Windows 7 security enhanced for mobile workers

Microsoft Corp. is hoping the mobile worker will take advantage of easier-to-use enhanced security features in its Windows 7 operating system to access the corporate network and share data on removable devices.

The new operating system, currently in beta and set for a 2010 release, aims to solve real world IT problems regarding portable security in the mobile workforce, and builds upon lessons learnt from its predecessor, Windows Vista, said Paul Cooke, director of Windows client security with the Redmond, Wash.-based software giant.

"Windows 7 retains all the security goodness that we put into Windows Vista and as a result it builds upon those foundations," said Cooke, "But we've also learned a lot in the Windows Vista timeframe."

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Microsoft Corp. is hoping the mobile worker will take advantage of easier-to-use enhanced security features in its Windows 7 operating system to access the corporate network and share data on removable devices.

The new operating system, currently in beta and set for a 2010 release, aims to solve real world IT problems regarding portable security in the mobile workforce, and builds upon lessons learnt from its predecessor, Windows Vista, said Paul Cooke, director of Windows client security with the Redmond, Wash.-based software giant.

"Windows 7 retains all the security goodness that we put into Windows Vista and as a result it builds upon those foundations," said Cooke, "But we've also learned a lot in the Windows Vista timeframe."

Among those lessons is the fact that users were irritated by the "high number" of User Account Control (UAC) prompts in the platform, choosing instead to turn off the functionality -- that manages user privileges -- resulting in a loss of some security features.

Cooke said that, after a review of the top prompters in Windows Vista, 16 points of prompting were "tweaked, reduce, or removed entirely" meaning that now, users of Windows 7 can, for instance, receive updates to their machine "quickly and easily" without being prompted.

Microsoft expects a 29 per cent decrease in UAC prompts in the new operating system compared to Windows Vista, thereby fulfilling the goal of better security coupled with ease of use.

According to Michael Cherry, research vice-president of operating systems with Kirkland, Wash.-based research firm Directions on Microsoft, the reduction in prompts is a definite value-add, but simplifying the experience can also be a "double-edged sword."

Cherry's concern is that most users don't know how to inspect incident logs to ascertain whether their systems are in danger, thereby making a decreased number of prompts "a tough call."

Windows 7 enhancements also include new features for the mobile worker including DirectAccess to create "secure bi-directional tunnels" with access authentication and encrypted communication between a mobile machine and the corporate network "whether they're in the office, at home, or travelling on business half way around the world," said Cooke.

Describing the ease of use as "no harder to use than just logging in," Cooke said road warriors will feel encouraged to connect to the corporate network more often than they otherwise would. And, that's a definite benefit to the IT department who relies on users to frequently connect in order to keep all machines patched and up-to-date.

Another new feature for the mobile worker is BitLocker-to-Go. Based on BitLocker Drive Encryption introduced in Windows Vista, those authentication and data encryption capabilities are now extended to portable media devices like USB drives. "This is important given the fact that more USB devices today are sold in comparison to laptops or PCs in the marketplace," said Cooke.

In fact, there are more instances of misplaced removable media devices containing confidential data today than there are of misplaced laptops, he said, citing an admission in 2008 by the U.K. Ministry of Defense of about 100 lost USB devices over the past five years that held confidential data. Windows 7 affords an organization the peace of mind that, Cooke said, "if it falls into the wrong hands, it can't be misused."