Vista SecurityWindows Vista Security Features <<previous|next>> :Windows Vista security may still not live up to Linux
Desktop operating system and mobile device management
Windows Vista malware protection
By Brien Posey
Over the last several years, Microsoft has received a lot of negative publicity regarding the various security vulnerabilities in its Windows operating systems and in Windows Explorer. I'm not saying that this publicity was undeserved. After all, who can forget the Windows XP spyware infestations from a couple of years ago? Let's face it, Microsoft has had a lot of problems with malware doing harm to its products.
In Windows Vista however, Microsoft has finally stepped up to the plate and taken the malware problem seriously. In fact, several Windows Vista security features are specifically designed to help in the fight against malware. Some of these features include: user account control, Windows Defender, the Malicious Software Removal Tool, a redesigned Windows firewall, and, of course, all of the new security features found in Internet Explorer 7. None of these security features offer a comprehensive solution to the malware problem by themselves, but when used together, these features do a far better job of protecting against malware than any previous Windows version.
User Account Control
One of the problems with previous versions of Windows was that standard user accounts didn't have sufficient permissions to perform many day-to-day tasks (such as downloading and installing application updates or connecting to a wireless network). Therefore, it was very common for members of the IT staff (and home users) to log on as an administrator just so that they could have control over their computer. Of course, the problem with being logged on as an administrator is that you have full control over the operating system, and so do any applications that you run. Unfortunately, this includes malware. If a virus attacks your computer and you are logged in as an administrator, the virus will have full access to all areas of the operating system.
In Windows Vista, basic user accounts have been given more privileges so that end users can perform day-to-day tasks. In essence, the User Account Control feature causes administrators to be treated as normal users. If a normal user attempts to perform an action that requires administrative permissions, Windows prompts the user for administrative credentials. If an administrator tries to perform an action which requires administrative permission, Windows prompts the user about whether or not the action is OK. This prevents a malware application from silently making malicious changes to the system in the background. If an administrator receives a prompt asking if it is OK to perform an action, and the administrator did not initiate the task, it should be a good indicator that malware might be present on the system.
Windows Defender is Microsoft's antispyware solution. Microsoft bought the Windows Defender code from a company called GIANT in 2004, and subsequently embedded it into Windows Vista (a version for Windows XP is also available). Windows Defender supposedly uses the same technology as Sunbelt Software's Counterspy. The chief difference is that Counterspy will work with older versions of Windows, whereas Windows Defender will not.
Windows Defender is primarily signature-based. Updated signatures are periodically downloaded through Windows Update to keep Windows Defender current. In addition, Windows Defender employs the use of several agents that monitor key areas of the Vista operating system for the types of changes commonly associated with malware activity.
The Malicious Software Removal Tool
The Malicious Software Removal Tool is Microsoft's antivirus solution. Each month a new version of the Malicious Software Removal Tool is automatically downloaded through Windows Update. Although the malicious Software Removal Tool is effective at removing malware infections, it should not be used as a substitute for a third party antivirus product. Third party antivirus products release signatures for viruses as soon as the viruses are discovered. Microsoft, on the other hand, releases updates to the Malicious Software Removal tool on the second Tuesday of every month. If a new virus were to be released after "patch Tuesday" you could be left vulnerable to the virus until the following month if you relied solely on the Malicious Software Removal Tool. Visit Microsoft's Web page to read more about the Malicious Software Removal Tool.
The Windows firewall
The Windows firewall made its initial debut as a part of Windows XP, but has been overhauled in Windows Vista. The primary new feature that helps in the spread of malware is that the Windows Vista firewall can now filter outbound traffic. This is especially important since so many types of malware attempt to "phone home".
The thing you should keep in mind about the Windows firewall in regards to malware protection is that outbound filtering is disabled by default. If you decide to enable outbound filtering, I recommend using the new Microsoft Management snap-in for Windows Firewall. This snap-in gives you many more configuration options than are available through the Security Center. You can access this snap-in by entering the MMC command at the Run prompt. When you do, Windows will open an empty management console. Choose the Add / Remove Snap-In command from the command prompt, then select the Windows firewall option from the list of available snap-ins. Click OK and you will be asked if you want to manage the firewall for the local computer or for another computer. Choose the Local computer option and click OK one more time, and you are in business.
I could easily write an entire series of articles on the security enhancements that have been made to Internet Explorer. From a malware standpoint though, the most significant security feature is probably the Add-on manager (which was created as a part of Windows XP Service Pack 2). The Add-on manager allows you to see what, if any, applications have attached themselves to Internet Explorer. The Add-on manager also gives you the option of enabling, disabling, or removing add-ons.
As you can see, Windows Vista has numerous security enhancements that are targeted at preventing malware infections. You can learn more about these security features at the "a href="http://technet.microsoft.com/en-us/windowsvista/aa905073.aspx" target="_blank">Windows Vista TechCenter.
About the author
Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as the CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies.
20 Mar 2007
Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.