WindowsVistaCare.Com - Microsoft Windows Vista Latest Update & OneCare (News-Media-Download-Directory)

 

Security In Vista Is Much Improved, But Are The Changes Functional For Corporate Networks?

Microsoft has indicated for some time now that its latest operating system, Windows Vista (www.microsoft.com), is its most secure one yet. While there has been some media hype about flaws or weaknesses in the flagship OS, nobody has really disputed that it is more secure than its predecessors. However, some have questioned whether the improved security offers any benefit for corporate networks, or if only individual home users gain anything from the new security features.

John Moyer, CEO and president of BeyondTrust (www.beyondtrust.com), expresses this sentiment: “Microsoft says Vista is the most secure and reliable operating system ever released. In my opinion, after Microsoft pulled many of the technologies they had once said would be in Vista, they were left with some security enhancements that they rallied around for the Vista release. The most often touted improvement in security was User Account Control, or UAC. However, after talking with many customers, analysts, and experts, it is clear to me that UAC is simply not well-suited for the enterprise or managed network. At the same time, I do believe it is a vast improvement for the small office, home office (SOHO) market.”

 Security For Everyone

Austin Wilson, a Microsoft security guru who worked with the Vista development team, says, “There is a wide range of security and data protection features in Windows Vista, with some being enterprise features, some consumer, and some that have appeal to both audiences. Enterprise-targeted features include BitLocker, Windows Firewall with Advanced Security, and the ActiveX installation service that is part of User Account Control. Consumer-targeted features include parental controls and Windows Defender. User Account Control, Windows Service Hardening, IE Protected Mode, etc. have benefits for everyone. Even the features that may be enterprise-targeted, such as BitLocker, have applicability in the small and medium business space as well, helping protect laptops that have sensitive information on them.”

Regardless of whether Vista is being used by an individual or it is deployed to an entire enterprise, there is going to be a learning curve. If the operating system were identical to the last one, Microsoft wouldn’t need to bother developing it, and nobody would buy it. Some of the new features, security and otherwise, serve more of a purpose for individuals than businesses, but all of them will take some getting used to.

Joel Dubin, Microsoft MVP and author of “The Little Black Book of Computer Security,” notes, “Some of the features, such as User Account Control, are aimed at home users, and its pop-up windows could be difficult for a small business user, but it’s a little early to tell since it hasn’t been widely adopted yet. The other security features, such as Windows Defender, operate in the background and wouldn’t be intrusive. But for a small or medium-size business the best approach is to see how well it integrates into their current environment. If they’re using Active Directory, for example, the Vista systems would connect to that environment, where many of the same security features can be controlled through GPOs.”

 Enterprise Problems With Vista Security

The main issue that some, including BeyondTrust’s Moyer, have with Vista security is with UAC, which plays watchdog and displays a pop-up alert whenever a program or process attempts to execute or interact with another program or process. UAC is designed to protect the system from malware and from users executing tasks they did not mean to.

An example of UAC in action would be a standard user installing software. A standard user does not have the authority to install software, but by entering the user credentials of an administrator or other user that does have authority, the program can be installed.

According to Moyer, “Vista’s User Account Control is an improvement that, in my opinion, best serves the SOHO market. Here, it is typical that the user in a sense ‘owns’ the machine and can best make the choice of when and when not to elevate to administrator privileges. However, User Account Control is not a good answer for medium and large organizations that run applications that require administrator privileges because it requires administrator password distribution to end users or end user consent to run the applications.”

Administrators should take some time to experiment with and pilot test Vista in their environments to help work through that learning curve and determine what will work best for their individual circumstances. 

by Tony Bradley