I haven’t posted in a while – I was preparing for and attending Gartner’s US Fall Symposium conference in Orlando which wrapped up yesterday. Coincidentally, yesterday was also the official launch of Windows 7.
As I talked about here, there are things that organizations can do today to improve the security of their endpoints that don’t require an upgrade to Windows 7.
However, there are a LOT of new and improved security capabilities with Windows 7. Some are completely new – like AppLocker and BitLocker To Go. Others are improved over what shipped with Windows Vista (like BitLocker), but are new to XP users.
The full Gartner research note on Planning for the Security Features of Windows 7 has just published. In the research note, I look at most of the security capabilities of Windows 7, discuss their pros and cons as well as recommendations for deployment. If you are a Gartner client and planning on deploying Windows 7 (which will be just about every organization given how few actually deployed Vista), this document will be useful guide for testing and planning.
Here’s a list of the prioritized features discussed in the note (I’m sure there are more, these are the major ones that I get questions on):
- User Account Control
- BitLocker To Go
- Internet Explorer Version 8 Security
- Windows Services Hardening
- Windows Firewall
- ASLR, DEP and Safe Unlinking
- USB Device Control
- Kernel Patch Protection (formerly called PatchGuard) and Signed Device Drivers With 64-Bit Windows 7
- Network Access Protection
- Windows Defender
- Domain Name Systems Security Extensions Support
- Windows Audit Function
- Rights Management Services Client
One important note: Because many of the more popular security features such as BitLocker, BitLocker To Go, AppLocker, DirectAccess and so on require EA/SA, the cost of EA/SA must be factored into any cost-benefit analysis of migration. If you don’t already have EA/SA, this can be a significant expense.