Sign in with
Sign up | Sign in

Windows 7 Security Features Revealed

By - Source: Tom's Hardware US | B 15 comments

Microsoft's Paul Cooke talks about the security features in the upcoming Windows 7 OS, covering subjects such as Multiple Active Firewall Policies, DirectAccess, and more.

Recently Microsoft's Paul Cooke, Program Manager for Windows Live, updated The Windows Security Blog with a lengthy insight to the new Windows 7 operating system, specifically the security features that will benefit the mobile worker. His update stems from hands-on experience at this week's RSA Conference, addressing five security features: Multiple Active Firewall Policies, DirectAccess, BranchCache, BitLocker To Go, and AppLocker. Cooke also hinted in the blog that the update was just the "tip of the iceberg," and for readers to stay tuned for more info on the new security technologies.

"We’re really excited about Windows 7’s new security features," he said. "This next OS is built upon the proven security technologies in Windows Vista and provides a fundamentally secure computing platform. We not only utilized enhanced Security Development Lifecycle (SDL) process during planning, development and testing but we also have worked to make the security features more discoverable, usable and manageable. These enhancements give Windows 7 the expanded security offerings to provide the necessary security controls to help mobile workers access the information they need to be productive, wherever and whenever they need it."

The first segment of his blog, Multiple Active Firewall Policies, describes how mobile users can create security problems when connecting to multiple networks on the road (while also connecting to the company network). Windows 7 eliminates the problem by enabling the PC to obtain and apply domain firewall profile information regardless of other networks that may be active on the PC. IT Pros can maintain a single set of rules for both remote clients and physically connected clients.

The next feature, DirectAccess, automatically establishes a bi-directional connection from mobile client computers to a corporate network. This means that the end-user is not required to connect via a VPN tunnel, but rather through a secured access through the Internet. DirectAccess also uses IPsec to authenticate the computer and user, encrypt the data crossing over the Internet, and can even be used to require employees to authenticate with a smart card. And since DirectAccess is always on, IT pros can distribute software updates and policies at any time.

Cooke also talked about BranchCache, a feature that will speed up network access for the employee working out of the branch office, performing as if they're working straight off the in-office corporate LAN. "BranchCache also helps reduce the utilization of the wide area network, he wrote.  "When BranchCache is enabled, a copy of any data accessed from Intranet Web sites and/or file servers is cached locally within the branch office. When another client on the same network requests the file, the client downloads it from the local cache without downloading the same content across the WAN."

Cooke goes on to talk about BitLocker To Go, an extension to BitLocker in Vista that allows users to encrypt the disk volume of removable storage devices with a password and/or a digital certificate stored on a smart card. The program will also share data with Vista and XP users via a read-on program called BitLocker To Go Reader. Additionally, Cooke said that Windows 7 will give control back to IT pros with AppLocker, a feature that helps them eliminate unknown and unwanted software from their network environment (such as user-installed P2P programs, unnecessary games, unlicensed software, etc). However, AppLocker also allows end-users to install and run approved applications and software updates based upon their business needs.

"AppLocker just might be my favorite security feature in Windows 7, for it not only provides security protections but as an ex-IT Pro I really appreciate the operational and compliance benefits as well," he said.

Look for more Windows 7 updates as the week unfolds. For more details on each feature listed here, check out his official blog.

Display 15 Comments.
This thread is closed for comments
  • 2 Hide
    scryer_360 , April 22, 2009 11:49 PM
    First.

    No no just kidding, there will be real substance to this comment.
    *ahem*

    Its all good and well that they have these features here, but what is really going to make or break these is if they actually work. I've seen some security features backfire by opening up new exploits before, so in the end, it all comes down to launch day. I can already see hackers looking for exploits in the Beta, the launch version will be interesting enough.
  • -3 Hide
    jhansonxi , April 22, 2009 11:54 PM
    Multiple Active Firewall Policies = Simply ties firewall settings to network profiles. So if an attacker wants to make a target's system more vulnerable, they just need to make it think it's on a safe corporate network.
    DirectAccess = Since when is a properly configured VPN client difficult to use?
    BranchCache = How does this compare to a caching proxy or Offline Files? Does this work with databases like Access? Might be useful for branch offices that are using consumer accounts with an ISP that has caps. Of course they could just get a normal business ISP connection.
    BitLocker To Go = Nice but not really new as there are third-party apps that can do the same.
    AppLocker = I guess it could be useful if you don't know how to lock down a desktop. So how does it handle a renamed application executable?
  • 3 Hide
    kato128 , April 23, 2009 12:39 AM
    @jhansonxi: I'm pretty sure DirectAccess is designed to be an always on type thing which will make those pesky remote password change problems go away and with any luck it'll remove the hassle of training users to actually start the vpn connection after login. Remember for us professionals a vpn is easy but a lot of users just can't understand it properly.
  • 3 Hide
    echdskech , April 23, 2009 12:41 AM
    It's funny how most of these features are already present, some ancient, in "other" OSes. Still I suppose its good to see they're going in the right direction. I just hope these do not affect performance too much or be annoying like UAC.
  • 1 Hide
    michaelahess , April 23, 2009 12:42 AM
    As long as we don't get the Local Connectivity only message when we plug into a modem the damn OS has never seen before. Infuriating, even with the firewall disabled. I hate Vista's network restriction.

    I don't know how many laptops come back to me cause they can't get on the net off another ap somewhere else in the world, even a netsh reset won't fix the issue all the time, let alone a "repair" attemp, what a joke that is.
  • -5 Hide
    tim_tj , April 23, 2009 2:30 AM
    What are the other latest features of Windows 7 that makes it more better than the previous versions?
  • -5 Hide
    tim_tj , April 23, 2009 2:32 AM
    ??????????????
  • 2 Hide
    kato128 , April 23, 2009 2:53 AM
    tim_tjWhat are the other latest features of Windows 7 that makes it more better than the previous versions?


    Take your pick:

    Improved CPU scalability (ie u actually get the extra grunt from ur quad core)
    Better security thru revised UAC
    Smaller memory foot print
    Improved boot and reboot speeds
    Revised and more useful interface

    Plus many more I haven't listed and you probably wont notice in every day operation but will in 6 months when your computer doesn't need a rebuild due to viruses etc like all the XP people.
  • -1 Hide
    kamkal , April 23, 2009 2:55 AM
    as long as win7 is quick



  • 2 Hide
    mitch074 , April 23, 2009 7:36 AM
    It's nice. Is it worth getting excited about? Not really.
  • -4 Hide
    coolkev99 , April 23, 2009 11:54 AM


    Seriously.
  • 0 Hide
    Anonymous , April 23, 2009 1:37 PM
    I don't even think I'm going to keep the beta of win 7.
    I'll probably buy it in a year,when SP1 or SP2 comes out on the original disk.
    For this time,I'll just use my XP OEM disk!

    I see no reason to switch just yet, since I'm not a gamer.
  • 1 Hide
    A Stoner , April 23, 2009 7:06 PM
    The names of the security features seemed way more enticing than the actual descriptions. I was like, WOW they are listening. Then I read the descriptions, and every single feature is for corporate users, not the average person trying to make their computer secure as well as responsive instead of nagging. He did state that they are trying to make all these features visible, so that the user can find them and use them, so that is at least a step in the direction I want Microsoft to be going as far as the OS is concerned. They spent the entire budget of Vista trying to hide everything behind the interface, maybe they are now trying to reveal some of these hidden items at last.
  • 1 Hide
    hksduhksdu , April 23, 2009 8:06 PM
    So if I am assuming the security feature is something like..

    "Are you sure you want to run this program? this program may contain malicious code that may harm your computer".

    But since this is Windows 7 so they may change the sentence a little bit..

    "Are you sure you want to run this program? This is the 7th times we have warned you about this file type! This program may contain malicious code that may harm your computer".

    :p 
  • -1 Hide
    kato128 , April 24, 2009 12:35 AM
    hksduhksduSo if I am assuming the security feature is something like.."Are you sure you want to run this program? this program may contain malicious code that may harm your computer".But since this is Windows 7 so they may change the sentence a little bit.."Are you sure you want to run this program? This is the 7th times we have warned you about this file type! This program may contain malicious code that may harm your computer".


    Actually the new UAC is much more benign than before. I can count on one hand the number of times its asked me if I'm sure in the last 3 months of use of the beta.