Windows 7 security – close, but still room for improvement

I have been quite impressed with Microsoft’s focus on security with the upcoming Windows 7 release. In addition to them entering the anti-virus market, they have stepped back and taken a serious look at how to better secure the Windows platform, and how users react and interact with the protections they are introducing.

The Windows Biometric Framework is a major step forward. Providing an integrated means of authenticating users using alternatives to traditional password based methods is a welcome addition to the password only defaults in current editions of Windows. Although it only supports fingerprint readers at launch, it looks like a lot of thought was put into the API’s and framework to support future technologies.

Bitlocker To Go is another smart initiative to better secure the increasing quantity of removable media devices users are gravitating towards. Sophos already supports key management for Bitlocker protected systems through our recent acquisition of SafeGuard Enterprise and the addition of Bitlocker support for removable drives enhances the security of users of Windows 7. Microsoft has ensured legacy systems are able to access these disks as well including Windows XP and Windows Vista.

User Account Control has also seen improvements, and the focus has been on removing redundancy of prompts and only prompting (by default) for non-MS published applications. This should better mirror the Mac OS X and Ubuntu Linux experience, providing the user with an opportunity to read and understand actions asking for approval, rather than clicking “Yes” to get rid of the nagware.

This all leads me to ask a question about one regression, and one omission.

Vista Security Center warning

First we see the alerts displayed by Windows Security Center in Windows Vista.

If a user is not protected by anti-virus their attention is demanded by the shield in the tray which turns red and they get a pop-up as seen above alerting them to the situation.

Now let’s look at how Windows 7 behaves.

Windows 7 Security Center warning

On the right hand side you’ll see the Windows 7 Action Center which serves a similar purpose to Security Center. However the icon is not indicative of what the heck it is (A Flag!?) and it only presents a tiny red X to indicate something may be wrong. Gone is the pop-up.

Considering immediately upon first login, Microsoft provides a dire warning about ensuring you have AV protection, I find this a step backwards in protecting users from connecting their computers to networks in an unprotected state.

Why have they regressed?

Hopefully it is not too late…

Second, is the much blogged about extension hiding. The time for this “feature” to go away is long overdue, and now would be an excellent time for our friends in Redmond to do the right thing.

It’s common knowledge what an extension is to most computer users in the 21st century, and helping malware authors to continue their trojan brigade is close to aiding and abetting a crime. A user who sees an attachment in Windows 7 called userguide.pdf unfortunately may already fall victim to the latest PDF exploit, they don’t need to run an .EXE based trojan because it was named userguide.pdf.exe and Windows chose to hide it.

Microsoft: It’s not too late. You have the ability to produce the most secure Windows yet. Wrap up the remaining few ends and we can all look forward to a more secure future.