Seven Security Myths of Windows 7
Network security is everyone's concern, and this applies to computer security as well. Many security breaches occur due to user ignorance of basic security principles, not malicious intent. Network and computer security are like an onion - there are multiple layers. Good security begins with understanding what you can do to keep your systems safe and implementing a layered approach. If you depend on one program or feature to secure your computer, then when (not if, but when) that dependency is breached, you may have personal information stolen or even have your computer taken over.
1. Windows 7 is Windows 7 when it comes to security features
Not all versions of Windows 7 are created equal. This can be confusing to home users and small businesses that do not have an Active Directory domain. Many features that you have heard about when it comes to improved security are only found in the more expensive editions. In fact, only the Ultimate and Enterprise editions contain all of the security features. The Professional edition does have Group Policy controls and Encrypting File System (EFS), but does not include AppLocker or BitLocker. The Home Premium version does not even have the reduced security features found in the Professional Edition. In short, you will have to pay more if you want the more advanced security features, so be careful to purchase the edition of Windows 7 that meets your security requirements. There is not a "one-size-fits-all" version of Windows 7, and there definitely is not an a la carte edition.
2. Do you myth the UAC (User Account Control)?
This may also be seen as the Principle of Least Privilege. In this principle, users or processes must be able to access only the information and resources required for their specific roles. In this case, we are looking at applying the least-privileged user account (LUA). Many home users are also members of the local administrators group, giving them complete access to the system. In most corporate environments, this is not a safe security practice. Granting administrative access - even on a local computer - can lead to numerous security vulnerabilities. The User Account Control (UAC) component can limit changes being made to a computer that require administrator level permission. The UAC will notify a user if a change is attempted and if the user is an administrator, than the user can click Yes to continue. If the user is not an administrator, than someone with an administrator account on the computer will have to enter their password for the user to continue. Relying solely on the UAC to provide security for changes to your system is an invitation to disaster - especially when UAC is turned off completely.
3. AppLocker, all you need to control software
Network administrators have Software Restriction Policies that can be implemented to control the behavior of software (what can or cannot run). AppLocker can extend the capabilities of Software Restriction policies. Now, an administrator can restrict or permit applications to run based on unique identities of files and to specify which users or groups can run these applications. With AppLocker, an administrator can control the type of applications that can run, which user or security group can run a program, create exceptions for programs, and even use PowerShell to control AppLocker. In short, AppLocker is a powerful utility for network administrators; it cannot replace a more comprehensive security model including a robust anti-virus program. Trojan programs can still be used to install malware on a system and users can be tricked into running other malware programs.
4. I can Bitlocker, can you?
BitLocker Drive Encryption is a feature available on Windows7 Enterprise and Windows 7 Ultimate (another myth-conception of Windows 7). BitLocker and BitLocker To Go provide another layer of security to limit the potential loss of data through the loss or theft of a computer. BitLocker To Go can be used to protect USB flash drives as well as external hard drives. Not all computers can use BitLocker or BitLocker To Go. To use BitLocker, the hard disk on the computer must have two partitions, the operating system and active system partition must be formatted with NTFS, and the BIOS must support Trusted Platform Module (TPM) 1.2, though there is an exception. If the computer does not have a TPM of 1.2 or higher, you can use a USB drive to store the encryption keys. While this is an excellent method to secure your data, BitLocker or BitLocker To Go should be used in conjunction with other security methods to control access to your data.
5. Where can you DirectAccess?
There is always a secure, remote connection for Windows 7 users. Well, sort of. You would need to configure DirectAccess to provide for a secure automatic remote connection. DirectAccess allows users of Windows 7 Enterprise and Ultimate editions to make remote direct connections to a Windows Server 2008 R2 (as well as Windows 8 Server and beyond) server without having to use a VPN connection. Currently, users must use a VPN connection in order to make a secure remote connection.