Microsoft Windows Vista: Security enhancements and other key features

Check out this excerpt from Microsoft Windows Vista Unleashed by Paul McFedries, with details on security features such as User Account Control (UAC) and Windows Firewall.

SP1 and R2 Microsoft Windows Vista Unleashed
By Paul McFedries

Microsoft Windows Vista Unleashed offers IT professionals details on the new features and improvements included with Windows Vista, as well as a fresh approach to unleashing the vast potential of Microsoft's latest desktop operating system.

Purchase the full book, Microsoft Windows Vista Unleashed.

  Performance and stability improvements
  Security enhancements and other key features
  IE7, Windows Mail and Windows Calendar

The following excerpt is from chapter one entitled "An Overview of Windows Vista."

Security Enhancements
With reports of new Windows XP vulnerabilities coming in with stomach-lurching regularity, we all hope that Vista has a much better security track record. It's still too early to tell -- and nefarious hackers are exceptionally clever -- but it certainly looks as though Microsoft is heading in the right direction with Vista:

User Account Control -- This new (and very controversial) feature ensures that every Vista user runs with only limited privileges, even those accounts that are part of the Administrators group (except the Administrator account itself). In other words, each user runs as a "least privileged user," which means users have only the minimum privileges they require for day-to-day work. This also means that any malicious users or programs that gain access to the system also run with only limited privileges, thus limiting the amount of damage they can do. The downside (and the source of the controversy) is that you are constantly pestered with security dialog boxes that ask for your approval or credentials to perform even trivial tasks, such as deleting certain files.

Windows Firewall -- This feature is now bidirectional, which means that it blocks not only unauthorized incoming traffic, but also unauthorized outgoing traffic. For example, if your computer has a Trojan horse installed, it might attempt to send data out to the Web, but the firewall's outgoing protection will prevent this.

Windows Defender -- This is the Windows Vista antispyware program. (Spyware is a program that surreptitiously monitors a user's computer activities or harvests sensitive data on the user's computer, and then sends that information to an individual or a company via the user's Internet connection.) Windows Defender prevents spyware from being installed on your system and monitors your system in real-time to look for signs of spyware activity.

Internet Explorer Protected mode -- This new operating mode for Internet Explorer builds on the User Account Control feature. Protected mode means that Internet Explorer runs with a privilege level that's enough to surf the Web, but that's about it. Internet Explorer can't install software, modify the user's files or settings, add shortcuts to the Startup folder, or even change its own settings for the default home page and search engine. This is designed to thwart spyware and other malicious programs that attempt to gain access to your system through the web browser.

Phishing Filter -- Phishing refers to creating a replica of an existing web page to fool a user into submitting personal, financial, or password data. Internet Explorer's new Phishing Filter can alert you when you surf to a page that is a known phishing site, or it can warn you if the current page appears to be a phishing scam.

Junk Mail Filter -- Windows Mail (the Vista replacement for Outlook Express) comes with an antispam filter based on the one that's part of Microsoft Outlook. The Junk Mail Filter uses a sophisticated algorithm to scan incoming messages for signs of spam. If it finds any, it quarantines the spam in a separate Junk Mail folder.

Windows Service Hardening -- This new technology is designed to limit the damage that a compromised service can wreak on a system by (among other things) running all services in a lower privilege level, stripping services of permissions that they don't require, and applying restrictions to services that control exactly what they can do on a system.

Secure Startup -- This technology encrypts the entire system drive to prevent a malicious user from accessing your sensitive data. Secure Startup works by storing the keys that encrypt and decrypt the sectors on a system drive in a Trusted Platform Module (TPM) 1.2 chip, which is a hardware component available on many newer machines.

Network Access Protection (NAP) -- This service checks the health status of a computer, including its installed security patches, downloaded virus signatures, and security settings. If any health item is not completely up-to-date or within the network guidelines, the NAP enforcement service (running on a server that supports this feature) either doesn't let the computer log on to the network or shuttles the computer off to a restricted area of the network.

Parental Controls -- This feature enables you to place restrictions on the user accounts that you've assigned to your children. Using the new User Controls window in the Control Panel, you can allow or block specific websites, set up general site restrictions (such as Kids Websites Only), block content categories (such as Pornography, Mature Content, and Bomb Making), block file downloads, set time limits for computer use, allow or disallow games, restrict games based on ratings and contents, and allow or block specific programs.

Windows Presentation Foundation
The Windows Presentation Foundation (WPF) is Vista's new graphical subsystem, and it's responsible for all the interface changes in the Vista package. WPF implements a new graphics model that can take full advantage of today's powerful graphics processing units.

With WPF, all output goes through the powerful Direct3D layer (so that the CPU doesn't have to deal with any graphics); this output also is all vector based, so WPF produces extremely high-resolution images that are completely scalable.

Desktop Window Manager
The Desktop Window Manager (DWM) is a new technology that assumes control over the screen display. With Vista, applications draw their graphics to an offscreen buffer, and then the DWM composites the buffer contents on the screen.

Improved Graphics
The combination of the WPF and DWM means that Vista graphics are the best Windows graphics ever. Program and document windows no longer "tear" when you move them quickly across the screen, animations applied to actions such as minimizing a window are richer and more effective, icons scale up and down with no loss of quality, and transparency effects are applied to window title bars and borders.

Transactional NTFS
The Windows Vista file system implements a new technology called Transactional NTFS, or TxF, for short. TxF applies transactional database ideas to the file system. This means that if some mishap occurs to your data—it could be a system crash, a program crash, an overwrite to an important file, or even just imprudent edits to a file—Vista allows you to roll back the file to a previous version. It's a lot like the System Restore feature, except that it works not for the entire system, but for individual files, folders, and volumes.

XML Paper Specification
Windows Vista supports a new Microsoft document format called the XML Paper Specification, or XPS. This is an XML schema designed to create documents that are highfidelity reproductions of existing documents. In other words, documents published as XPS and opened in an XPS viewer program should look the same as they do in the original application. Microsoft has incorporated an XPS viewer into Windows Vista, so any Vista user will automatically be able to view XPS documents. (The viewer runs within Internet Explorer.)

Microsoft is also licensing XPS royalty-free so that developers can incorporate XPS viewing and publishing features into their products without cost. This means it should be easy to publish XPS documents from a variety of applications.

Continue to part three, IE7, Windows Mail and Windows Calendar.

Paul McFedries is the president of Logophilia Limited, a technical writing company. He has been working with computers for over 30 years, has been using Microsoft Windows since version 1, and is widely viewed as an expert in explaining Windows and Windows technology. Paul has written more than 40 books that have sold nearly three million copies worldwide.

Dig Deeper on Windows applications

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.