Check out the top ten security features added or improved in Windows 7

When people are discussing the elegant interface brought by the new operating system of Windows 7: the new toolbar, the perfect sidebar, the new interface of Windows Explorer at the same time. In addition to the improved appearance, there are no small changes in the underlying system, including innovative security features. Let's take a look at the top ten security features added or improved in Windows 7.

1, Action Center

In Vista, we can set the security features of the system through the Security Center in the control panel. And in Windows 7, there is no shadow of the Security Center. This is because the Security Center has been integrated into the new Action Center. In addition to the original security settings, Action Center includes other options for managing tasks such as Backup, Troubleshooting And Diagnostics and Windows Update. Figure A is the Action Center interface.

Figure A: Action Center absorbs parts of the original Security Center

2, UAC changes

User Account Control (UAC) is introduced by Vista The concept is designed to help users better protect the system and prevent malware from invading. It runs all accounts, including administrator accounts, with standard account permissions. If some of the actions the user requires administrator privileges, you will need to request permission first. This mechanism has led to a large number of user complaints, and many users have chosen to turn off UAC, which in turn has exposed their systems to greater security risks.

In Windows 7, UAC still exists, but users have more choices. In the Action Center, users can perform four configurations for UAC:

◆When the user installs the software or modifies the Windows system settings, the user is always reminded (same as the Vista system).

◆When the user reminds the user when installing the software, the user is not reminded when modifying the Windows settings (current default settings).

◆When the user installs the software, the user is reminded, but when the UAC security desktop is closed, the other areas of the desktop will not be invalid when prompted.

◆ Never remind the user (this method is not recommended)

As shown in Figure B, we can select the corresponding way by sliding the slider.

Figure B: Use the slider to determine when and how the UAC reminds the user

3, Improved BitLocker

I rarely use BitLocker in Vista. Because first, this technology only encrypts the operating system partition. This is great for notebooks, but it's not useful for my desktop because the desktop is in a very secure location. Service Pack 1 adds the ability to encrypt other disks, and it works well, but it can only be used on hard drives. What I need is to encrypt the function of the mobile hard disk or USB flash drive, because this storage medium is mobile and easier to lose.

We saw a gratifying improvement in Windows 7. BitLocker has been able to encrypt mobile disks and is easy to use. We just need to open BitLocker in the control panel, select the disk we need to encrypt, and click on Turn On BitLocker. Removable storage devices are displayed in the BitLocker To Go category, as shown in Figure C.

Figure C: We can use BitLocker to encrypt USB storage devices

It is important to note that, like Vista, BitLocker is not included in the Windows 7 operating system for the home version. .

4, DirectAccess

A new feature that Windows 7 brings to us is DirectAccess, which allows remote users to securely access the company's intranet via the Internet without the aid of a VPN. Administrators can manage remote computers by applying Group Policy settings and other means, and even remote computers can be automatically updated when they access the Internet, regardless of whether the computer is connected to the corporate intranet.

DirectAccess also supports smart cards with multiple authentication mechanisms and IPsec and IPv6 for encrypted transmission.

5, Biometric Security Features

The safest method of identification is to use biological methods, or fingerprints, retinal scans, DNA and other unique physical features to verify . Although Windows does not currently have a built-in DNA sample detection feature, it does include fingerprint reading. Windows supports users to log in to the system through fingerprint recognition, and many laptops pre-installed with Vista have fingerprint scanners. However, in Vista, fingerprint recognition is implemented through third-party programs. And the fingerprint recognition function already built in Windows 7.

The Biometric Devices program in the Control Panel (shown in Figure D) allows the user to configure the fingerprint sensor (this is currently the only supported biometric authentication device).

Figure D: Now Windows has built-in fingerprint recognition function

6, AppLocker

has a software restriction policy in both XP and Vista. This is a very good security measure. Administrators can use Group Policy to prevent users from running certain programs that may pose a security risk. However, in these two systems, the software restriction strategy is used very frequently because it is not easy to use.

Windows 7 has improved this concept and developed a feature called AppLocker. AppLocker is also embedded in Windows Server 2008 R2. It is simple to use and gives administrators more control over their capabilities. Administrators can use AppLocker in conjunction with Group Policy for the entire domain, or they can use this feature in conjunction with local security policies on a single machine. As shown in Figure E, AppLocker is located on the next level of the Application Control PolicIEs node.

Figure E: AppLocker has the same functionality and software restriction policy, but is easier to use.

Win7 also supports traditional software restriction policies because AppLocker is not integrated at all. The version of Windows 7 is.

7, Windows Filtering Platform (WFP)

Windows Filtering Platform (WFP) is a set of APIs introduced in Vista. In Windows 7, developers can embed Windows Firewall into the software they develop through this set of APIs. This situation allows third-party programs to turn off certain settings of the Windows Firewall at the appropriate time.

8, PowerShell v2

Windows 7 integrates PowerShell v2, a command-line interface that allows administrators to manage a variety of settings, including Group Policy security settings, from the command line. Administrators can also combine multiple command lines to form a script. For the same task, using the command line is a more step-saving step than a graphical interface.

Windows 7 also integrates PowerShell Integrated Scripting Environment (ISE) (Figure F), which is a graphical interface version of PowerShell.

Figure F: Windows 7 integrates PowerShell v.2 and PowerShell ISE

9, DNSSec

Windows 7 supports DNSSec (Domain Name System Security) It extends security to the DNS platform. With DNSSec, a DNS zone can use digital signature technology and use this technology to identify the credibility of the data received.

The DNS client does not implement DNS authorization on its own, but waits for the server to return the authorization result.

10, Internet Explorer 8

The browser that comes with Windows 7 is IE8, and the security provided includes:

◆SmartScreen Filter– instead of/expanding IE7 The phishing filter in the middle.

◆The XSS Filter - Defense against cross-border scripting attacks.

◆Domain Highlighting — Emphasizes the key parts of the URL to give users a clear idea of ​​the site they are visiting.

◆ Better security control for ActiveX.

◆Data Execution Prevention (DEP) is turned on by default.