Seven Security Myths of Windows 7

Network security is everyone’s concern. This also applies to computer security. Many security breaches occur due to user ignorance of basic security principles, not malicious intent. Good security begins with understanding what you can do to keep your systems safe and implementing a layered approach. If you depend on one program or feature to secure your computer and keep it safe (think a castle wall), then when (not if, but when) that dependency is breached, you may have personal information stolen or even have your computer taken over. Network and computer security are like an onion – there are multiple layers.

Windows 7 is Windows 7 When It Comes to Security Features

Not all versions of Windows 7 are created equal. Only the Ultimate and Enterprise editions contain all of the security features. The Professional edition does have Group Policy controls and Encrypting File System (EFS), but does not include AppLocker or BitLocker. The Home Premium version does not even have the reduced security features found in the Professional Edition. In short, you will have to pay more if you want the more advanced security features, so be careful to purchase the edition of Windows 7 that meets your security requirements.

Do You Myth the UAC (User Account Control)?

This may also be seen as the Principle of Least Privilege. In this principle, users or processes must be able to access only the information and resources required for their specific roles. Granting administrative access – even on a local computer – can lead to numerous security vulnerabilities. The User Account Control (UAC) component can limit changes being made to a computer that require administrator level permission. The UAC will notify a user if a change is attempted, and, if the user is an administrator, than the user can click “Yes” to continue. Relying solely on the UAC to provide security for changes to your system is an invitation to disaster – especially when UAC is turned off completely.

AppLocker, All You Need to Control Software

Network administrators have Software Restriction Policies that can be implemented to control the software behavior. AppLocker can extend the capabilities of Software Restriction policies. Now, an administrator can restrict or permit applications to run based on unique identities of files and to specify which users or groups can run these applications. In short, AppLocker is a powerful utility for network administrators; it cannot replace a more comprehensive security model including a robust anti-virus program. Trojan programs can still be used to install malware on a system, and users can be tricked into running other malware programs.

I Can Bitlocker, Can You?

BitLocker Drive Encryption is a feature available on Windows7 Enterprise and Windows 7 Ultimate (another myth-conception of Windows 7). BitLocker and BitLocker To Go provide another layer of security to limit the potential loss of data through the loss or theft of a computer. BitLocker To Go can be used to protect USB flash drives as well as external hard drives. Not all computers can use BitLocker or BitLocker To Go. While this is an excellent method to secure your data, BitLocker or BitLocker To Go should be used in conjunction with other security methods to control access to your data.

Where Can You DirectAccess?

There is always a secure, remote connection for Windows 7 users. Well, sort of. You would need to configure DirectAccess to provide for a secure automatic remote connection. DirectAccess allows users of Windows 7 Enterprise and Ultimate editions to make remote direct connections to a Windows Server 2008 R2 (as well as Windows 8 Server and beyond) server without having to use a VPN connection. When the computer connects to the Internet, DirectAccess automatically creates a secure connection to the corporate network without any action on the user’s part, and it automatically routes requests to the internal network through that connection.

Security Myth-Adventures of Windows 7

While Windows has more security features than previous editions and is vastly more secure, it simply does not have everything a business or home user requires to keep data and systems safe. There are many security threats beyond the capabilities of Windows 7 to provide a safe environment. New bots, hackers, identity theft techniques, rootkits, spyware, Trojans, and worms that can defeat even the best natively secured system.

The XP Myth (XP Mode)

Windows XP Mode (XPM) is a separate download available from Microsoft whereby you can run programs that were designed for Windows XP on computers running Windows 7. Windows XP Mode runs in a separate window on the Windows 7 desktop, much like a program, except it’s a fully functional version of Windows XP, and that is the concern. It is a complete Windows XP environment that is not protected in any way by the Windows 7 security controls (all of the above features we talked about). When you install a program in Windows XP Mode, that program will appear in both the Windows XP Mode list of programs and in the Windows 7 list of programs, so you can open the program directly from Windows 7. That means all of the vaunted security you have implemented now can potentially be bypassed.

Windows 7 is a very secure and robust operating system. For home users, it can be secured fairly easily, but you will want to invest in a good anti-virus program and possibly a firewall program as well. The corporate user has the advantage of having a partnership with the IT department and their security team. Windows 7 clearly demonstrates that Microsoft has done a fantastic job of producing a secure operating system. Now we just have to wait for Windows 8 to see what new security features will be available.

Excerpted from Global Knowledge: Seven Security Myths of Windows 7

Related Post
How to Upgrade to Windows 7

Related Courses
Defending Windows Networks
Administering and Maintaining Windows 7 (M50292)
Planning and Managing Windows 7 Desktop Deployments and Environments (M6294)

In this article

Join the Conversation