Windows Vista: Advancements On The Security Front

Microsoft published a new whitepaper, "Microsoft Windows Vista Security Advancements," that details many of Windows Vista's new security features and architectural enhancements, some of which could go a long way towards easing security administration and software development.

To help ease development, Vista's new logon architecture brings greater flexibility that surpasses many of the limitations of the Graphical Identification and Authentication (GINA) interface found in previous Windows platforms. A major limitation of the GINA is that only one instance could be used at a time, which presented significant hurdles for companies that wanted to allow users to select from a variety of different credential types for authentication. The new logon architecture can simultaneously interact with multiple credential providers.

An improved smart card architecture will also be included with backend support typically required for smart card functionality, such as a common cryptographic service provider that formerly might have been developed by individual smart card vendors. The smart card architecture also includes third-party smart card communication modules to ease smart card deployment.

Cleaning up after intrusion significantly increases computer and network administration. Vista aims to help reduce that load with its firewall and spyware defenses. The current Windows Firewall only provides inbound access controls, however the new Windows Firewall adds the ability to control outbound network access. Microsoft's anti-spyware solution, Windows Defender, is also integrated into the operating system. Microsoft is adopting a common sense approach where both tools will be enabled by default.

The new User Access Controls will give administrators much greater control over user privileges, which should significantly reduce the chances of intrusion due to various forms of malware, including viruses, Trojans, worms, and spyware.

Microsoft originally released Windows Security Center (WSC) as part of Windows XP Service Pack 2, where WSC monitored automatic update status as well as the status of the firewall, antivirus, and anti-spyware tools. Windows Vista will include an improved WSC that will also monitor the security settings of Internet Explorer as well as UAC.

In its IE Blog, Microsoft said that Windows Vista will include Internet Explorer 7+, where the plus sign indicates a new version of IE designed specifically for Vista that has security enhancements not available in the regular release version of IE 7. Enhancements include a new protected mode of operation,  parental controls, and improved network diagnostics.

Other Vista enhancements include the new BitLocker Drive Encryption technology, an integrated Rights Management Services client, improvements to the Encrypting File System (EFS), USB device controls, Network Access Protection, manditory driver signing, and technology that causes services to run with restricted privileges.

While not specifically mentioned in the whitepaper, Windows Vista will also include the new Address Space Layout Randomization (ASLR) security technology, which helps prevent certain types of common attacks. You can read about ASLR our related news story, "ASLR Makes Vista a Moving Target ." 

Microsoft's new whitepaper is available at the company's Web site as a downloadable Word document.