Security is the foundation of Windows Vista architecture. With Windows Vista, you will be able to connect to any user you want and do anything you want. I believe that Windows Vista can guarantee the security of your information and computer.
The security features of Windows Vista can prevent the latest threats (such as worms, viruses and malware). In case of successful intrusion, Windows Vista can ensure that the damage is minimized.
User account protection
By running applications with restricted licenses, Windows Vista user account protection bridges the gap between users and administrative rights. When you need to perform administrative tasks, such as installing software or drivers, Windows Vista will prompt you to confirm your intention or provide credentials.
For example, if you download a game that is actually a Trojan horse on the road, Windows Vista can prevent the game from performing malicious tasks because the user does not have sufficient rights to install it. When you need to install a printer driver for a hotel printer, Windows Vista will prompt you to confirm whether you really want to install this printer.
This protection, combined with the new protection mode function in Internet Explorer, can reduce the influence of viruses, spyware and other types of malware (collectively referred to as "malware").
Prevent the influence of malicious software
IT departments and individual users spend a lot of time and resources to solve problems caused by malware, and try to detect and prevent problems before they happen. Windows Vista contains powerful functions to prevent, detect and remove malware before it causes problems. Results: The computer performance was improved, the support telephone number was reduced and the security was improved.
Protect lost, stolen or stolen computers
Advanced data protection technology in Windows Vista reduces the risk that data in laptops or other computers will be viewed by unauthorized users, even if laptops are lost or stolen.
Windows Vista supports full volume encryption to prevent other operating systems from accessing files from disk. It also stores the key in the Trusted Platform Model (TPM) chip V 1.2. The entire system partition is encrypted, whether it is hibernation files or user data.
Custom verification mechanism
For many organizations, authenticating users with user names and passwords is not enough to ensure the necessary level of security. Windows Vista improves smart card support, which makes it easier for developers to implement custom authentication mechanisms, such as biometrics and tokens.
Network access protection
Viruses and worms can attack protected internal networks through mobile computers that have not downloaded the latest upgrades, security configuration settings or virus signatures. Mobile users may connect to unprotected networks in hotels, airports or coffee shops, and their computers may be infected by malware or viruses. Windows Vista has the function of network access protection, which can prevent computers with compromised security from connecting to your internal network until it meets your security standards.
firewall
Windows Vista provides outgoing and incoming filtering, which can be managed centrally through group policy. This allows administrators to control which applications are allowed or blocked from communicating on the network. Controlling network access is one of the most important ways to reduce security risks.
Windows service enhancement
In case an intruder discovers and exploits a vulnerable service, Windows service enhancement will limit the extent of this damage. It does this by preventing damaged services from changing important configuration settings in the file system or registry or infecting other computers on the network. For example, you can prevent the Remote Procedure Call (RPC) service from replacing system files or modifying the registry.
Internet Explorer 7 enhancements
Internet Explorer 7 contains many features that can block malicious websites and malware. The new protection mode provides Internet Explorer 7 in Windows Vista with sufficient rights to browse the Web, but it has no right to modify user settings or data without the user's consent.
To prevent phishing and spoofing attacks, Internet Explorer 7 performs the following tasks:
When users visit a site protected by Secure Sockets Layer, highlight the address bar and allow them to easily check the legality of the site security certificate.
Includes a phishing filter that warns users if they are visiting a known unsafe website.
Allows users to clear all cached data with a single click.
With Internet Explorer, users can browse with more peace of mind and security.
The next version of Windows client provides some good functions, but without practice, there is no right to speak. We still have to wait until next year when it is released and people are running away, before we can make a more objective and correct evaluation of it. In recent years, especially after the release of Windows XP Service Pack 2, Microsoft has been intensively strengthening the security of Windows and Internet browsers. Sometimes, the efforts made by Microsoft are hard to see, but I think they have made progress. However, in the upcoming version of Windows, Microsoft does have the opportunity to do some work to fundamentally attack security.
Like Service Pack 2, these changes will upset the existing application system, which requires independent software vendors (ISVs) and device driver developers to make corresponding changes. I want to say that this is the case, just like when SP2 appeared, independent software developers would spend a lot of time updating their software. If a product doesn't work properly when Vista is released in the second half of next year, it is almost certain that independent software developers are the culprit.
Other operating systems or third-party products provide many of these "new" functions, but it is not so easy to make these functions standard in Windows. I want to do some work on some more important functions.
For a long time, whether on the network or on the local host, collaborative IT has been famous for managing Windows users with limited rights (if it is not famous, it means that it is not qualified for this job). For ordinary home users, IT is not difficult to set up such an account, but usually, collaborative IT is used for applications that require greater permissions, and these permissions are only provided to a small number of users of Windows XP.
In Windows Vista, firstly, the attitude towards this issue has changed. The privileged object is no longer a "minority" user, but now an account. It is not easy to get an account with administrator rights, but in general, it is not necessary to have such an account. If you want to do something that requires administrator authority, such as changing firewall settings, the system can provide you with an opportunity to get an account with sufficient authority, such as giving you an administrator account. In this way, you can use the ordinary account operating system at ordinary times and have administrator rights when necessary. This is called "user account protection", and the beta 1 version must implement this function manually.
Of course, this method comes directly from Mac OS X, and Mac advocates that this is the best way to solve the problem, but in fact, how this method can protect you still has certain limitations. Many spyware or adware installed on Windows are not caused by users' carelessness, they do it on purpose. You want that cool toolbar, and you know that you are installing a software, so of course you will give it administrator rights or other conditions to meet its needs. This is what you need to do to install genuine software. On the other hand, we should provide protection against silent driver download, otherwise, stupid users will be used again.
Another feature of user account protection is that when writing a program to protect the file system and the registry, these codes are actually placed in an independent area and maintained by a single user, which is called virtual storage. This is the same as the situation on the terminal server. In fact, I really want to know why the virtual storage is stored in the C:\Virtual Store directory of the C drive, rather than in each user's own Documents and Settings folder like the terminal server.
IE7 and others
In Windows Vista and Windows XP, Internet Explorer 7 has many new security-related functions, but the most important function can only be displayed in XP. The default working mode of IE is an incomplete mode, which is called protection mode. Doing dangerous work requires special permission, which is a special user account protection mechanism of the browser.
With the user account protection mechanism, it is possible to stumble in social engineering. Even if this mechanism is perfect, you need to convince users that they are really doing something that Windows warns may be dangerous. There are many other cool and useful security features in IE7, but they can only be used in Windows XP.
For example, NAP (Network Access Protection), which has been popular for some time, appeared, meeting the requirements of Windows Server 2003. NAP is a collection of programs and policies, which defines the security and other requirements of customers before networking. These requirements can be the latest updates and patches of Windows, updating anti-virus software, installing other software and so on.
The progress made by Vista may be as simple as bundling the client components of NAP, but it would be quite good if people were encouraged to use Vista. I have a dream that one day, such a system will appear, simple enough for ISP to use, and drive malicious users out of their own networks-but there is still a certain gap between reality and ideal.
Of course, there is a big gap. Windows firewall will eventually filter traffic data. EFS disk encryption will also be improved. The system will give an overview of the Windows program to identify the resources used by the program (such as TCP ports) and other factors that may cause the red alert. Microsoft Malware Removal Tool running at the time of update will be used here. All this is very important, and I believe I will study him more deeply in the next few months.
This is not the first time that Microsoft has paid so much attention to security, so it is too early to declare that it has won the security threat. Microsoft has considered the future of these problems very carefully. But the next version does provide a lot of good features. Since the upsurge of providing non-secure services in the late 1990s, Microsoft has been trying to set the boat of security sail. If all Windows users will use Vista, the network may become a safer home.