Architectural and Internal Security Improvements

Whenever possible, Windows Vista and Windows 7 security features have been designed to be transparent to end users and to require no administration time. Nonetheless, administrators and developers can benefit from understanding the architectural improvements. This section describes these architectural and internal improvements, as well as improvements that require additional applications or infrastructure.

Architectural and Internal Security Improvements in Windows Vista and Windows 7
Code Integrity : Detects malicious modifications to kernel files at startup.

Windows Resource Protection : Prevents potentially dangerous changes to system resources.
Kernel Patch Protection : Blocks potentially malicious changes that might compromise the integrity of the kernel on 64-bit systems.

Required Driver Signing : Requires drivers to be signed, which improves reliability and makes it more difficult to add malicious drivers. Mandatory on 64-bit systems.

Windows Service Hardening : Allows system services to access only those resources they normally need to access, reducing the impact of a compromised service.

Network Access Protection client : When used together with Windows Server 2008, helps to protect your network from clients who do not meet your security requirements.

Web Services for Management : Reduces risks associated with remote management by supporting encryption and authentication.

Crypto Next Generation services : Allows the addition of custom cryptographic algorithms to meet government requirements.

Data Execution Prevention : Reduces the risk of buffer overflow attacks by marking data sections of memory as nonexecutable.

Address Space Layout Randomization : Reduces the risk of buffer overflow attacks by assigning executable code to random memory locations.

New Logon Architecture : Simplifies development of custom logon mechanisms.

Rights Management Services client : Provides support for opening Rights Management Services protected documents when the proper applications are installed and the necessary infrastructure is in place.

Multiple Local Group Policy Objects : Allows administrators to apply multiple Local Group Policy Objects to a single computer, simplifying security configuration management for workgroup computers.


Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

No comments:

Cloud storage is for blocks too, not just files

One of the misconceptions about cloud storage is that it is only useful for storing files. This assumption comes from the popularity of file...