Essential Windows 7 Security Internals

Securing your desktop computer against threats is an essential task for everyone, therefore we will inform you about the most important Windows 7 security tools.

Windows 7 includes several new security features that can help you protect your system.

These features include:

1. Improvements to User Account Control (UAC)
2. Enhanced security for Internet Explorer
3. Ability to define network-specific firewall rules
4. Ability to protect data against theft

UAC helps prevent attacks by using a standard user account as the security context for performing non-administrative tasks. If a member of the Administrators group attempts to perform an action that requires elevated permissions, the user is prompted to confirm the action. You can configure whether the action causes the desktop to dim. You can also configure whether standard users are prompted for credentials if they attempt to perform an administrative task or install an application. You can use User Account Control Settings to select from

4 different levels of UAC settings:

1. Always notify – prompts if a user attempts to change a Windows setting or install a program
2. Default – prompts if a program attempts to make a change, but not if an administrator makes a change directly
3. Notify me only if a program attempts to make a change – displays the notification dialog, but does not dim the desktop
4. Never notify – elevates permissions automatically for administrators, denies the action for standard users

Internet Explorer 8 provides several key enhancements to security

• SmartScreen Filter
• InPrivate Browsing
• InPrivate Filtering

SmartScreen Filtering works behind the scenes to warn you if you attempt to browse a site that is a known phishing site or one that downloads malware. When you access a Web site, SmartScreen Filter sends the Uniform Resource Locator (URL) to Microsoft’s SmartScreen service, which compares the site against a database of known offenders. If the address is in the database, you will be prompted with a blocking page and the address bar will be displayed in red. You can select to bypass the blocking page at your own risk. SmartScreen Filter can be configured from Internet Explorer’s Safety menu.

Available options are:

• Check This WebSite
• Turn Off (On) SmartScreen Filter
• Report Unsafe Website

InPrivate Browsing is a confidentiality feature useful for computers used by multiple users. When InPrivate Browsing is enabled, the history of Web sites you visit is not stored, allowing you to browse Web sites confidentially. You can enable and disable InPrivate Browsing through Internet Explorer’s Safety menu.

InPrivate Filtering helps protect against discovery of your browsing patterns by third-party content hosted on multiple sites. For example, an advertisement used on multiple sites might include code that stores information in a database each time you visit a site that displays that ad. InPrivate Filtering keeps track of the number of sites that host particular content and notifies you if this number exceeds the threshold. The threshold is 10 by default, but you can set the value to a number between 3 and 30. Choose InPrivate Filtering Settings from Internet Explorer’s Saftey menu to set the threshold, approve content items, or block content items.

When you create a network connection in Windows 7, you identify the network as a Home network, a Public network, or (if the computer is joined to a domain) a Domain network. You can configure distinct Windows Firewall settings for each type of network. For example, you might choose to allow File and Printer Sharing traffic on the Home network, but block it on a Public network. (“Windows Firewall with Advanced Security Getting Started Guide“)

Windows 7 Ultimate and Windows 7 Enterprise allow additional protection against theft with BitLocker and BitLocker To Go (Windows 7 Walkthrough: BitLocker and BitLocker to Go).

BitLocker allows you to encrypt the contents of a hard disk. If the hard disk is moved to a different computer, you need to provide recovery credentials to decrypt the content. BitLocker To Go is used to encrypt data stored on a Universal Serial Bus (USB) flash drive. (“Inside Windows 7 Security: BitLocker Drive Encryption“)

Windows 7 does not include antivirus or anti-malware software. So, at the very least, you will need to choose and install virus and malware protection software compatible with Windows 7.

Some possible choices include:

• Trend Micro Internet Security
• AVG 9.0
• Microsoft Security Essentials
• Norton AntiVirus 2010
• Avast! AntiVirus Home
• Kapersky Anti-Virus 2010

When choosing antivirus or anti-malware software, look for the Windows 7 Certified logo to ensure that it has been tested on Windows 7 and that the vendor provides Windows 7 support.

More interesting reads

“Windows 7 UAC flaws and how to fix them” via arstechnica

“Internet Explorer 8” via KilianValkhof

“What’s new in the Windows 7 Firewall?” via Windows Security

“Windows 7 from a vendor perspective – a chat with BeyondTrust” via TheTechHerald

Feel free to give us your thoughts in our comment area.

Related Posts

1. Getting a PS3 Controller working with Windows7 x64 and LIBUSB (Video)
2. Protect Your Privacy: Windows Phones Security Center
3. Google Android apps for your private security
4. Great browsing experience with the HTC-HD2 on edge [video]
5. Windows Mobile 7: No flash at initial launch