[PCWorld]

Post your comments for Windows 7 Security Features Get Tough here

[Evildave]

1. Fingerprint scanners won't fix network and autorun problems. It's just a quicky way to authenticate, and could probably be spoofed with a fingerprinting kit, a scanner and a laser printer. Lift print off coffee mug, scan it, photoshop it, print it, swipe it over fingerprint reader. Boop! You're in. That's MUCH quicker than cracking a 12 letter password with case, numbers and symbols.
2. Bitlocker probably won't be on the 'home' version, which are the most mal-configured and unpatched systems, that breed those worms so prolifically.
3. Applocker won't be on the 'home' version, either.
4. Action Center is just another version of the annoying 'shield', with lots of things you were familiar with opening in other places MOVED and buried in some sub-menu within this.
5. UAC 'slider' doesn't do anything about people just dismissing the pop-ups, and it still gives malware the keys to the WHOLE kingdom if you swat it away. There is no UAC 'you may install a web plugin, and ONLY a web plugin' level. So many things happen 'automatically' to Windows users that they rarely have any context to make a good decision about security. Did they really WANT to install a web browser plugin just now (and a key logger and a BOT net node)?
6. 'Windows Defender' is just more evidence that Windows isn't secure. If it's already in the system to be found, it's already too late, because it already got through and did its damage.
7. WFP will give malware writers an extra tool to kick ports open, too.
8. DNSSEC sounds good... I wonder how well it will ACTUALLY work?
9. DirectAccess sounds like a real black hole. "You don't need VPN - you need Microsoft's universal black box instead - see how secure having one version of software running on everything has worked for security so far?"
10. BranchCache is also something that won't be in the home version.
So, all in all, it looks like mostly small changes that are debatable as improvements for the corporate customers, but the home users will be left in the dark.
Well, just so long as they BELIEVE they are more secure, well, that meets Microsoft's marketing goal, doesn't it?

[JaywalkerExtraordinaire]

{quote}1. Fingerprint scanners won't fix network and autorun problems. It's just a quicky way to authenticate, and could probably be spoofed with a fingerprinting kit, a scanner and a laser printer. Lift print off coffee mug, scan it, photoshop it, print it, swipe it over fingerprint reader. Boop! You're in. That's MUCH quicker than cracking a 12 letter password with case, numbers and symbols.{quote}

Why do you Linux geeks have to make things so damn hard? Just lift the fingerprint from the same computer your trying to break into. I'd check the left mouse button first. There's no need to have to mess with the user's coffee cup. Besides, your way leaves you SOL if the user left the computer to get more coffee!

Seriously, I agree that fingerprint readers are not a substitute for strong passwords. They might protect a computer in the office while a user refills their coffee cup, but they offer no more real security than a locking the doors on a convertible with the top down.

[Stringer52]

As a casual observer of the business IT security world, the only thing I can do is sigh and say, "It never ends, does it?" The race to build a better mousetrap before someone builds a better mouse. It must take one of those tree charts to show "OK, you can access this, but not this. You need a password for this and this, which is connected to only this and that server. You can run this app from this computer, but not that one. This will install images on this computer and that computer but not another computer." I don't envy the IT people.

[yexqazpukbasa]

Here is a quote from the article: "Microsoft says that Windows 7 will be faster and easier to roll out across an enterprise than previous OS migrations were." As usual, Microsoft wants to make such stuff easy and convenient for its corporate customers. That's exactly the sort of thinking that has always led to Microsoft building in all sorts of back doors to the OS. Microsoft gets heavily lobbied by major corporations that want their IT departments to very easily remotely configure the corporation's desktop computers. That saves a corporation a lot money because it greatly reduces labor in the IT department. Meanwhile we all get screwed by the huge security holes that such thinking leads to. And my quote from the article seems to indicate that security holes will continue to be present in Windows 7. Of course, Microsoft has no compelling reason to worry about security in its operating systems. Indeed, when you have a monopoly, you don't have to worry too much about anything.

[TechieXP]

Eveildave...don't you think those types of features would be to complex for a typical home user? And since a home user won't be connecting to an office network what is the point of having them anyway. If he needs that type of access, then he will ave the version that gives him the ability. And if he is using a corporate laptop, those features would be pre-configured. I dont think MS is leaving home users in the dark. Also programs that have network features use very high resources. Since home users always try to buy cheaper less highly spec'd system, it will only create a slow experience and users will be complaining their pc is to slow. evn if you don't use them, if they are on they still use teh same resources. if they aren't there problem is solved. And if users just get McAfee or Norton they will be fine. They dont need more then that. And when programs warn you about an infection, it doesn't mean it had already done its job. The warning is it was prevented from trying to do its job. Again looks like you simply view this blog to bash every single feature of Windows.

[coolgames]

@Evildave:
Those features you are referring to won't be needed by a home user, so why would they be included in the 'home' version? If they really need them, then they can buy the more advanced version of 7.
Usually, fingerprint authentication is used alongside a password for a double layer of security. It would be pretty stupid to use only a fingerprint scanner.
As for the action center, why would you want to search all over the control panel to make sure common features are enabled? Backup, defender, antivirus, firewall, etc. It's actually very nice to go to one location and be able to see that all the important features are enabled and up to date.
Windows defender does just that, defend against invasion. It's there to make sure viruses don't get installed in the first place. Who said that there is a virus already on the computer?

[uric3]

Well They are correct about one thing. You can spoof a finger print by just having a printed out copy of it. Proven on a Mythbusters episode. As a IT professional I'll have to see the improvements for my self in 7. I have Vista Ultimate on my laptop at home and I must say I just don't like it for various reason. However I will refrain from getting technical... however if what I read is true about 7 having the Vista Kernel etc just with a new GUI face lift and a few other features I'll not be to happy. However, I'll have to deal with it seeing I'll have to implement it at work since we can't stay on XP forever.

[Evildave]

Some of you miss the entire point I have been trying to make.
Most of these 'new security features' won't do a damned thing for the public at large running the 'home' version of Windows, because they won't even be present.
Even if they are present, it's by no means a foregone conclusion they'll improve anything for security. Probably one or more will be the source of nasty new security holes.
They are only new features thrown randomly at the security problem to lull the public into believing Windoze 7 will be an improvement.
Basically, it's more of the status quo. Stir up the UI so existing Windoze lusers can't find the things they NEEDED to configure their computer, then ship the same thing as before with all the back doors propped open for worms and viruses to exploit. I'll believe that Windoze is secure when Symantec and AVG and all the others go out of business because it's abundantly obvious they're not needed by anyone.
Dream on.
Oh, and I'm not a Mac user, either. Look more closely at the icon.
I haven't run Windoze 7, and I'm significantly less likely to do so than I am to load up Amiga OS or TOS, or DOS because Windows is a dinosaur, and I'm skeptical of anything the Beast of Bellevue (or Reek of Redmond) says about their long line of failures they call an 'OS'.
Kthxbye.

[olddave208]

Mr evildave,a simple question, do you work for microsoft? If you don't, then how the hell do you know what apps will be on what versions. If you are flamboyant, why don't you dream up a number on the lottery, and start your own computer company. We could then buy YOUR computer and software, and have the best on earth. I run seven different flavors of software, when I need to get something done, I use microsoft. It works, its fast, one does not have to constantly fiddle with settings to make it work. You should stick with playing on line games, and let the heavy lifting of the world to the people who actually use computers for work instead of spam. Before you call people names, you should take a LONGGGGGGGG look in a mirror, you may not like what you see. Gates did what you will never be able to even dream, he changed the world.

[bbvammy]

I like Microsoft. Microsoft create jobs. Jobs for Anti-This, Anti-That and Anti-Hackers. Linux is boring. Linux is so boring that I actually have to work. I should have stay in XP, Vista or Win7 so I can tell my IT guys that I can't work because of the worms. sad

[mphenterprises]

Okay everyone. Can we please real this back in? This Discussion is related to the Windows 7 article. Please keep all posts in line with that topic. Feel free to post references to other Operating Systems in other Discussions.

[technicaljedi721]

If you didn't pay attention, Windows 7 beta was properly coded against the Conflicker worm. The problem was like in the previous worms, that Users DON'T PATCH OR UPDATE THEIR MACHINES!
Lazy users and uneducated consumers who don't learn to take care of this kind of investment.

If users were more proactive in maintaining their machines, most of the viruses wouldn't do squat. That falls often with lazy IT professionals who don't test and patch/update with a sense of urgency. Cracker's, hacker's and code writer's don't take a day off. Yet we have Linux marks like Evil Dave blaiming Microsoft when Users are to blame for not taking "Personal Responsibility."

Windows 7 is a much more improved security profile along with a Security Development lifecycle. Unlike Leopard, in which theats against that OS are increasing and improving. Windows 7 is looking foward to tackle some of these issues.

So far in my use of Windows 7, there is a tremendous sense of security being addressed. However, if users don't learn to patch/upgrade, run antivirus/anti-malware sweeps, then all of this is a moot point. Even Mac Users need to do the same, because the threats are evolving as Mac's gain marketshare.