Windows Vista security features: Separating real benefits from the marketing hype

With the pending release of Windows Vista, I thought it might be interesting to take a look over the new security features on offer. There has been much talk of advanced security controls, improved resistance to malicious software and viruses. How good are these new features, do they work, or are they just a marketing gimmick?

One of the most talked about security features of Windows Vista won’t be available until Windows Server Longhorn is released (currently in the Beta testing phase). Network Access Protection (NAP) will ensure that all computers connecting to a Microsoft Windows network comply with predefined security policies. For example, network administrators may deny network access to any client machine which does not comply with a system health requirement. If a client machine is not up to date with all critical Windows updates and security patches, it may be quarantined until such updates have been applied. This is an interesting development in network security although it will be quite some time before results are seen—Longhorn isn’t out yet, and once it is released, it will be a while until most companies start to adopt the Longhorn/Vista combination.

User Account Control (UAC) is a new mechanism within Windows Vista that allows a user to elevate privileges temporarily in order to perform some action, which requires higher-level system access. This means that users can run a user account with low-level privileges and only elevate these as and when required; examples of actions which may require elevated privileges would be installing a new device driver, adjusting system settings, or executing unknown ActiveX controls. Currently, if a user does not have permissions to perform an action, access is denied, and there is no option to override; this leads to many users running in full admin mode, which leaves them more vulnerable to viral infection. By giving users the option to run in a safe mode as standard and elevate their privilege levels as required, it is hoped that the risk of unauthorised activities will be reduced. A very similar system of privilege escalation has been present in Linux and Mac systems for a long time. Users encountered another problem while trying to run some legacy applications under limited privileges in Windows XP—the applications required higher level access to the system registry or files, and therefore failed to run. UAC attempts to tackle this with file and registry virtualisation; I’ll be very interested to see how effective this is.

A new feature available with Windows Vista Enterprise and Ultimate editions is BitLocker Drive Encryption. With BitLocker active, there must be two volumes (partitions) on the hard disk, the system volume on which BitLocker is installed (this is not encrypted), and the boot volume on which Windows Vista is installed (this volume is encrypted). There are three possible boot modes: two that require the computer to be equipped with a TPM chip and one that simply uses a USB key. The functionality of BitLocker is somewhat limited as only the system volume can be encrypted—it is believed that Windows Server Longhorn will extend BitLocker protection to data volumes, although an Encrypting File System is still the recommended way to encrypt data on the fly. Despite rumours that Microsoft would be working with authorities to provide a backdoor bypassing volume encryption, Microsoft claims that this is nonsense.

Other security related features incorporated into Windows Vista include IE7’s default ‘protected mode’, ActiveX controls being disabled by default, and the anti-phishing filter. Windows Defender is also installed and enabled by default. While marketing types are heralding these as ground breaking features, anyone running Windows XP can install IE7 and Windows Defender, so they aren’t really new features of Windows Vista; they are simply marketing gimmicks.

The Windows firewall is still present and has been upgraded with support for filtering incoming and outgoing traffic. Rules can now be created to grant and deny to certain services network access.

Overall, while there have been some improvements to security in Windows Vista, they are by no means ground breaking. I fear that malware and Trojan infections will still be rife as underground movements focus their energy on bypassing and breaking any new barriers that have been implemented. BitLocker encryption is disappointing due to its limited scope and lack of flexibility; NAP will not offer any benefits until ‘Longhorn’ is deployed, which will probably be a few years away (and in the mean time people will be working on breaking it). UAC is a nice touch which should have been implemented long ago; malicious software wanting to bypass this will probably depend on both exploiting vulnerabilities and social engineering techniques.

Editor's Picks

Free Newsletters, In your Inbox