Desktop technologies: Security
Windows Vista provides multiple layers of protection to help your company address the risk and expense associated with security and regulatory compliance. Your protection begins with an operating system that places security in the forefront of its design. Layers of protection help guard against external attacks, internal threats, and access to sensitive information. And should you ever need to recover data, Windows Vista helps ensure your backups are current and reliable. Sophisticated auditing tools improve your ability to comply with corporate reporting requirements—and enhanced data protection, anti-phishing, and anti-malware capabilities help protect your enterprise.
Engineered for security
Windows Vista is the first version of the Windows client to be developed end-to-end using Microsoft's Security Development Lifecycle. This makes security a top priority from the start by defining an engineering process that every developer must follow, and that must be verified prior to the release of the operating system.
Working to ensure a more secure end-to-end computing environment, Microsoft is working toward Common Criteria (CC) certification. Windows Vista has been and will continue to be independently tested in third-party labs using criteria set by the International Standards Organization (ISO), with the goal of achieving an Evaluated Assurance Level 4 (EAL4) and Single Level OS Protection Profile certifications. Together, these high standards for excellence and new security improvements at the architectural level make Windows Vista the most secure version of Windows yet.
Security: Design features
 |
|
Security Development Lifecycle | Makes security a priority from the start of the development lifecycle with repeatable processes that each engineer must follow. |
|
Windows Service Hardening | Helps keep your system safer by preventing critical Windows services from being used for abnormal activity in the file system, registry, or network. |
Protecting against threats and vulnerabilities
To safeguard your organization's data from external threats, Windows Vista provides a major step forward in browser security and privacy protection with Internet Explorer 7. Configured to run in Protected Mode, Internet Explorer 7 allows users to browse the web but restricts modifications to user files or settings. As a result, even if a malicious external site finds a potential vulnerability, the site has limited opportunities to damage your employee's PC.
Windows Defender, an integrated component of Windows Vista, helps block, control, and remove spyware and other potentially unwanted software. Additionally, your IT department can more easily ensure wireless networks are secure with an assortment of security enhancements, including support for the latest and most secure wireless networking protocol, Wi-Fi Protected Access 2 (WPA2).
To add a further layer of protection from external attacks, Microsoft continues to improve its Windows Firewall. For example, the bi-directional, application-aware filtering helps prevent distributed denial-of-service attacks.
Security: Online features
|
|
Internet Explorer protected mode | Helps protect users from malicious websites by restricting the browser's ability to modify user or system files and settings. |
|
Windows Defender | Helps protect your company's PCs by regularly scanning your computers and offering to remove any spyware or other unwanted software that it finds. |
|
Windows Firewall with Advanced Security | Provides advanced new capabilities to help better protect your network and your PCs from malicious attacks. |
Enable secure access to information
Windows Vista User Account Control helps protect corporate resources by allowing you to better manage operations requiring administrative privileges. You can run individual users at the lowest required level to reduce the risk of potential vulnerabilities to the operating system. Individual application privileges also let standard users change common settings without compromising security—and without spending time searching for a manager or IT staff person who has administrative rights.
Windows Vista allows you to monitor entry to restricted resources and records, helping to ensure security and meet compliance requirements while containing cost. Additionally, improvements to strong authentication via smartcards and new platform capabilities allow third parties to more easily adopt new authentication methods.
Security: Information access features
|
|
User Account Control | Increases security and improves total cost of ownership by reducing the need for users to work in administrator mode to be productive. |
|
New Logon Architecture | Delivers an improved authentication infrastructure that enables independent software vendors (ISVs) and organizations to implement their own authentication methods, such as biometrics or tokens, by writing credential providers. |
|
Network Access Protection | Restricts clients that lack current security updates or virus signatures from the network when used with Windows Server code-name "Longhorn." |
|
New Smartcard Infrastructure | Improves the flexibility of smartcard infrastructures by including drives for common smartcard readers and updates to Cryptographic Service Provider (CSP) modules via Windows Update. |
Protect and recover information
Windows Vista helps you keep data confidential by supporting data encryption at the disk, directory, or file level. Your company can assign whatever level of protection makes sense for your people and their computer use. Enhanced group policies help restrict the installation of potentially harmful hardware, while allowing you to better control who uses removable storage devices (such as USB flash memory drives)—reducing the risk of corporate data and intellectual property loss.
Security: Data protection features
|
|
Windows BitLocker Drive Encryption | Provides full-volume encryption and boot integrity checking to help ensure that the data on a company computer stays confidential, even if the PC is lost, stolen, or decommissioned. |
|
Windows Rights Management Services Client | Helps enterprise customers control and protect critical digital information that is shared with other users. |
|
Encrypting File System | Keeps data more secure even on shared computers by encrypting the files of each user. |
|
Group Policy for Device Installation | Helps block the installation of removable storage devices, such as USB flash drives and external hard drives, helping to prevent corporate intellectual property or sensitive data from being compromised or stolen. |
Microsoft Diagnostics and Recovery Toolset, part of the optional subscription to the Microsoft Desktop Optimization Pack, helps administrators recover PCs that have become unusable and easily identify root causes of system and network issues. If a desktop catastrophe does occur, you can quickly repair unbootable or locked-out systems, restore lost files more easily than with the time-consuming process of using back up or reinstalling the operating system, and much more.
Security: Diagnostics and recovery features
|
|
Crash Analyzer | Determines the most likely cause of a system crash. A point-and-click wizard helps select the most recent system crash dump file and reports on the driver that is most likely the cause. |
|
ERD Commander | Boots into a diagnostics environment on an unbootable PC using many recovery functions and tools, including resetting a password, removing a hot fix, viewing Event Logs, and changing critical OS settings. |
|
File Restore | Recover files that have been lost or deleted, including files emptied from the Recycle Bin, deleted by application programs and remote processes, lost with removed directories, or deleted via a command prompt. |
|
Insight for Active Directory | Get a real-time view of the transaction between the individual client and Active Directory to pinpoint and troubleshoot application activities. |
|
System Restore | Utilizes Windows Restore Points on a down PC to remove changes that could be causing it to malfunction. |
Some product features are only
available in certain editions of Windows Vista and may require advanced or additional hardware.