Ever since Windows Vista was initially announced, Microsoft has claimed that it will be the most secure version of Windows ever created. Although Vista does offer a lot of promising new security features, you may be wondering what you can do to take advantage of those features once Vista is finally released toward the end of the year. In this article, I will attempt to answer this question by discussing some of Vista's new security features and the impact that they will likely have on you.
Code signing feature
In my opinion, the most significant security feature in Vista is code signing. The basic idea is that all of the system files have been digitally signed by Microsoft. This allows Vista to verify the authenticity of the system files and therefore to help protect the integrity of the operating system.
The reason this is important is because there have been a number of exploits over the years that involved replacing legitimate system files with malicious files. For virus authors, this is sort of like committing the perfect crime. The malicious files are hard to spot (without the aid of antivirus software) because they replace files that are supposed to be there. Furthermore, system files are trusted by the operating system and often run with elevated privileges, which allow a malicious replacement to run amok within the system.
The good news is that you won't really have to do anything to take advantage of this feature. Vista uses code signing and system file verification by default.
Windows Defender tool
I once said in an article that I believed Microsoft was the only company that really has the power to stop spyware. My reasoning behind this statement was that Microsoft is the only company with full, complete knowledge of the inner workings of Windows and of Internet Explorer. As such, it knows which files and settings are normal for Windows and for Internet Explorer. Therefore, it has the power to spot potentially malicious modifications.
It seems that Microsoft has finally come to the same realization. Windows Vista will include a new tool called Windows Defender. Windows Defender is a utility that is designed to fight spyware.
Like most, if not all, existing spyware products, Windows Defender is signature based. It might seem a little weird for a company that has such extensive knowledge regarding Windows and Internet Explorer to use a signature-based antispyware tool, but it makes sense if you really stop and think about it.
Obviously, Microsoft knows that the Windows system files and certain Registry keys should never be modified. However, there are Registry keys, INI files and other things that are routinely modified by perfectly legitimate applications. For example, the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Registry key is a favorite target of spyware authors, but Microsoft can't just block applications from modifying this Registry key because some applications (such as antivirus products) make legitimate use of the key. Therefore, Microsoft has chosen to use a spyware signature database to look for spyware in locations that cannot be blocked.
There is another component to Windows Defender that helps preserve the operating system's integrity. Any time you attempt to change a setting within the operating system, you will receive a Windows Security dialog box asking you to approve the action. I will be the first to admit that constantly being asked to approve this and that during the machine's initial configuration can quickly become annoying. However, this approval process goes a long way toward preserving the machine's integrity because it prevents a malicious script from modifying system settings without your knowledge or approval.
Secure Startup feature
One more security feature that I want to talk about is something new called Secure Startup. As you probably know, Windows XP allows users to encrypt file folders on the hard drive, but with the right utilities and physical access to the machine, a hacker can access the encrypted data in a matter of minutes. This issue is especially problematic for laptop users. If a thief steals a laptop, he could access the data contained on it even if encrypted folders and a CMOS password were in use.
This is where Secure Startup comes into play. Secure Startup (which is disabled by default) makes use of a chip on the computer's system board called the Trusted Platform Module (TPM). The TPM chip offers protected storage of digital certificates, encryption keys and passwords. Since this information is stored at the hardware level, it is much more resistant to tampering than a software solution would be.
The Secure Startup feature uses the TPM for two different things. First, it allows data on the hard drive to be encrypted in a more secure manner. Although I don't have any way of testing that at the present time, I have heard that Vista will even allow you to encrypt the contents of the system drive, called BitLocker.
The second thing TPM is used for is to verify that the system has not been tampered with since Vista was last used.
We all know that system boards occasionally go out, so what happens to the data that's encrypted on the hard drive if we can no longer access the TPM's contents? Vista allows you to create a recovery key that can be used in such cases. The dead machine's hard drive can be removed and placed into a different machine where the recovery key can unlock the encrypted data. The only catch is that the recovery key has to be created before a problem occurs.
As you can see, there are a number of new security features in Windows Vista. There's no way that I can possibly tell you about all of them in this one article. What I can tell you is that Vista isn't perfect, but I do believe that Vista is the most secure version of Windows ever created.
About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit his personal Web site at www.brienposey.com.
This tip originally appeared on SearchWindowsSecurity.com.
