Until now, Windows Vista was the most secure version of the Windows operating system. Windows 7 picks up where Vista left off, and improves on that foundation to provide an even more secure computing experience.
Microsoft also incorporated user feedback about Vista to enrich the user experience and to ensure that the security features are intuitive and user-friendly. Here’s a look at some of the more significant security enhancements in Windows 7.
Core System Security
As it did with Windows Vista, Microsoft developed Windows 7 according to the Security Development Lifecycle (SDL). It built the new OS from the ground up to be a secure computing environment and retained the key security features that helped protect Vista, such as Kernel Patch Protection, Data Execution Prevention (DE P), Address Space Layout Randomization (ASLR), and Mandatory Integrity Levels. These features provide a strong foundation to guard against malicious software and other attacks. A few key elements are worth noting.
You’re probably familiar with UAC, or User Account Control. Introduced with Windows Vista, the feature is meant to help enforce least-privileged access and to improve the total cost of ownership by allowing organisations to deploy the operating system without granting administrator access to users. Though Microsoft’s primary intent with UAC was to force software developers to use better coding practices and not expect access to sensitive areas of the operating system, most people have perceived UAC as a security feature.
When users think of UAC, they typically associate it with the access-consent prompts it issues. Though Microsoft has made significant progress since Vista’s introduction in reducing the types and number of events that trigger the UAC prompt (or that prevent standard users from executing tasks entirely), UAC has still been the subject of a great deal of negative feedback for Vista.
With Windows 7, Microsoft has again reduced the number of applications and operating system tasks that trigger the prompt. It has also incorporated a more flexible interface for UAC. Under User Accounts in the Control Panel, you can select Change User Account Control Settings to adjust the feature with a slider.
The configuration slider lets you choose from among four levels of UAC protection, ranging from Always Notify (essentially the level of UAC protection that Windows Vista provides) to Never Notify. Obviously, you’ll get the most protection with Always Notify. The advantage to setting the slider to Never Notify as opposed to disabling UAC completely is that the prompt is only one aspect of what UAC does. Under the Never Notify setting, though UAC pop-ups will no longer interrupt you, some of UAC’s core protections will remain, including Protected Mode Internet Explorer.