Windows 7 security primer, part four

Roger Grimes wraps up his four-part series with a look at the improved Internet Explorer, smarter firewall, and more

Welcome to part four of my four-part series of articles discussing significant security improvements and changes found in Windows 7. In part one, I provided an overview of some noteworthy security deltas. In part two, I delved into XP Mode. Part three cracked open AppLocker. This week, I'll wrap up the series with a look out several additional major security improvements. Once again, I'll mention here that I'm a full-time employee at Microsoft.

Improved IE
You don't need Windows 7 to run IE 8, although if you're running an older version of IE, you should upgrade to the latest version as soon as possible. Certainly application and Web site compatibility issues will guide how quickly someone can move to IE 8, but I find many clients who are still clinging to IE 6 and haven't done compatibility testing in over a year. Often when I goad them into retesting the previously troublesome application with IE 8, it works -- and has been working for some time.

[ Also in InfoWorld: Security experts are investigating widespread cyber espionage. | Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

Why move to IE 8?  Because it is more secure by default and more secure on Windows 7 than Windows XP. The recent Chinese Google zero-day hacking attack demonstrates this more effectively than anything I could come up with. The Chinese attacks work most effectively on IE 6 and not very well on IE 8. See the relative risk ratings. Microsoft tested some related exploits and found across the board that they were significantly harder to accomplish in IE 8 and even more so in Windows 7. Although some readers may accuse me of just being an IE fanboy, using the latest version of whatever browser you prefer is always good security advice.

Better ciphers
Windows 7 includes all the latest industry-accepted ciphers, including AES (Advanced Encryption Standard), ECC (Elliptical Curve Cryptography), and the SHA-2 hash family. In fact, the U.S. government's entire recommended Suite B cipher series is implemented. Suite B is a group of cryptographic algorithms that is approved by the United States National Security Agency.

By default, all current technologies in Windows will use industry-accepted ciphers. No more legacy proprietary ciphers are used. Those legacy ciphers that still exist are included only for backward-compatability purposes. Microsoft has shared the new ciphers in detail with the crypto world for analysis and evaluation. Key and hash sizes are increased by default.

1 2 Page 1
Page 1 of 2
Microsoft's very bad year for security: A timeline