«
FEATURE
Vista: Security and encryption
Related Articles
Latest Features
Internet Explorer 7
We provide our verdict on IE7 in Bundled apps, but one thing is certain: it’s far more secure than previous versions. There’s a built-in phishing filter, which will check for sites that are imitating official financial sites (such as banks and even Ebay), and this works in tandem with the Security Status Bar - if IE7 detects a suspicious site, this will turn the URL address field red.
Another important inclusion is how IE handles ActiveX controls. Now, IE will only run controls that have been designed to run on the Internet, counteracting previous problems where powerful ActiveX controls designed for equally powerful desktop programs could perform low-level tasks that destroyed data and settings.
Data backup and restore
For consumers, backup is now much easier - a vital improvement, as securely backed up data is your only true defence against a malicious attack (not to mention hardware failure). Windows Backup brings the kind of automation and flexibility that we’re used to seeing in commercial applications; for example, automatic scheduling is a key part of Windows Backup, and it allows you to back up to optical drives, external hard disks, plus another PC or server on your network.
Another excellent feature is the “previous versions” option. So if you save a new version of a file, then realise you want to go back to that previous version, you can do so simply by right-clicking on its Properties. And as it uses Volume Shadow Copy technology, it only saves the differences and it can save “live” files such as Outlook’s PST file. The same technology also allows System Restore to work more effectively.
Encryption for business
The Business, Enterprise and Ultimate versions will all include a number of extra features to protect companies’ data, including the integration of rights management (so only those employees with the permission to view, edit or print sensitive files will be able to), the introduction of a number of Group Policy options to tie in with Vista’s enhanced encryption settings, far better support for smart cards and USB device control.
For instance, today a company’s approach to USB device protection might be to simply glue up the USB port, which isn’t much use if someone wants to plug in a USB mouse. This last feature uses a new Group Policy that can ban, for example, all USB storage devices, but allow mice and keyboards - and you can apply such settings to individual users, or departments, or the whole network, as you choose.
But the most heralded security feature of all is BitLocker Drive Encryption (although, bizarrely, this isn’t included in Vista Business Edition). This can encrypt the whole hard disk, so that even if someone stole the PC, or just the disk, they couldn’t see that data without a PIN or a USB drive, which acts as the hardware key. It’s designed to work with a Trusted Platform Module chip, but if your hardware doesn’t include this you’ll just need to create a startup key.
 |
| Windows backup is far more polished and effective than under XP. |
Conclusion
We’re certainly a lot more confident about Windows Vista than its predecessor. With six more years of experience on viruses, spyware and (that most dangerous of things) the end user, Vista is inherently more secure than Windows XP. There is a two-way firewall and anti-spyware built into the fundamentals of the OS and, to a large extent, Microsoft has solved the problems created by giving people administrator privileges.
But there are problems. First, the UAC is annoying. Power users will simply turn it off, and virus writers will soon discover this. Second, Microsoft could have made Vista more secure, as Jon Honeyball points out. And most importantly, people - all of us - are stupid. We do irrational things, press buttons we shouldn’t press, and most of us still fall for social manipulation - for example, elaborate phishing scams that near perfectly resemble genuine financial correspondence.
Clearly, this isn’t Microsoft’s fault. We need to understand that computers are powerful tools, and just as we will never build a car invulnerable to crashes, we’ll never build an OS invulnerable to hackers, virus writers and all the other malware creators. With this caveat, we’re willing to give Vista our vote of confidence.
Vista takes the Blue Pill
Microsoft took the unusual step of inviting hackers to target Vista this year, but one researcher – Joanna Rutkowsa from Coseinc in Singapore – already had her hack ready and waiting. “The idea behind Blue Pill is simple,” she wrote in her blog in June, “your OS swallows the Blue Pill and it awakes inside the Matrix controlled by the ultra thin Blue Pill hypervisor...all the devices, like the graphics card, are fully accessible to the OS, which is now executing inside a virtual machine.”
The end result is that a piece of malware could hide inside this Blue Pill virtual machine and Vista (or any other vulnerable OS) would simply not see it – yet the malware would be able to write to the OS’s kernel. From here, virtually any kind of attack is possible.
Microsoft has replied to the attack with the following statement: “Microsoft is investigating solutions for the final release of Windows Vista to help protect against the attacks demonstrated in Joanna Rutkowska’s presentation on August 3, 2006 at Black Hat. It is important to note that the demo started with Joanna logged in to the machine as an administrator. We have made many investments with User Account Control in Windows Vista to allow people to run with standard user privileges. Windows Vista has many layers of defence, including the firewall, running as a standard user, Internet Explorer Protected Mode, /NX support, and ASLR, which help prevent arbitrary code from running with administrative privileges. In addition, we are working with our hardware partners to investigate ways to help prevent the virtualisation attack used by the ‘Blue Pill’.”
«
Comments
Be the first to comment on this article.
Thoughts on this article? Add a comment below.
If you're looking to buy an Apple product then this Friday is your lucky day, with Apple planning a "Black Friday" discount frenzy.
New broadband plans from Telstra with bigger download quotas are welcome, though you'll still find better value with the competition
TiVo have doubled their drive capacity, introduced IPTV capabilities, vast amounts of new content and better home networking options. But can the marketplace handle another content provider?