[IS&T Security-FYI] SFYI Newsletter, Windows 7 and Security

Monique Yeaton myeaton at MIT.EDU
Mon Oct 26 14:43:13 EDT 2009 

In this issue:

------------------------------
Windows 7 and Security
------------------------------

Windows 7 was released on October 22nd to the general public. IS&T  
recommends that MIT computer users *wait* to upgrade their Windows  
operating system to Windows 7 until support issues for products such  
as TSM (backup), SAPgui, FileMaker Pro 10, and Cisco VPN 64-bit have  
been resolved. IS&T is offering limited support for Windows 7 at the  
moment.

When you are ready to acquire a copy of Windows 7 (downloadable from  
the IS&T Available Software Site at <http://ist.mit.edu/services/software/windows/7 
 >), what new security features can you expect? Windows 7 has been  
advertised as a more secure computing experience than Vista, so let's  
take a quick look:

  * Core system security such as Kernel Patch Protection, Data  
Execution Prevention, Address Space Layout Randomisation and Mandatory  
Integrity Levels provide a strong foundation to guard against  
malicious software and attacks.

  * The enhanced UAC (User Account Control) enforces least-privilege  
access. It prevents administrator access to users in order to protect  
sensitive areas of the operating system. In Windows 7 the number of  
areas to trigger the UAC prompt has been reduced and a more flexible  
interface has been incorporated, allowing users to choose among levels  
of UAC protection. The default setting is now not the most secure.

  * Finger print scanner support for systems needing additional  
protection. With Windows 7, Microsoft provides a smoother integration  
between the operating system and the fingerprint scanning hardware.

  * Data protection through Encrypting File System and support for  
Active Directory Rights Management Services. In addition to  
improvements to these technologies, Windows 7 improves on Vista's  
BitLocker drive encryption technology and adds BitLocker to Go for  
encrypting data on removable media.

  * DirectAccess offers remote workers seamless and secure  
connectivity when they are out of the office. The system creates a  
secure tunnel to a network and users don't have to manually  
substantiate a connection.

Here's what SANS NewsBites editorial board member John Pescatore says  
on security in Windows 7: "From a security perspective, Windows 7  
offers definite improvements over Windows XP, but there is no major  
security reason to move to Windows 7 before it makes business sense.  
The biggest improvement in Windows desktop security comes from getting  
off of the IE6 browser and moving to IE8 or the latest version of  
Firefox - and you don't need Windows 7 to do that."

As with all new operating systems, there will be some bugs in the  
first iteration. If you want to avoid those headaches, you can always  
wait until Microsoft releases the Service Pack.

An overview of some of the features mentioned above can be found here:
<http://www.techreviewsource.com/content/view/305/1/>



===============================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
===============================

October is National Cybersecurity Awareness Month.
Stay Safe Online!
Visit http://www.staysafeoneline.org for the latest cybersecurity tips.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091026/3cca5ff6/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1846 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20091026/3cca5ff6/attachment.bin

More information about the ist-security-fyi mailing list