Windows 7 Security Features Get Tough

Two years after Windows Vista debuted, many companies have yet to upgrade. And in many instances their reluctance to migrate to Vista stemmed from concern about security.

Microsoft hass responded with its latest operating system, Windows 7, currently in public beta and expected to ship later this year. In Windows 7, new security features have been added, popular features expanded, and familiar features enhanced. Here's a look at a dozen or so security improvements that we expect will convince even the most recalcitrant corporate clients to upgrade.

Improved Migration Tools

Microsoft says that Windows 7 will be faster and easier to roll out across an enterprise than previous OS migrations were. Much of the credit for the anticipated improvement goes to new tools such as Dynamic Driver Provisioning, Multicast Multiple Stream Transfer, and Virtual Desktop Infrastructure.

With Dynamic Driver Provisioning, drivers are stored centrally, separate from images. IT professionals can arrange for installation by individual BIOS sets or by the Plug and Play IDs of a PC's hardware. Microsoft says that reducing the number of unnecessary drivers installed will help avoid potential conflicts and will accelerate installation. With Windows 7, as with Windows Vista, IT professionals can update system images offline, and even maintain a library of images that includes different drivers, packages, features, and software updates.

Rolling out any particular image across the entire network--or even installing individual images on desktops--is faster in Windows 7, thanks to the new Multicast Multiple Stream Transfer feature. Instead of individually connecting to each client, deployment servers "broadcast" the images across the network to multiple clients simultaneously.

Virtual Desktop Infrastructure (VDI), another desktop deployment model, allows users to access their desktops remotely, thereby centralizing data, applications, and operating systems. VDI supports Windows Aero, Windows Media Player 11 video, multiple-monitor configurations, and microphone support for voice over IP (VoIP) and speech recognition. New Easy Print technology permits VDI users to print to local printers. But use of VDI requires a special license from Microsoft, and doesn't offer the full functionality of an installed operating system.

Protecting Corporate Assets

Once the OS is installed, organizations may protect their assets with authentication for log-in. Windows Vista included drivers for fingerprint scanners, and Windows 7 makes such devices easier for IT professionals and end-users to set up, configure, and manage. Windows 7 extends the smart card support offered in Windows Vista by automatically installing the drivers required to support smart cards and smart card readers, without administrative permission.

IT professionals may further protect the contents of their Windows 7 volumes with BitLocker, Microsoft's whole-disk encryption system. Windows Vista users have to repartition their hard drive to create the required hidden boot partition, but Windows 7 creates that partition automatically when BitLocker is enabled. In Windows Vista, IT professionals must use a unique recovery key for each protected volume. But Windows 7 extends the Data Recovery Agent (DRA) to include all encrypted volumes; as a result, only one encryption key is needed on any BitLocker-encrypted Windows machine.

BitLocker To Go is a new feature that lets users share BitLocker-protected files with users running Windows Vista and Windows XP. The BitLocker To Go desktop reader provides simple, read-only access to the protected files on non-BitLocker-protected systems. To unlock the protected files, the user must provide the appropriate password (or smart-card credentials).

Subscribe to the Best of TechHive Newsletter

Comments