Whenever possible, Windows Vista and Windows 7 security features have been designed to be transparent to end users and to require no administration time. Nonetheless, administrators and developers can benefit from understanding the architectural improvements. This section describes these architectural and internal improvements, as well as improvements that require additional applications or infrastructure.
Architectural and Internal Security Improvements in Windows Vista and Windows 7
Code Integrity : Detects malicious modifications to kernel files at startup.
Windows Resource Protection : Prevents potentially dangerous changes to system resources.
Kernel Patch Protection : Blocks potentially malicious changes that might compromise the integrity of the kernel on 64-bit systems.
Required Driver Signing : Requires drivers to be signed, which improves reliability and makes it more difficult to add malicious drivers. Mandatory on 64-bit systems.
Windows Service Hardening : Allows system services to access only those resources they normally need to access, reducing the impact of a compromised service.
Network Access Protection client : When used together with Windows Server 2008, helps to protect your network from clients who do not meet your security requirements.
Web Services for Management : Reduces risks associated with remote management by supporting encryption and authentication.
Crypto Next Generation services : Allows the addition of custom cryptographic algorithms to meet government requirements.
Data Execution Prevention : Reduces the risk of buffer overflow attacks by marking data sections of memory as nonexecutable.
Address Space Layout Randomization : Reduces the risk of buffer overflow attacks by assigning executable code to random memory locations.
New Logon Architecture : Simplifies development of custom logon mechanisms.
Rights Management Services client : Provides support for opening Rights Management Services protected documents when the proper applications are installed and the necessary infrastructure is in place.
Multiple Local Group Policy Objects : Allows administrators to apply multiple Local Group Policy Objects to a single computer, simplifying security configuration management for workgroup computers.
Source of Information : Windows 7 Resource Kit 2009 Microsoft Press
The desire to reduce the dependency on tape for recovery gave rise to the development of virtual tape libraries (VTLs) that use disk drives ...
On today’s Internet, IPv4 has the following disadvantages: • Limited address space. The most visible and urgent problem with using IPv4 on ...
The following are the advantages of WAP: ● Implementation near to the Internet model; ● Most modern mobile telephone devices support WAP; ...
Many of the virus, adware, security, and crash problems with Windows occu when someone installs a driver of dubious origin. The driver suppo...