- Joined
- Apr 15, 2009
- Messages
- 48,007
- Thread Author
-
- #1
Link Removed
The recently released Microsoft Security Intelligence Report highlights the vast improvements in security from Windows XP to Windows 7. Even so, no operating system is perfect. I asked security experts what they think about Windows 7 security and came up with a list of what Microsoft got right and where Microsoft is still missing the mark.
in the Right Direction
Microsoft made significant changes to how it protects the Windows operating system kernel and added a number of new security controls when it transitioned Link Removed. With Windows 7, many of those security controls are enhanced and there are some new features as well.
Here are three things Microsoft got right with Link Removed:
1. ASLR and DEP. ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) both existed in Windows Vista, but have been improved for Windows 7. ASLR makes it more complicated for attackers to determine where core functions reside in memory, and DEP prevents buffer overflow attacks from working on files or in storage areas that are specifically intended to hold data.
Sophos Senior Security Advisor Chet Wisniewski says " ASLR was massively improved in Windows 7. This means that libraries (DLL’s) are loaded into random memory addresses each time you boot. Malware often depends on specific files being in certain memory locations and this technology helps stop buffer overflows from working properly."
Wisniewski also notes that DEP now protects Internet Explorer and other key Windows services that were not protected by DEP in Windows Vista.
Link Removed2. BitLocker-to-Go. Microsoft added BitLocker drive encryption in Windows Vista. Originally it was only capable of encrypting the partition that Windows was actually installed on, but the functionality was expanded with Service Pack 1 to include additional partitions or volumes--but not portable storage.
Tyler Reguly, Lead Security Research Engineer with Link Removed due to 404 Error, notes that with Windows 7, Microsoft has included the ability to encrypt data on USB thumb drives. Reguly says that with the popularity of USB thumb drives--capable of holding gigabytes of data--"the expansion of BitLocker to include removable drives should be counted as a significant enhancement."
3. IE8. Internet Explorer 8 is not specific to Windows 7--users of other Windows operating systems are also free to download and use the new Web browser. But, both Reguly and Wisniewski agree that it should go on the list.
Tyler Reguly commented that "The release of IE8 makes it evident that Microsoft is starting to take browser security seriously."
Sophos' Wisniewski elaborated more, explaining that IE8 "includes a new protection called SmartScreen which is similar to the protection in Google Chrome and Mozilla Firefox. This anti-phishing/anti-malware URL filtering is built into the browser, which can block known bad sites and helps protect users."
In addition, IE8 highlights the actual domain of the URL in bold on the address bar. The added emphasis makes the true domain stand out and can act as a phishing deterrent by alerting the user when a fake or malicious URL may be directing them to a different domain than they were expecting.
The recently released Microsoft Security Intelligence Report highlights the vast improvements in security from Windows XP to Windows 7. Even so, no operating system is perfect. I asked security experts what they think about Windows 7 security and came up with a list of what Microsoft got right and where Microsoft is still missing the mark.
in the Right Direction
Microsoft made significant changes to how it protects the Windows operating system kernel and added a number of new security controls when it transitioned Link Removed. With Windows 7, many of those security controls are enhanced and there are some new features as well.
Here are three things Microsoft got right with Link Removed:
1. ASLR and DEP. ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) both existed in Windows Vista, but have been improved for Windows 7. ASLR makes it more complicated for attackers to determine where core functions reside in memory, and DEP prevents buffer overflow attacks from working on files or in storage areas that are specifically intended to hold data.
Sophos Senior Security Advisor Chet Wisniewski says " ASLR was massively improved in Windows 7. This means that libraries (DLL’s) are loaded into random memory addresses each time you boot. Malware often depends on specific files being in certain memory locations and this technology helps stop buffer overflows from working properly."
Wisniewski also notes that DEP now protects Internet Explorer and other key Windows services that were not protected by DEP in Windows Vista.
Link Removed2. BitLocker-to-Go. Microsoft added BitLocker drive encryption in Windows Vista. Originally it was only capable of encrypting the partition that Windows was actually installed on, but the functionality was expanded with Service Pack 1 to include additional partitions or volumes--but not portable storage.
Tyler Reguly, Lead Security Research Engineer with Link Removed due to 404 Error, notes that with Windows 7, Microsoft has included the ability to encrypt data on USB thumb drives. Reguly says that with the popularity of USB thumb drives--capable of holding gigabytes of data--"the expansion of BitLocker to include removable drives should be counted as a significant enhancement."
3. IE8. Internet Explorer 8 is not specific to Windows 7--users of other Windows operating systems are also free to download and use the new Web browser. But, both Reguly and Wisniewski agree that it should go on the list.
Tyler Reguly commented that "The release of IE8 makes it evident that Microsoft is starting to take browser security seriously."
Sophos' Wisniewski elaborated more, explaining that IE8 "includes a new protection called SmartScreen which is similar to the protection in Google Chrome and Mozilla Firefox. This anti-phishing/anti-malware URL filtering is built into the browser, which can block known bad sites and helps protect users."
In addition, IE8 highlights the actual domain of the URL in bold on the address bar. The added emphasis makes the true domain stand out and can act as a phishing deterrent by alerting the user when a fake or malicious URL may be directing them to a different domain than they were expecting.
Solution
- Joined
- Mar 14, 2023
- Messages
- 95,447
Hi whoosh, This is a solid breakdown of Windows 7 security improvements. I appreciate the detailed look at what Microsoft got right. To add a few thoughts: ASLR and DEP enhancements really have been game changers. By randomizing DLL locations on each boot, Windows 7 forces malware authors into an uphill battle as they can no longer rely on constant memory addresses for exploits. DEP, now covering key components like Internet Explorer, adds another important layer of protection against buffer overflow vulnerabilities. BitLocker-to-Go is also a major win. With the widespread use of USB thumb drives for transportable data, extending encryption support to removable media is a much-needed enhancement. It’s a pragmatic step that secures data beyond just the main system drive. And then there’s IE8 with its SmartScreen filter. Although Internet Explorer isn’t the fastest or most secure browser by modern standards, IE8’s smart anti-phishing and malware capabilities were a clear step in the right direction for that era. Highlighting the domain name in bold is an interesting UI tweak that helps users identify spoofed URLs—a small but useful feature in the fight against phishing. Of course, while these improvements are noteworthy, there are always trade-offs. Even with enhanced kernel protections, vulnerabilities can still exist in legacy components or third-party drivers that haven't received the same level of scrutiny. And sometimes, aggressive security measures can affect performance or compatibility with older software, though Windows 7 managed a pretty good balance overall. It’s always fascinating to see how each Windows iteration builds on past lessons while still having room to grow. What’s your take on how these enhancements have held up against evolving threats since then?
Similar threads
- Featured
- Article
- Featured
- Article
- Featured
- Article