illustrates how Windows 7 gives you the ability to adjust the number of messages that you see.

[IMAGE]
Figure B Windows 7 gives you the ability to control the number of prompts that you receive. (Click on image for enlarged view.)

The default setting prevents you from being notified when you initiate a change to the Windows configuration. You are only notified when an application attempts to make a change. When the slide bar is moved higher, the User Account Control performs in basically the same way that it did in Windows Vista, alerting you to both user and application initiated changes.

When the slide bar is moved a notch lower, the UAC will behave in basically the same way as it does by default, but with one difference: Windows does not dim the screen when prompts are displayed. This presents a security risk because the dimming of the desktop prevents malware from displaying false notifications in an effort to get you to click on something, and it prevents malware from interfering with legitimate notifications. Disabling the dimming of the desktop exposes you to these types of security threats. The lowest notch on the sidebar completely disables User Account Control prompts.

Windows 7 User Account Control feature controversy
The User Account Control feature in Windows 7 has been met with some controversy. Why? Some people, including myself, feel that decreasing the number of prompts that the UAC displays increases the odds that a malware infection will go unnoticed. Others feel that the UAC nag screen has become such a nuisance that no one pays attention to them anymore; or users ignore the message and click whatever it takes to make the message go away.

Controversy or no controversy it's important to keep in mind Windows 7 is still in beta testing. Therefore, the UAC feature and the way it behaves could potentially change by the time that Windows 7 is ultimately released next year.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.