One of Vista’s main security improvements is BitLocker Drive Encryption, which protects confidential data if computers are lost or stolen, says Wole Moses, a security expert at Microsoft’s regional Windows client solutions division in Turkey.
Speaking at the Tech Ed conference held in Auckland last week, Moses explained how BitLocker prevents attackers who boot another operating system or run a hacking tool from breaking Vista file and system protections. BitLocker also prevents offline viewing of files stored on the protected drive.
“With BitLocker Drive Encryption we do a full volume encryption of the content of the hard drive,” he says.
User Account Control is another new Vista feature that aims to balance security requirements and user productivity. It protects computers by having users run in standard user mode but, at the same time, reduces the need for administrator privileges when performing common tasks, such as connecting to a secure wireless network or changing display settings, he says.
User Account Control also limits administrator-level access to authorised processes, but gives IT administrators “elevation potential” for specific administrative tasks and application functions, says Microsoft.
“It helps protect the machines from malware without limiting the [machine’s] abilities for end-users [as much as it did previously]. User Account Control is kind of combining the best of both worlds,” says Moses.
Moses also talked about group policies for USB device blocking — organisations can either lock-down the ability for users to install USB devices or decide which USB devices can be installed — as well as a new phishing filter in Internet Explorer, and Windows Defender, the new anti-spyware product.
All these new features add to the complexity of Vista and could potentially cause confusion for IT managers. The answer to that is education, says Moses.
Microsoft does a lot of proactive work with its partners around the world, he says, training them on Vista features so that the partners can develop their own offerings for customers.
Ten years ago security threats were relatively rare and when they did exist they were more mischievous than damaging, says Moses.
“Five years later, viruses became much more malicious and destructive. Often their goal was to bring down corporate networks or lock up machines,” he says.
“The types of malware we see today all have one thing in common. Their goal, in most cases, is intellectual property theft or identity theft. That is the progression. It’s like a child growing up. First it is mischievous, then it becomes a vandal, and later on [he or she] wants to get paid,” he says.
Another trend is that exploits are written faster and faster, he says. The time between a vulnerability being announced and an exploit taking advantage of it is shrinking, but applications such as User Account Control can help mitigate against these risks, says Moses.
Moses also shared a few tips on how to keep costs down with Vista.
“We have a new imaging format that helps reduce the cost of building, testing and updating Windows images,” he says.
Today, every unique type of hardware in the organisation requires a unique image, he says.
“In Vista the imaging format is hardware agnostic, so you will be able to build an image that can be applied to all of your different hardware,” he says.
Another tip involves using Business Desktop Deployment, which can help customers go from manual deployment of Windows to a combination of manual and automated processes, or all the way to automated deployment, without IT staff having to intervene.
A third way to reduce costs is to use group policies to manage computers’ power settings. IT staff can set a group policy for machines to go in to sleep mode after a certain amount of time, for example.
Microsoft data says customers can save around US$63 (NZ$99) per year, per machine by turning them off or have them in sleep mode over night, says Moses.