Return to main newsletter

Windows 7 no replacement for layered security

An unprecedented volume of data is being uploaded to sites like Facebook every minute and research by Sophos confirms that firms are worried about the security threat this poses.
 

The security enhancements in Windows 7 will enable Microsoft to put up a stronger fight against competing operating systems but they will not replace traditional layers of security for corporate networks. These are the claims of one senior technologist at Internet security firm Sophos.

In a podcast interview, James Lyne analysed various aspects of Microsoft’s new operating system, due for release later this year, and concluded that whilst it contains elements that may deliver real value to certain users, Windows 7 is not able to single-handedly protect companies from security threats and data leakage.

Windows Firewall

The Windows 7 firewall policy model is much stronger than its Vista predecessor and now includes bidirectional filtering as well as multiple locations so that a user may differentiate between browsing in Starbucks or at home. But Lyne points out that businesses need to consolidate their security management into one central location and is sceptical as to whether companies would choose a Windows 7 firewall over a global network policy.

UAC (User Account Control)

The notoriously intrusive UAC feature in Vista, which continually asks the user to approve such actions as installing unknown devices and software, is still present in Windows 7 but is less conspicuous. However, Lyne states that any user authorisation policy is ultimately flawed because the user is rarely qualified to identify a potential threat.

Lyne comments: “What’s required is a more centrally defined policy that says what is good and bad on a computer. Why should the secretary or the guy sitting there doing his accounts have to be an expert in whether XYZ application can access this arbitrary location in the registry.”
 

Direct Access System

Windows 7 includes a new kind of VPN client designed for people on the road to maintain constant connectivity with the office. Microsoft used the new IPv6 protocol in its design of this feature but, as most networks are still not ready for IPv6, many communication links will inevitably be switched back to IPv4. The solution is rather more complicated than other VPN products on the market and swapping between protocols could weaken its overall security.

"Why should the secretary or the guy sitting there doing his accounts have to be an expert in whether XYZ application can access this arbitrary location in the registry."

James Lyne
Senior Technologist, Sophos


XP mode

The much talked about XP mode which will be included with Windows 7 is an attempt by Microsoft to play the security angle whilst delivering usability to a wider audience. However, Lyne believes this feature has an awkward chime of something dropped in at the end of the development programme. Furthermore he warns it could present a security threat to users who do not realise that the security measures of the host system will not necessarily apply to the virtual XP environment.

Lyne says: “People don’t realise that a virtual environment is like a whole computer. When you fire up XP mode there is a huge opportunity for hackers or malware to exploit these systems because people will forget to patch them and run antivirus software.”
 

© 2009 Montal Computer Services Ltd
Blackbrook House, Dorking Business Park,
Station Road, Dorking, Surrey. RH4 1HJ

To send us an email, click here

Return to main newsletter

Visit our website