The principles that mentioned at the end of the previous post "Windows Vista Security Advancements- part1") are reflected in the design and development of Windows Vista, which embraces a holistic approach to security that makes it a significant milestone along the path to achieving Microsoft’s vision of Trustworthy Computing.
Windows Vista is the first version of the Windows client to be developed using Microsoft’s Security Development Lifecycle, which makes security a top priority from the start by defining a repeatable engineering process that every developer must follow, and then verifying that process before release.
To improve security at the architectural level, Windows Vista implements a new strategy called Windows Service Hardening that improves the security of system services. Windows Vista also reduces the risk of buffer overrun vulnerabilities through improved testing and development processes, and it adds a number of enhancements to security on 64-bit systems.
With User Account Control, Windows Vista makes it easier for everyday users to run accounts with standard permissions, reducing the “surface area” for attacks. The Windows logon architecture has also been redesigned to improve reliability and enable alternative strong authentication methods.
Network Access Protection helps preserve the security of corporate networks by giving network administrators the tools to keep “unhealthy” machines off the network. Improved support for smart cards makes it easier for organizations to supplement passwords with multifactor authentication.
Windows Vista provides better protection from malware, potentially unwanted software and intrusions through the integration of Windows Defender anti-malware technology, an enhanced, bidirectional Windows Firewall, and advances in Windows Security Center to simplify the process of monitoring and remediating the security status of a user’s Windows PC.
Windows Vista also features a number of enhancements that help protect sensitive data, including Windows BitLocker™ Drive Encryption to better protect data on lost, stolen or decommissioned PCs, expanded Windows Rights Management Services that help organizations control who has access to sensitive data, and improvements to the Encrypting File System. Group policies for IT administrators have been enhanced to restrict the installation of new hardware and the use of USB keys and other removable storage devices.
Microsoft Internet Explorer® 7 in Windows Vista represents a major step forward in browser security and privacy protection. Its new browser architecture is designed to give users more confidence in the security of their browsing activity while also helping to protect their personal data from phishing attacks and fraudulent Web sites. Advances include a Protected Mode that enables a robust browsing experience while helping to prevent hackers from taking over a user’s browser and executing code. A new Fix My Settings feature helps users keep their security protections at the appropriate level when installing and using a variety of Internet applications. A Security Status Bar helps users quickly differentiate between authentic Web sites and suspicious or malicious ones, and the Microsoft Phishing Filter helps users browse more safely by advising them about suspicious or known phishing Web sites.