[IS&T Security-FYI] SFYI Newsletter, Windows 7 and Security
Monique Yeaton
myeaton at MIT.EDU
Mon Oct 26 14:43:13 EDT 2009
In this issue:
------------------------------
Windows 7 and Security
------------------------------
Windows 7 was released on October 22nd to the general public. IS&T
recommends that MIT computer users *wait* to upgrade their Windows
operating system to Windows 7 until support issues for products such
as TSM (backup), SAPgui, FileMaker Pro 10, and Cisco VPN 64-bit have
been resolved. IS&T is offering limited support for Windows 7 at the
moment.
When you are ready to acquire a copy of Windows 7 (downloadable from
the IS&T Available Software Site at <http://ist.mit.edu/services/software/windows/7
>), what new security features can you expect? Windows 7 has been
advertised as a more secure computing experience than Vista, so let's
take a quick look:
* Core system security such as Kernel Patch Protection, Data
Execution Prevention, Address Space Layout Randomisation and Mandatory
Integrity Levels provide a strong foundation to guard against
malicious software and attacks.
* The enhanced UAC (User Account Control) enforces least-privilege
access. It prevents administrator access to users in order to protect
sensitive areas of the operating system. In Windows 7 the number of
areas to trigger the UAC prompt has been reduced and a more flexible
interface has been incorporated, allowing users to choose among levels
of UAC protection. The default setting is now not the most secure.
* Finger print scanner support for systems needing additional
protection. With Windows 7, Microsoft provides a smoother integration
between the operating system and the fingerprint scanning hardware.
* Data protection through Encrypting File System and support for
Active Directory Rights Management Services. In addition to
improvements to these technologies, Windows 7 improves on Vista's
BitLocker drive encryption technology and adds BitLocker to Go for
encrypting data on removable media.
* DirectAccess offers remote workers seamless and secure
connectivity when they are out of the office. The system creates a
secure tunnel to a network and users don't have to manually
substantiate a connection.
Here's what SANS NewsBites editorial board member John Pescatore says
on security in Windows 7: "From a security perspective, Windows 7
offers definite improvements over Windows XP, but there is no major
security reason to move to Windows 7 before it makes business sense.
The biggest improvement in Windows desktop security comes from getting
off of the IE6 browser and moving to IE8 or the latest version of
Firefox - and you don't need Windows 7 to do that."
As with all new operating systems, there will be some bugs in the
first iteration. If you want to avoid those headaches, you can always
wait until Microsoft releases the Service Pack.
An overview of some of the features mentioned above can be found here:
<http://www.techreviewsource.com/content/view/305/1/>
===============================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
===============================
October is National Cybersecurity Awareness Month.
Stay Safe Online!
Visit http://www.staysafeoneline.org for the latest cybersecurity tips.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091026/3cca5ff6/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091026/3cca5ff6/attachment.bin
More information about the ist-security-fyi
mailing list