A guide to Windows 7 security

Lock down your PC, protect your data, and safeguard your network with Windows 7's security tools.

Until now, Windows Vista was the most secure version of the Windows operating system. Windows 7 picks up where Vista left off, and improves on that foundation to provide an even more secure computing experience. Microsoft also incorporated user feedback about Vista to enrich the user experience and to ensure that the security features are intuitive and user-friendly. Here's a look at some of the more significant security enhancements in Windows 7.

Core System Security

As it did with Windows Vista, Microsoft developed Windows 7 according to the Security Development Lifecycle (SDL). It built the new OS from the ground up to be a secure computing environment and retained the key security features that helped protect Vista, such as Kernel Patch Protection, Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Mandatory Integrity Levels. These features provide a strong foundation to guard against malicious software and other attacks. A few key elements are worth noting.

Enhanced UAC

You're probably familiar with UAC, or User Account Control. Introduced with Windows Vista, the feature is meant to help enforce least-privileged access and to improve the total cost of ownership by allowing organizations to deploy the operating system without granting administrator access to users. Though Microsoft's primary intent with UAC was to force software developers to use better coding practices and not expect access to sensitive areas of the operating system, most people have perceived UAC as a security feature.

When users think of UAC, they typically associate it with the access-consent prompts it issues. Though Microsoft has made significant progress since Vista's introduction in reducing the types and number of events that trigger the UAC prompt (or that prevent standard users from executing tasks entirely), UAC has still been the subject of a great deal of negative feedback for Vista.

171979-fig1.uacslider._originaljpeg

With Windows 7, Microsoft has again reduced the number of applications and operating system tasks that trigger the prompt. It has also incorporated a more flexible interface for UAC. Under User Accounts in the Control Panel, you can select Change User Account Control Settings to adjust the feature with a slider.

The configuration slider lets you choose from among four levels of UAC protection, ranging from Always Notify (essentially the level of UAC protection that Windows Vista provides) to Never Notify. Obviously, you'll get the most protection with Always Notify. The advantage to setting the slider to Never Notify as opposed to disabling UAC completely is that the prompt is only one aspect of what UAC does. Under the Never Notify setting, though UAC pop-ups will no longer interrupt you, some of UAC's core protections will remain, including Protected Mode Internet Explorer.

Integrated Fingerprint Scanner Support

Many Windows users configure the operating system to log them in without a user name and password--but that's the computer equivalent of leaving the front door of your house wide open with a neon sign flashing "Enter Here." I highly recommend that you assign all user accounts in Windows 7 a relatively strong password or passphrase (that means your dog's name or your favorite basketball team don't count).

Even passwords aren't all they're cracked up to be. Passwords are secure only until they're cracked, and cracking a password is more a matter of when than if, assuming an attacker is sufficiently dedicated. Experts recommend two-factor authentications--in other words, adding another layer of protection on top of the password--for better security. Many computers, laptops in particular, come equipped with built-in biometric security in the form of a fingerprint scanner. With Windows 7, Microsoft provides much smoother integration between the operating system and the fingerprint-scanning hardware.

171979-fig2.fingerprintscanner._originaljpeg

Windows 7 has better driver support and more reliable fingerprint reading across different hardware platforms. Configuring and using a fingerprint reader with Windows 7 for logging in to the operating system, as well as for authenticating users for other applications and Web sites, is easy. Click on Biometric Devices in the Control Panel to access the console for enrolling and managing fingerprint data and customizing biometric-security settings.

The Biometric Devices console will display any detected biometric devices. If the fingerprint reader is not yet configured, the status will display 'Not Enrolled'. Click on that status to access the console.

You can add scans of one finger or all ten. Adding multiple fingers allows you to continue using the biometric security even if your primary finger is in a bandage, for instance, or if your hand is in a cast. On screen, select the finger you want to add, and then place your finger on the fingerprint reader (or slowly drag your finger across the reader, depending on the type of hardware you have). You will have to scan each finger successfully at least three times to register it in the database, similar to how you have to reenter a password to confirm that you entered it correctly.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Windows 7Windows Vista

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Brand Post

Bitdefender 2019

Taking cybersecurity to the highest level and order now for a special discount on the world’s most awarded and trusted cybersecurity. Be aware without a care!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?