We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Microsoft talks up Vista security features

No need to put superglue in USB ports

Encryption and policy-control functions being built into Microsoft's Vista OS (operating system) will help make it easier for enterprises to protect against data compromises such as the one involving the VA (the US Department of Veterans Affairs) publicised earlier this week, a company executive said Wednesday.

On Monday the VA said the names, Social Security numbers and birth dates of more than 26 million veterans discharged since 1975 had been compromised when a computer containing the information was stolen from the home of a data analyst.

Vista technologies such as BitLocker and Group Policy Console will improve the ability of companies to protect against these kind of compromises, said Mike Chan, a senior technical product manager for Microsoft's Vista team, who delivered a keynote at the Microsoft Security Summit this week.

Vista's BitLocker, for instance, will allow companies to encrypt all of the data on their hard drives using 1,024bit encryption, Chan said. The key used for encrypting the data is not stored on the hard drive but on a separate Trusted Platform Module microchip mounted on the motherboard, allowing for full encryption of the hard drive. The goal is to give companies a way to protect sensitive data from compromise even when a computer or hard drive is lost or stolen, he said.

Vista's support for data encryption is useful, but a lot depends on the key-management and -recovery capabilities it offers, said Lloyd Hession, chief security officer at BT Radianz, a telecommunications company for financial companies based in New York.

Encryption at the OS level is a good thing, Hession said, but the big problem with encryption in general has been the issue of data recovery in the event of hardware failure or key loss. It's one of the reasons why few companies encrypt data at the desktop level despite the many benefits.

Microsoft therefore needs to make its encryption capabilities easy to use for it to make a difference among enterprise users, Hession added.

Meanwhile, enhanced group policy controls in Vista will allow administrators to exercise much greater control over end-user systems than current Windows technologies permit, Chan said. With the new controls, IT administrators could enforce polices that prevent users from connecting USB flash drives on their systems without explicit administrator authorisation he said.

"It's much superior, by the way, to the old method of caulking," Chan said. Or even supergluing USB ports to prevent them from being illegally used.


IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model