Windows 7 security enhancements
Windows 7 makes remote connectivity to corporate networks seamless, protects data on thumb drives, and offers fewer user account control prompts to bug users compared to Vista, Microsoft said on Monday.
The software giant began an education blitz about the security features of the newest version of its operating system at the start of the RSA 2009 security conference.
Windows 7, which was released in public beta in January, will have 29 percent fewer user account control (UAC) prompts than Windows Vista has, and fewer prompts in general, according to Paul Cooke, director of Windows Client Enterprise Security.
"We've put users in control and allowed them the ability to tune the level of prompting" using a slider bar, he said in an interview.
Other new security features in Windows 7 are DirectAccess and BitLocker To Go.
DirectAccess offers remote workers the same level of seamless and secure connectivity as they have in the office. The system automatically creates a secure tunnel to the corporate network and workers don't have to manually substantiate a connection, Cooke said.
DirectAccess also allows IT administrators to patch systems whenever a remote worker is on the network, he said.
BitLocker To Go extends the data encryption features introduced in Vista to removable storage devices like USB thumb drives and flash drives. A password or a smart card with a digital certificate stored on it can be used to unlock the data. The devices can be used on any other Windows 7-based machine with the correct password. On XP and Vista machines the data on the drives can be read but not modified, Cooke said.
Smart-card provider Gemalto is offering multifactor authentication for Windows 7 for even more secure access to machines accessing the network, said Ray Wizbowski, director of marketing and communications at Gemalto. Now, a user can insert a card into a smart-card reader built into a laptop and either enter a personal identification number or use a fingerprint to access the data, he said.
Windows 7 also includes AppLocker technology that allows administrators to control the software that runs in the corporate network to ensure that only authorized scripts, installers, and dynamic load libraries are accessed. It also can be used to keep unlicensed software off machines, according to Cooke.
More information about Windows 7 security features are in posts on the Windows Security Blog and the Windows Blog.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
[Editor's note: Personal attack deleted.]
Sticks and stones
You have been watching too much of this:
http://movies.apple.com/media/us/mac/getamac/2009/apple-mvp-time_traveler-us-20090419_480x272.mov
As an embedded software engineer working in a corporate environment I could really see this feature being a major pain. I can just imagine having to call IT up every time I want to execute a script, utility, executable as part of my work. Many IT people already try to limit what tools an engineer can use (via approved tools lists) then question you if you are using anything else to get you job done. Most engineers that work in that type of environment just have to ignore IT in order to get their jobs done. This feature sound to me like a productivity killer in corporation with micro-managing IT organizations.
Well thats IT's problem now isn't it?
BitLocker to Go sounds nice, though. You would almost have to have the two used in concert, then pray that your remote user doesn't store the USB fob in the same laptop bag as, well, the laptop...
The difference isn't the *automation* of username/password.. It's the fact that you need to present an X509 cert that will reside on your smartcard - so if your laptop is stolen, people still need your smartcard to get access. At least, that's what I understood. That would take care of your bitlocker/usb-key/laptop and key in same back situation as well.
Of course, if the smartcard gets stolen (along with everything else), the employee needs to immediately call IT so they can revoke (stop trusting) it's cert.
I haven't recommended Windows XP since 2003 when I started to recommend people to go Linux or Mac. Now, if they don't want Linux or Mac, I would simply refer them to Vista and to tell them to stay clear of XP and other Vista predecessor since they're simply not secure.
And lest we forget the Mac botnet discovered by Symantec. Stupid users are a security vulnerability that no engineer can code away.
http://www.techtree.com/India/News/Symantec_Discovers_First_Ever_Mac_Botnet/551-101234-582.html
will still continue with Macs though cause at the end of the day there's still no need for CPU hogging AV software plus the added hassle of updates n scans plus maintenance every week ! not to mention re-installs and slowdowns
cause at the end of the day thats wat matters to me as a user
Any box can be taken down even linux with a good social engineering exploit.
Your computer is only as safe as the user.
Ignorance is bliss though fanboys.
then explain why they still hasnt been a Widespread attack on Macs even after all these years the best they can come up with is a single botnet
yet Pcs are going down like flies everyday !
Like I said at the end of the day we Mac users don't need to spend time and effort on pointless things like updates and scans everyweek !
thats all that matters ! everything else is FUD !
Educate yourself
http://support.apple.com/kb/HT1222
I'll jump on the anecdotal evidence bus and state that as a former Apple worker and a never ending Windows user, I've never been required to install anti-virus software on my pc nor have I been infected with any malware. I have installed anti virus software to check, but as always, it lets me know I'm free and clear. So there! Since I've witnessed such an occurrence, we will all have to acknowledge my evidence as science fact.
Do I really need anything more than personal experience to judge something
I really don't care which has more vulnerabilities or malware etc.
the fact remains that with my PC running Windows Xp
I need atleast 4-5 tools like Adaware spybot Avira Zone alarm and CC cleaner
and weekly or monthly scans and updates to keep it running optimally
on my Macbook zero, and guess wat I use more, my Mac obviously
@rapier - I've never ever heard of a app like that and yes I've been running without slowdowns for over a year now ! but I've switched to Tiger though !
as far as updates ,do we really need to compare weekly windows update to OSX updates which happen like once in a blue moon not to mention AV definition updates
plus there's the fact that I use tiger so no updates for me even if I want !
@monkeyfun - what exactly is the point of showing me a said linux virus which for some reason still hasn't infected linux machines , your right ignorance is bliss in your case
@david - Since you don't run av software or anti-malware software on your PC
then both Pcs and Macs are secure by your scientific findings
but unfortunately last week for the folks at the university of Utah
and for millions of other infected Pcs thougout history thats simply not been the case though it must be the users who are at fault then , cause we all know Microsoft ,they are perfectionists how can they produce Buggy software it's unheard of right
cant think of any mac users ever experiencing such problems though, patches or no patches ! maybe it's the small 50 million userbase cause we know Apple they have a bad track record when it comes to security, a first ever Mac botnet was found last week after all
"I really don't care which has more vulnerabilities or malware etc."
Considering you post on every Microsoft or Apple story about how great Apple is and how horrible Microsoft is by comparison, you sure seem to have a pretty predetermined opinion. I'd say you do care quite a bit and have already made up your mind regardless of what the situation actually may be.
"I really don't care which has more vulnerabilities or malware etc.
the fact remains that with my PC running Windows Xp
I need atleast 4-5 tools like Adaware spybot Avira Zone alarm and CC cleaner
and weekly or monthly scans and updates to keep it running optimally on my MacBook zero."
I think you missed some punctuation there. But in any case, if you needed to run that many security tools that frequently on your PC, then either you were lacking in basic computer security knowledge, or spending your time on porn sites / warez sites that would infect your machine so frequently.
That's just the appearance you give with your comments.
all joking aside do you really believe that Windows is just as secure as OSX or linux ?
like the other posters !
Strange, I took care of two computers, both running Windows XP. One was mine and one was my roommates.
Mine had fewer viruses and malware, was in a more private physical location (meaning more porn), ran faster and was bought a year prior to my roommates computer which had more viruses and malware, was in a more public location (meaning less porn), ran slower and had a faster processor with more RAM.
The difference was that I ran a nightly scan for malware, cleaned the cache, had a fully updated antivirus running constantly and kept my hard drive defragged.
Now I run Ubuntu, the only viruses I ever see on my machine are Windows viruses that won't run anyway. Sure I clean them off, don't want to contribute passively to my friends getting infected but otherwise I have no reason to even bother with an antivirus program except for the possible future necessity of having one.
Back to the original point. My roommates computer had viruses, malfunctioned and in the end before he moved out, wouldn't even update the antivirus program (I check for Conficker, it was something else). Mine was clean and ran like the day I bought it. I just switched because I was tired of working for the computer. Running that many security programs, as long as they don't conflict with each other, is the only way to ensure a clean Windows box no matter what websites you surf to. Viruses can come from anywhere, not just porn sites.
Absolutely, the apple fad will die out soon
By Chris Foresman | Last updated April 16, 2009 4:35 PM CT
If you let yourself get tempted into installing the pirated versions of iWork or Photoshop CS4 that circulated on Bit Torrent earlier this year, you may have unwittingly turned your Mac into a zombie. Security researchers for Symantec have turned up evidence that these zombie machines are being used to create a Mac-based botnet.
Botnets are used to perform DDoS attacks on systems, gather sensitive personal information, and send out a majority of the spam that clogs up the 'Net. While commonly made out of infected Windows computers, this is the first known attempt to create one from Macs.
The two variants of the iServices trojan, OSX.Trojan.iServices.A and OSX.Trojan.iServices.B, have been implicated in at least one DDoS attack. According to researchers Mario Ballano Barcena and Alfredo Pesoli, the malware has peer-to-peer communication, remote start-up, and encryption capabilities.
"The code indicates that, wherever possible, the author tried to use the most flexible and extendible approach when creating it?and therefore we would not be surprised to see a new, modified variant in the near future," according to their report. They also noted that the person who activated the botnet is not the same as the original author of the malware code.
After the trojans were reported in January, most anti-virus software was updated to remove the payloads associated with the iServices trojans. Removing the directories /System/Library/StartupItems/DivX and/or /System/Library/StartupItems/iWorkServices should help, but that doesn't rule out other remnants getting left behind?if you suspect you were infected with either of these trojans, you may want to look into AV software. We'll also again repeat our favored refrain of "Steer clear of pirated software and sketchy files from website or torrents," which should help you avoid infection in the first place.
While Mac OS X doesn't suffer from the sheer amount of malware that Windows does, the creation of this botnet should serve as a warning that security through obscurity isn't a sound security policy?and Macs are far from being obscure any more.
- by BluePWNR May 30, 2009 9:29 AM PDT
- HEY!!!
- Like this Reply to this comment
-
-
- by BluePWNR May 30, 2009 9:42 AM PDT
- Edit: Addon
- Like this
-
(40 Comments)I know Windows users and Mac Fanboys will never get along, but plz, can we just settle the point Windows is most often targeted by malware since most often they are holding sensitive data, and are relaitively easy to infect (if not properly maintained). but, a properly used and maintained Windows machine will probably have the same probabilty of being infected as a mac or linux...
now, could we stop the arguing, (i know i'm about to get flamed for this -.-)
@Ikra I have a question about Apple Fanboys
Are all of them as naive as you about Windows security features? Since you just said what happens on a Mac when you download something, which is the exact same as on most Windows systems and pointed it out as an advantage for Macs. also, your ignorance makes me concerned about Apple Fanboys, are they naive about security or not.
This is why i stay in the malware section of the Forum ; `