A first look at Windows 7 security enhancements

Microsoft plans to address complaints about the much-maligned security features in Vista -- chiefly the UAC and nag screens -- in the release of Windows 7.

Windows Vista is perhaps the most unpopular operating system that Microsoft has ever released. With the release

of Windows 7, the software giant is hoping to appease customers by addressing the major complaints against Vista and improving on two security features -- the User Account Control and the UAC nag screen .

The User Account Control was designed to improve security on Windows Vista. Every time a user attempts to perform an action that requires more escalated privileges, the UAC prompts asks them for administrative credentials. Unless an administrator authorizes an action, the user can not proceed. If the user is logged in as an administrator, the UAC will display a nag screen every time administrative action is performed.

UAC nag screens are designed to inform the user of what's going on in their system. For example, if malware attempts to corrupt the system, a UAC nag screen would appear to warn user before the malware could act.

While these two features have potential to minimize security risks, Microsoft has received more complaints than accolades about them. Both users and system administrators alike have complained how these prompts interrupt their workflow. In an effort to appease customers, Microsoft redesigned this UAC feature for Windows 7.

UAC changes in Windows 7
In Windows Vista, the OS alerts users to any major configuration change. When designing Windows 7, Microsoft wanted to reduce the amount of prompts users received. Therefore, in Windows 7, the users only receive prompts if an application attempts to make a configuration change. If the changes are initiated by the user or by the OS itself, a prompt will not appear.

Keep in mind though, that this is the default behavior. Unlike Vista, Windows 7 can be configured so that you can control the number of prompts that you receive. In Windows 7, the Security Center in the control panel has been replaced by the Action Center as seen in Figure A. This serves as a centralized place for managing security and other pressing issues.

Windows 7 Security Figure A
Figure A Windows Security Center has been replaced by the Action Center. (Click on image for enlarged view.)

Notice the User Account Control Settings link on the left side of Figure A. Clicking this link will take you to the screen shown in Figure B. This figure illustrates how Windows 7 gives you the ability to adjust the number of messages that you see.

Windows 7 Security Figure B
Figure B Windows 7 gives you the ability to control the number of prompts that you receive. (Click on image for enlarged view.)

The default setting prevents you from being notified when you initiate a change to the Windows configuration. You are only notified when an application attempts to make a change. When the slide bar is moved higher, the User Account Control performs in basically the same way that it did in Windows Vista, alerting you to both user and application initiated changes.

More on Windows security:
  • Top 10 ways to improve Windows Vista security
  • Top Windows client security tools for end users
  • When the slide bar is moved a notch lower, the UAC will behave in basically the same way as it does by default, but with one difference: Windows does not dim the screen when prompts are displayed. This presents a security risk because the dimming of the desktop prevents malware from displaying false notifications in an effort to get you to click on something, and it prevents malware from interfering with legitimate notifications. Disabling the dimming of the desktop exposes you to these types of security threats. The lowest notch on the sidebar completely disables User Account Control prompts.

    Windows 7 User Account Control feature controversy
    The User Account Control feature in Windows 7 has been met with some controversy. Why? Some people, including myself, feel that decreasing the number of prompts that the UAC displays increases the odds that a malware infection will go unnoticed. Others feel that the UAC nag screen has become such a nuisance that no one pays attention to them anymore; or users ignore the message and click whatever it takes to make the message go away.

    Controversy or no controversy it's important to keep in mind Windows 7 is still in beta testing. Therefore, the UAC feature and the way it behaves could potentially change by the time that Windows 7 is ultimately released next year.

    This was first published in March 2009

    Dig deeper on Microsoft Windows 7 operating system

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    SearchVirtualDesktop

    SearchWindowsServer

    SearchExchange

    Close