Part 1 [Security]: Why Windows Vista?

19 05 2006

Windows Vista is not just another service pack (SP) or upgrade of Microsoft’s operating system (OS)- it is the most significant new version of Windows OS, packed with awesome new features that not only enhances the user experience, but also pad-locks your computer for a safer, secure and reliable experience. So, let’s dig in…

Windows Vista

What are the key features that makes me want to be even remotely interested in upgrading to Vista?
There are 4 main areas that deserve due credit- Security, User Experience, Reliability and Deployment.

In the pre-Windows Vista world, Users with non-admin privileges needed Admin privileges for some of the common tasks, such as changing time zone, adding fonts, changing common operating system’s (OS) configuration tasks and so on. That and running an application with non-admin privileges was very hard- this motivated users to seek elevated privileges, so that they could perform the common tasks and run applications that required admin privileges.


Running the operating system under admin privileges though makes it easy to perform various tasks, opens up doors that could lead to several issues compromising the security of your computer and the security of your corporation. According to various surveys, running the OS with a least privilege account significantly lowers the total cost of ownership (TCO) per desktop, reduces helpdesk incidents and increases productivity and uptime.

Shield Samples

True to Microsoft’s defense-in-depth security strategy, significant changes have been made in Windows Vista to encourage consumers and enterprises to run desktops under a least privilege user account, thus significantly reducing the exposure and attack surface of the OS. Windows Vista has been designed to be the most secure versions of Windows yet. Windows Vista satifies the following 3 Security tenets-
-Secure in Deployment
-Secure by Design and
-Secure by Default

At the core of the new security features is User Account Control.

User Account Control (UAC)
UAC, in Windows Vista, requires that all users run with standard user privileges and by limiting administrator-level access only to authorized processes. Running the OS with non-admin privileges minimizes the ability for users to make changes that could destabilize their computers or inadvertently expose the network to viruses through undetected malware that has infected their system. I will cover UAC in detail in the very near future.

Consent UI

User Account Control is enabled by default in Windows Vista. If a program requires administrator privileges, to execute, Windows Vista prompts the user for consent or for elevated user credentials- this ensures that user is always notified when an administrative action is required. Without User Account Control, users with administrator privileges could unknowingly install or run tasks that might compromise a system’s integrity.

Credential UI

There are several direct benefits of UAC: Increased security
Increased manageability
Increased productivity/usability
Reduced costs
Reduced piracy and legal liability issues

Additional Clocks
UAC makes it possible for Standard Users to perform common tasks (for example- changing Time Zone)

Note: UAC was previously known as Limited User Account (LUA) and User Account Protection (UAP). Please stay tuned for a detailed blog on User Account Control.

Windows Security Center (WSC)
Windows Security Center helps keep your PC secure by alerting you when your security software is not up to date, or when your security settings have potential weaknesses that need to be corrected. For example, WSC shows you the status of your firewall settings and whether your PC is set up to receive automatic software updates from Microsoft. The Security Center also monitors antivirus and anti-spyware software, and notifies you when such protection is not present or up-to-date. It also monitors your PC’s security settings for Internet Explorer and User Account Control. If WSC finds that these settings are insecure, it alerts you and recommends steps to remedy the problem.

Windows Security Center

Windows Firewall
Windows Firewall, which comes with Windows Vista, is turned on by default and begins protecting your computer as soon as Windows starts. It is designed to be easy to use, with few configuration options and a simple interface. More advanced than the Windows Firewall in previous versions of Windows, the firewall in Windows Vista helps protect you by restricting other operating system resources if they behave in unexpected ways—a common indicator of the presence of malware.

Windows Defender
Windows Defender (previously known as Windows AntiSpyware) is a feature of Windows Vista that helps protect your PC by regularly scanning your computer’s hard drive and offering to remove any spyware or other potentially unwanted software that it finds. It also provides always-on protection that monitors key system locations, watching for changes that signal the presence of spyware, and checking any files accessed against a constantly updated database of known spyware.

Automatic Updates
To ensure your computer stays up-to-date, Microsoft recommends using the Automatic Updating feature of Windows Update. This ensures that both High Priority and Recommended Updates are downloaded and installed onto Windows Vista.

Learn more about Windows Vista here.




%d bloggers like this: