A guide to Windows 7 security

Lock down your PC, protect your data, and safeguard your network with Windows 7's security tools.

Until now, Windows Vista was the most secure version of the Windows operating system. Windows 7 picks up where Vista left off, and improves on that foundation to provide an even more secure computing experience. Microsoft also incorporated user feedback about Vista to enrich the user experience and to ensure that the security features are intuitive and user-friendly. Here's a look at some of the more significant security enhancements in Windows 7.

Core System Security

As it did with Windows Vista, Microsoft developed Windows 7 according to the Security Development Lifecycle (SDL). It built the new OS from the ground up to be a secure computing environment and retained the key security features that helped protect Vista, such as Kernel Patch Protection, Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Mandatory Integrity Levels. These features provide a strong foundation to guard against malicious software and other attacks. A few key elements are worth noting.

Enhanced UAC

You're probably familiar with UAC, or User Account Control. Introduced with Windows Vista, the feature is meant to help enforce least-privileged access and to improve the total cost of ownership by allowing organizations to deploy the operating system without granting administrator access to users. Though Microsoft's primary intent with UAC was to force software developers to use better coding practices and not expect access to sensitive areas of the operating system, most people have perceived UAC as a security feature.

When users think of UAC, they typically associate it with the access-consent prompts it issues. Though Microsoft has made significant progress since Vista's introduction in reducing the types and number of events that trigger the UAC prompt (or that prevent standard users from executing tasks entirely), UAC has still been the subject of a great deal of negative feedback for Vista.

171979-fig1.uacslider._originaljpeg

With Windows 7, Microsoft has again reduced the number of applications and operating system tasks that trigger the prompt. It has also incorporated a more flexible interface for UAC. Under User Accounts in the Control Panel, you can select Change User Account Control Settings to adjust the feature with a slider.

The configuration slider lets you choose from among four levels of UAC protection, ranging from Always Notify (essentially the level of UAC protection that Windows Vista provides) to Never Notify. Obviously, you'll get the most protection with Always Notify. The advantage to setting the slider to Never Notify as opposed to disabling UAC completely is that the prompt is only one aspect of what UAC does. Under the Never Notify setting, though UAC pop-ups will no longer interrupt you, some of UAC's core protections will remain, including Protected Mode Internet Explorer.

Integrated Fingerprint Scanner Support

Many Windows users configure the operating system to log them in without a user name and password--but that's the computer equivalent of leaving the front door of your house wide open with a neon sign flashing "Enter Here." I highly recommend that you assign all user accounts in Windows 7 a relatively strong password or passphrase (that means your dog's name or your favorite basketball team don't count).

Even passwords aren't all they're cracked up to be. Passwords are secure only until they're cracked, and cracking a password is more a matter of when than if, assuming an attacker is sufficiently dedicated. Experts recommend two-factor authentications--in other words, adding another layer of protection on top of the password--for better security. Many computers, laptops in particular, come equipped with built-in biometric security in the form of a fingerprint scanner. With Windows 7, Microsoft provides much smoother integration between the operating system and the fingerprint-scanning hardware.

171979-fig2.fingerprintscanner._originaljpeg

Windows 7 has better driver support and more reliable fingerprint reading across different hardware platforms. Configuring and using a fingerprint reader with Windows 7 for logging in to the operating system, as well as for authenticating users for other applications and Web sites, is easy. Click on Biometric Devices in the Control Panel to access the console for enrolling and managing fingerprint data and customizing biometric-security settings.

The Biometric Devices console will display any detected biometric devices. If the fingerprint reader is not yet configured, the status will display 'Not Enrolled'. Click on that status to access the console.

You can add scans of one finger or all ten. Adding multiple fingers allows you to continue using the biometric security even if your primary finger is in a bandage, for instance, or if your hand is in a cast. On screen, select the finger you want to add, and then place your finger on the fingerprint reader (or slowly drag your finger across the reader, depending on the type of hardware you have). You will have to scan each finger successfully at least three times to register it in the database, similar to how you have to reenter a password to confirm that you entered it correctly.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Windows VistasecurityWindows 7

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?