First look at Windows 7 security

Powered by SC Magazine
 

USB drive encryption to become standard on business PCs.

Keys, wallet, smartphone, laptop thumbdrive of sensitive corporate secrets: this is the list the average businessperson runs through before leaving the office.

But if a Ponemon Institute study this month of 967 respondents is to be believed, more than two in five have lost a device such as a USB drive that held data.

Memory product maker Kingston Technology released the first 128GB thumbdrive ($700) last week, which holds nearly 200 films, 44,000 songs or 27 million text files. That's a lot of corporate secrets to trust to such a package so flimsy on security.

BitLocker To Go, a key feature Microsoft's latest operating system Windows 7 to be released on October 22, is entering a field dominated by the likes of IronKey and Trend Micro to protect data stored on these tiny devices.

At a reviewers' briefing yesterday in Sydney, Microsoft Australia IT Pro evangelist Jeff Alexander demonstrated how the security software that comes with the next Windows halts data walking out the door.

Group policies are set so that information can't be written to a device such as a thumbdrive unless it was first encrypted with BitLocker To Go. Legacy desktops running Windows XP, for instance, read data stored on the devices using software that is installed when the BitLocker partition is created.

Deployment is simplified for IT managers because BitLocker doesn't need to be set up when the OS is installed. Chief information security officers can make a stronger case to deploy Windows 7 because group policies control its use under Windows Server 2008 R2.

Key escrow is held in Active Directory, easing recovery of lost passwords. And users benefit because the encrypted thumbdrives may be set to open on PCs they use routinely without entering passcodes, Alexander said.

Multi-factor authentication through the use of smart cards or biometrics may be deployed to strengthen access to corporate data.

AppLocker, another new feature, gives administrators fine control over which applications to allow on their fleet PCs. Prohibited applications are determined by rules such as program name, author or its unique signature (called a "hash tag") that will survive software updates.

Although Windows 7 built on the security foundations of Vista that it replaces, Microsoft flagged that some "low-level" applications such as firewalls and anti-virus software may need to be upgraded.

System administrators and helpdesk staff should find troubleshooting user problems is eased through the Problem Step Recorder that emails pedagogic screenshots and a text file illuminating the steps a user takes before they hit an error.

Windows 7 is netbook friendly, Microsoft said, and the Home Premium version will have the same installed "footprint" as its bigger brothers. Every version of Windows 7 (except the basic "Starter" pack) has identical features that are activated using the Windows Anytime upgrade function. Administrators buy activation keys to upgrade their installation although Microsoft was unsure about whether they would get these from the software maker or a reseller.

Microsoft also demonstrated an operating system "refresh", which erased an existing installation of Windows XP or Vista to replace it with Windows 7. It copied 6.3GB over 541 files of user data in about half an hour.

To follow Australian reviewers' comments during the session, search #W7AU on Twitter.

Key security features

BitLocker (improved from Vista SP1)

  • Minimum partition size 100MB
  • Simplifies encryption and key management for all drives using the Data Recovery Agent.
  • Store recovery information in Active Directory.
  • Right-click on drive in Explorer to enable.
  • Hidden partition created on Windows installation (no need to repartition the drive later).

BitLocker To Go (new)

  • Protects data on removable drives.
  • Option to require BitLocker To Go to store data on removable drives.
  • Reader installed on partition to access encrypted drives on earlier Windows versions (no OS X support).

AppLocker (new and improved)

  • Admins set fine rules for which applications are permitted that survives software upgrades.
  • PowerShell "cmdlets" when used with the audit function test and automate policies controlling software deployment on PCs.
  • Custom error messages may be set to inform the user when they attempt to access a prohibited application.

First look at Windows 7 security
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  21%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1463

Vote