A guide to Windows 7 security

Lock down your PC, protect your data, and safeguard your network with Windows 7's security tools.

Until now, Windows Vista was the most secure version of the Windows operating system. Windows 7 picks up where Vista left off, and improves on that foundation to provide an even more secure computing experience. Microsoft also incorporated user feedback about Vista to enrich the user experience and to ensure that the security features are intuitive and user-friendly. Here's a look at some of the more significant security enhancements in Windows 7.

Core System Security

As it did with Windows Vista, Microsoft developed Windows 7 according to the Security Development Lifecycle (SDL). It built the new OS from the ground up to be a secure computing environment and retained the key security features that helped protect Vista, such as Kernel Patch Protection, Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Mandatory Integrity Levels. These features provide a strong foundation to guard against malicious software and other attacks. A few key elements are worth noting.

Enhanced UAC

You're probably familiar with UAC, or User Account Control. Introduced with Windows Vista, the feature is meant to help enforce least-privileged access and to improve the total cost of ownership by allowing organizations to deploy the operating system without granting administrator access to users. Though Microsoft's primary intent with UAC was to force software developers to use better coding practices and not expect access to sensitive areas of the operating system, most people have perceived UAC as a security feature.

When users think of UAC, they typically associate it with the access-consent prompts it issues. Though Microsoft has made significant progress since Vista's introduction in reducing the types and number of events that trigger the UAC prompt (or that prevent standard users from executing tasks entirely), UAC has still been the subject of a great deal of negative feedback for Vista.

171979-fig1.uacslider._originaljpeg

With Windows 7, Microsoft has again reduced the number of applications and operating system tasks that trigger the prompt. It has also incorporated a more flexible interface for UAC. Under User Accounts in the Control Panel, you can select Change User Account Control Settings to adjust the feature with a slider.

The configuration slider lets you choose from among four levels of UAC protection, ranging from Always Notify (essentially the level of UAC protection that Windows Vista provides) to Never Notify. Obviously, you'll get the most protection with Always Notify. The advantage to setting the slider to Never Notify as opposed to disabling UAC completely is that the prompt is only one aspect of what UAC does. Under the Never Notify setting, though UAC pop-ups will no longer interrupt you, some of UAC's core protections will remain, including Protected Mode Internet Explorer.

Integrated Fingerprint Scanner Support

Many Windows users configure the operating system to log them in without a user name and password--but that's the computer equivalent of leaving the front door of your house wide open with a neon sign flashing "Enter Here." I highly recommend that you assign all user accounts in Windows 7 a relatively strong password or passphrase (that means your dog's name or your favorite basketball team don't count).

Even passwords aren't all they're cracked up to be. Passwords are secure only until they're cracked, and cracking a password is more a matter of when than if, assuming an attacker is sufficiently dedicated. Experts recommend two-factor authentications--in other words, adding another layer of protection on top of the password--for better security. Many computers, laptops in particular, come equipped with built-in biometric security in the form of a fingerprint scanner. With Windows 7, Microsoft provides much smoother integration between the operating system and the fingerprint-scanning hardware.

171979-fig2.fingerprintscanner._originaljpeg

Windows 7 has better driver support and more reliable fingerprint reading across different hardware platforms. Configuring and using a fingerprint reader with Windows 7 for logging in to the operating system, as well as for authenticating users for other applications and Web sites, is easy. Click on Biometric Devices in the Control Panel to access the console for enrolling and managing fingerprint data and customizing biometric-security settings.

The Biometric Devices console will display any detected biometric devices. If the fingerprint reader is not yet configured, the status will display 'Not Enrolled'. Click on that status to access the console.

You can add scans of one finger or all ten. Adding multiple fingers allows you to continue using the biometric security even if your primary finger is in a bandage, for instance, or if your hand is in a cast. On screen, select the finger you want to add, and then place your finger on the fingerprint reader (or slowly drag your finger across the reader, depending on the type of hardware you have). You will have to scan each finger successfully at least three times to register it in the database, similar to how you have to reenter a password to confirm that you entered it correctly.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags Windows VistasecurityWindows 7

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?