Author's point of view: The next version of the Windows client provides some good features, but there is no right to speak without practice, we still have to wait until next year after its release, people have to run before they can do it A more objective and correct evaluation.
Over the years, especially after the Windows XP Service Pack 2 release, Microsoft has been redoubling its efforts to strengthen the security of Windows and Internet browsers. Sometimes, the efforts made by Microsoft are hard to see, but I think they have made progress. However, in the new version of Windows that is now being released, Microsoft really has the opportunity to do some work, and fundamentally cut the security.
Like Service Pack 2, these changes will disturb the peace of the existing application systems, require independent software vendors (ISV, Independent Software Vendor) and device driver developers to make the appropriate changes. I want to say that the law of things is like this. Just like when SP2 appeared, ISVs spent very, very much time updating their software. If a product can't work when Vista is available in the second half of next year, it can almost be asserted that it should be blamed for independent software developers.
other operating systems or third-party products provide many of these "new" features, but these features to make Windows the standard is not so easy. I am willing to do some work on several important features.
For a long time, collaborative IT has been known for managing Windows users with limited permissions, whether on the network or on a local host (if not known, it is not up to the job). For ordinary home users, it is not difficult to create such an account, but in general, collaborative IT is used for applications that require greater privileges, and these privileges are only available to a small percentage of Windows XP users.
In Windows Vista, first of all, the question of the attitude has changed. A privileged object is no longer a "very few" user, but now "rarely" is an account. It is not easy to get an account with administrator privileges, but usually, it is not necessary to have such an account. If you want to do something that requires administrator privileges, such as changing the firewall settings, the system can provide you with an opportunity to get an account with sufficient permissions, for example, give you an administrator account. In this way, you can use the normal account operating system, and you can have administrator privileges when needed. This is called "User Account Protection". In beta 1 version, this feature must be implemented manually.
Of course, this method directly from the Mac OS X, Mac advocates say this is the best way to solve the problem, but in fact for how this approach can protect your question, there are still some limitations . Many spyware or adware installed on Windows are not caused by the carelessness of users, they deliberately do so. You want that cool toolbar, and you know that you are installing a piece of software, so of course you will give it administrator privileges or what other conditions it needs. To install legitimate software, all you need to do is work. On the other hand, protection against silent drive-by downloads should be provided, otherwise silly users will be used again.
user account protection Another feature is that when writing a program to protect the file system and registry, which code is actually written in a separate area, maintained by a single user, called a virtual storage. This is the same as on the terminal server (Terminal Server). In fact, I really want to know why the virtual storage is stored in the C:\\Virtual Store directory on the C drive, rather than in each user's own Documents and Settings folder as on the terminal server.
IE7 and other
in Windows Vista and in Windows XP, Internet Explorer 7 has many new security-related features, but the most important features can only play in XP. The default working mode of IE is a disabled mode called protected mode. Doing a dangerous job requires special permission, which is a special user account protection mechanism for the browser. With
user account protection mechanism, it may fall down in social engineering. Even if this mechanism works perfectly, you also need to do something like this: Convince users that they are actually doing Windows warnings that can be dangerous. IE7 has a lot of other cool and useful security features, but it's only in Windows XP.
For example, popular for a while the NAP (Network Access Protection, Network Access Protection), I think it was meant to cater to Windows Server 2003 and need arise. Similar to Cisco's Network Access Control Program and Zone Labs Integrity product line, NAP is a collection of programs and policies that define security before connecting customers to the network. Other requirements. These requirements can be to give Windows the latest update patches, update anti-virus software, install other software, and more.
Vista progress made might like to NAP client components tied up so simple, but if you do encourage people to use Vista, is quite good. I have such a dream. One day, there is a system like this that is simple enough to be used by ISPs and can drive malicious users out of their networks - but there is still a gap between reality and ideals.
of course, is a big gap. Windows firewalls will eventually filter traffic data. EFS disk encryption will also make some improvements. The system outlines the Windows program to clarify the resources used by the program (for example, TCP ports) and to identify other factors that may cause red alarms. This will use Microsoft's malware removal tool that runs at the time of the update. All of this is very important, and I believe that in the next few months, I will study my mother more deeply.
This is not the first time Microsoft has so much attention to security issues, so now announced that security threats have achieved victory also seemed too early for Microsoft to consider the future of these issues was very attentive. However, the next version does provide a lot of good features. Since the non-security service boom in the late 1990s, Microsoft has been working hard to make the safe boat sail. If all Windows users will use Vista, the network may become a safer home.