I’ve been using several versions of Microsoft’s Windows Vista for the last few months. Although any beta’s feature set is not locked into stone until the release-to-manufacturing date, here’s a recap of some of the new security changes as I know them now.
UAC (User Account Control) is probably the most welcome security update. A large portion of today’s malware requires that the user executing the malware be logged in with administrative privileges. Unfortunately, for one reason or another, many of today’s users are logged in as administrators all the time.
UAC will avoid that problem by running most programs in a more restricted context (actually, it’s an expansion of the Restricted SID available in XP today), even when the user is an administrator. For example, if you are logged in as an administrator, your Internet Explorer session will still run as a non-admin user. To accomplish admin-level tasks, you’ll be prompted to re-enter your password.
On a related note, a new privilege is being added so that non-admin users can adjust the system's time zone settings. This is a welcome addition for traveling users.
Microsoft’s AntiSpyware software will be integrated into Windows Vista. This should prevent more malware from successfully deploying. And Registry redirection features will offer an extra layer of protection against malware, too: Legacy (pre-Vista) applications that expect to write directly to protected system Registry locations will instead be transparently redirected to virtual registries.
Vista also has Secure Startup. On Enterprise versions, this means the entire hard drive can be encrypted prior to boot, and the encryption key will be securely stored inside a Trusted Platform Module chip on the motherboard. Many of the methods used to circumvent permissions using NTFS-aware boot disks will no longer work.
There's improved auditing all the way around, including the ability to kick off external programs (such as a sniffer) when a specified event type is noted. You'll also have improved support for non-password authentication mechanisms (smart cards, fingerprint readers, etc.). On a related note, EFS (Encrypting File System) keys can be stored on smart cards.
Windows services, often an entry point for buffer overflows and malware, will be hardened. Although Vista will include more services than any of its predecessors, more of them will run in the Local Service and Network Service contexts (instead of Local System), along with a complete code inspection and rewrite of vulnerable services. Each service will be given its own SID, allowing permissions, privileges, and firewall settings to be set per service.
Microsoft has added a new NTFS ACE (access control entry) permission called Creator Owner. It will allow more granular permissions to be set ahead of time for new objects and their owners. Currently, NTFS permissions can be given to the Creator Owner’s group. This new ACE permission is the opposite -- it will allow for a permission called Creator Owner to be given to another security principal.
The Power Users group will be degraded or removed. The Windows Firewall will do outbound blocking, and the new version will alert the user when an unapproved program attempts to connect to an Internet location or attempts to set up a listening service.