- Great Painters
- Accounting
- Fundamentals of Law
- Marketing
- Shorthand
- Concept Cars
- Videogames
- The World of Sports

- Blogs
- Free Software
- Google
- My Computer

- PHP Language and Applications
- Wikipedia
- Windows Vista

- Education
- Masterpieces of English Literature
- American English

- English Dictionaries
- The English Language

- Medical Emergencies
- The Theory of Memory
- The Beatles
- Dances
- Microphones
- Musical Notation
- Music Instruments
- Batteries
- Nanotechnology
- Cosmetics
- Diets
- Vegetarianism and Veganism
- Christmas Traditions
- Animals

- Fruits And Vegetables


  1. Architecture of Windows NT
  2. AutoPlay
  3. Bill Gates
  4. BitLocker Drive Encryption
  5. Calibri
  6. Cambria
  7. Candara
  8. Chess Titans
  9. ClearType
  10. Consolas
  11. Constantia
  12. Control Panel
  13. Corbel
  14. Criticism of Windows Vista
  15. Dashboard
  16. Desktop Window Manager
  17. Development of Windows Vista
  18. Digital locker
  19. Digital rights management
  20. Extensible Application Markup Language
  21. Features new to Windows Vista
  22. Graphical user interface
  23. Group Shot
  24. ImageX
  25. INI file
  26. Internet Explorer
  27. Internet Information Services
  28. Kernel Transaction Manager
  29. List of Microsoft software codenames
  30. List of Microsoft Windows components
  31. List of WPF applications
  32. Luna
  33. Mahjong Titans
  34. Meiryo
  35. Microsoft Assistance Markup Language
  36. Microsoft Expression Blend
  37. Microsoft Expression Design
  38. Microsoft Gadgets
  39. Microsoft Software Assurance
  40. Microsoft Virtual PC
  41. Microsoft Visual Studio
  42. Microsoft Windows
  43. Microsoft Windows Services for UNIX
  44. MS-DOS
  45. MSN
  46. MUI
  47. Object manager
  48. Operating system
  49. Original Equipment Manufacturer
  50. Outlook Express
  51. Peer Name Resolution Protocol
  52. Protected Video Path
  53. Purble Place
  54. ReadyBoost
  55. Recovery Console
  56. Remote Desktop Protocol
  57. Security and safety features of Windows Vista
  58. Segoe UI
  59. User Account Control
  60. WIM image format
  61. Windows Aero
  62. Windows Anytime Upgrade
  63. Windows Calendar
  64. Windows CE
  65. Windows Communication Foundation
  66. Windows Disk Defragmenter
  67. Windows DreamScene
  68. Windows DVD Maker
  69. Windows Explorer
  70. Windows Fax and Scan
  71. Windows Forms
  72. Windows Fundamentals for Legacy PCs
  73. Windows Hardware Engineering Conference
  74. Windows Live
  75. Windows Live Gallery
  76. Windows Live Mail Desktop
  77. Windows Mail
  78. Windows Media Center
  79. Windows Media Player
  80. Windows Meeting Space
  81. Windows Mobile
  82. Windows Movie Maker
  83. Windows Photo Gallery
  84. Windows Presentation Foundation
  85. Windows Registry
  86. Windows Rights Management Services
  87. Windows Security Center
  88. Windows Server Longhorn
  89. Windows Server System
  90. Windows SharePoint Services
  91. Windows Shell
  92. Windows Sidebar
  93. Windows SideShow
  94. Windows System Assessment Tool
  95. Windows System Recovery
  96. Windows Update
  97. Windows Vienna
  98. Windows Vista
  99. Windows Vista editions and pricing
  100. Windows Vista Startup Process
  101. Windows Workflow Foundation
  102. Windows XP
  103. Windows XP Media Center Edition
  104. XML Paper Specification
  105. Yahoo Widget Engine

This article is from:

All text is available under the terms of the GNU Free Documentation License: 

Security and safety features new to Windows Vista

From Wikipedia, the free encyclopedia

(Redirected from Security and safety features of Windows Vista)

There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

Beginning in early 2002 with Microsoft's announcement of their Trustworthy Computing initiative, a great deal of work has gone into making Windows Vista a more secure operating system than its predecessors. Internally, Microsoft adopted a "Security Development Lifecycle"[1] with the underlying ethos of, "Secure by design, secure by default, secure in deployment". New code for Windows Vista was developed with the SDL methodology, and all existing code was reviewed and refactored to improve security.

Some specific areas where Windows Vista introduces new security and safety mechanisms include User Account Control, parental controls, Network Access Protection, a built-in anti-malware tool, and new digital content protection mechanisms.

But new vulnerabilities have already been found, some of which are still not fixed, according to security websites Secunia and SecurityFocus.[1][2]

User Account Control

Main article: User Account Control
A dialog box prevents the program from running without the permission of the user
A dialog box prevents the program from running without the permission of the user

User Account Control is a new infrastructure that requires user consent before allowing any action that requires administrative privileges. With this feature, all users, including users with administrative privileges, run in a standard user mode by default, since most applications do not require higher privileges. When some action is attempted that needs administrative privileges, such as installing new software or changing system settings, Windows will prompt the user whether to allow the action or not. If the user chooses to allow, the process initiating the action is elevated to a higher privilege context to continue. While standard users need to enter a username and password of an administrative account to get a process elevated (Over-the-shoulder Credentials), an administrator can choose to be prompted just for consent or ask for credentials.

UAC asks for credentials in a Secure Desktop mode, where the entire screen is faded out and temporarily disabled, to present only the elevation UI. This is to prevent spoofing of the UI or the mouse by the application requesting elevation. Any application requesting elevation has to have focus before the switch to Secure Desktop occurs. Else its taskbar icon blinks, and when focussed, the elevation UI is presented. Since the Secure Desktop allows only highest privilege System applications to run, no user mode application can present its dialog boxes, so any prompt for elevation consent can be safely assumed to be genuine. Additionally, they can also help protect against shatter attacks, which intercept Windows inter-process messages to run malicious code or spoof the user interface, by preventing unauthorized processes from sending messages to high privilege processes. Any process that wants to send a message to a high privilege process must get itself elevated to the higher privilege context, via UAC.

Many applications break for standard users (non-admins) today because they attempt to write to protected areas that the standard user does not have access to. UAC will improve application compatibility for these users by redirecting writes (and subsequent reads) to a per-user location within the user’s profile. For example, if an application attempts to write to “C:\program files\appname\settings.ini” and the user doesn’t have permissions to write to that directory, the write will get redirected to “C:\Users\username\AppData\Local\VirtualStore\Program Files\appname\.” To make it easier to find these redirected files has been added a new button to Windows Explorer. If there is a virtualized version of a file related to the current directory, a Compatibility Files button appears that will take you to the virtual location to view that file.

Windows Defender

Windows Defender running on Windows Vista
Windows Defender running on Windows Vista
Main article: Windows Defender

Windows Vista includes Windows Defender, Microsoft's anti-spyware utility. According to Microsoft, it was renamed from 'Microsoft AntiSpyware' because it not only features scanning of the system for spyware, similar to other free products on the market, but also includes Real Time Security agents that monitor several common areas of Windows for changes which may be caused by spyware. These areas include Internet Explorer configuration and downloads, auto-start applications, system configuration settings, and add-ons to Windows such as Windows Shell extensions.

Windows Defender also includes the ability to easily remove ActiveX applications that are installed. It also incorporates the SpyNet network, which allows users to communicate with Microsoft, send what they consider is spyware, and check what applications are acceptable.


Parental controls

Parental controls control panel
Parental controls control panel

Windows Vista includes a range of parental controls. An administrator can apply parental control restrictions to other users on the computer. Facilities include:

  • Web content blocking, including the ability to limit web browsing to "kids websites", as well as blocking particular categories of content such as "Pornography", "Drugs", "Web e-mail", "Web chat", and so on. File downloads may also be disabled.
  • Time limitations on when the account may be used
  • Restrictions on what kind of games may be played. An administrator may choose from one of five different game rating services: ESRB (United States and Canada), PEGI (Europe), USK (Germany), OFLC (Australia and New Zealand), CERO (Japan). Ratings are used to determine the highest allowed game rating. As with web content blocking, a number of categories of content may also be blocked regardless of game ratings.
  • Restrictions on what programs may be executed
  • Activity reports to monitor what was done under Parental Controls

Preventing exploits

Windows Vista uses Address Space Layout Randomization (ASLR) to load system files at random addresses in memory.[2] By default, all system files are loaded randomly at any of the possible 256 locations. Other executables have to specifically set a bit in the header of the PE file, which is the file format for Windows executables to use ASLR. For such executables, the stack and heap allocated is randomly decided. By loading system files at random addresses, it becomes harder for malicious code to know where privileged system functions are located, thereby making it unlikely for them to predictably use them. This helps prevent most remote execution attacks by preventing Return-to-libc attacks.

The Portable Executable format has been updated to support embedding of exception handler address in the header. Whenever an exception is thrown, the address of the handler is verified with the one stored in the executable header. If they match, the exception is handled, otherwise it indicates that the run-time stack has been compromised, and hence the process is terminated.

Function pointers are obfuscated by XOR-ing with a random number, so that the actual address pointed to is hard to retrieve. So would be to manually change a pointer, as the obfuscation key used for the pointer would be very hard to retrieve. Thus, it is made hard for any unauthorized user of the function pointer to be able to actually use it. Also metadata for heap blocks are XOR-ed with random numbers. In addition, check-sums for heap blocks are maintained, which is used to detect unauthorized changes and heap corruption. Whenever a heap corruption is detected, the application is killed to prevent successful completion of the exploit.

Windows Vista binaries include intrinsic support for detection of stack-overflow. When a stack overflow in Windows Vista binaries is detected, the process is killed so that it cannot be used to carry on the exploit. Also Windows Vista binaries place buffers higher in memory and non buffers, like pointers and supplied parameters, in lower memory area. So to actually exploit, a buffer underrun is needed to gain access to those locations. However, buffer underruns are much less common than buffer overruns.

Windows Vista also uses processor-enforced Data Execution Prevention on all processes to mark some memory pages as non-executable data segments (like the heap and stack), and subsequently any data is prevented from being interpreted and executed as code. This prevents exploit code from being injected as data and then executed. Though DEP was present in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, its enforcement has been made stricter[verification needed] in Windows Vista.

DEP is still not enforced for all applications by default in Vista and is only turned on for critical system components. When a user turns on DEP for all applications they can gain additional resistance against zero-day exploits. Some applications will generate DEP exceptions and Windows XP SP2 would give you an easy way to create an application exception during runtime if an application violates DEP but it's possible that this could be social engineered. Vista seems to lack this ability to make on-the-fly exceptions to DEP and a user would have to manually create one.

Digital Rights Management

Microsoft is introducing a number of Digital Rights Management and content-protection features in Windows Vista, to help digital content providers, corporations, and end-users protect their data from being copied.

  • PUMA: Protected User Mode Audio (PUMA) is the new User Mode Audio (UMA) audio stack. Its aim is to provide an environment for audio playback that restricts the copying of copyrighted audio, and restricts the enabled audio outputs to those allowed by the publisher of the protected content.[3]
  • Protected Video Path - Output Protection Management (PVP-OPM) is a technology that prevents copying of protected digital video streams, or their display on video devices that lack equivalent copy protection (typically HDCP). Microsoft claims that without these restrictions the content industry may prevent PCs from playing copyrighted content by refusing to issue license keys for the encryption used by HD DVD, Blu-Ray Disc, or other copy-protected systems.[3]
  • Protected Video Path - User-Accessible Bus (PVP-UAB) is similar to PVP-OPM, except that it applies encryption of protected content over the PCI Express bus.
  • Rights Management Services (RMS) support, a technology that will allow corporations to apply DRM-like restrictions to corporate documents, email, and intranets to protect them from being copied, printed, or even opened by people not authorized to do so. MSN Spaces will also offer an open RMS server that home users and smaller businesses can use to extend this ability to their own documents.[citation needed]

These features have been criticised by some as more restrictive than useful for the user.

Application isolation

Windows Vista introduces Mandatory Integrity Control to set integrity levels for processes. A low integrity process can not access the resources of a higher integrity process. This feature is being used to enforce application isolation, where applications in a medium integrity level, such as all applications running in the standard user context can not hook into system level processes which run in high integrity level, such as administrator mode applications but can hook onto lower integrity processes like Windows Internet Explorer 7. A lower privilege process cannot perform a window handle validation of higher process privilege, cannot SendMessage or PostMessage to higher privilege application windows, cannot use thread hooks to attach to a higher privilege process, cannot use Journal hooks to monitor a higher privilege process and cannot perform DLL–injection to a higher privilege process.

Service hardening

A new security feature called Windows Service Hardening prevents Windows services from doing operations on file systems, registry or networks[4] which they are not supposed to, thereby preventing entry of malware by piggybacking on system services. Services are now assigned a per-service Security identifier (SID), which allows controlling access to the service as per the access specified by the security identifier. Services can also use access control lists (ACL) to prevent external access to resources private to itself. Services in Windows Vista also run in a less privileged account such as Local Service or Network Service, instead of the System account. Services will also need explicit write permissions to write to resources, on a per-service basis. Only those resources which have to be modified by a service give it write access. So trying to modify any other resource fails. Services will also have pre-configured firewall policy, which gives it only as much privilege as is needed for it to function properly. Independent software vendors can also use Windows Service Hardening to harden their own services.

Network Access Protection

Network Access Protection (NAP), which makes sure that computers connecting to a network or communicating over a network conform to a required level of system health as has been set by the administrator of the network, has been upgraded significantly in Windows Vista. Depending on the policy set by the administrator, the computers which do not meet the requirements will either be warned and granted access or allowed a limited access to network resources or completely denied access. NAP can also optionally provide software updates to a non-compliant computer to upgrade itself to the level as required to access the network, using a Remediation Server. A conforming client is given a Health Certificate, which it then uses to access protected resources on the network.

A Network Policy Server, running Windows Server "Longhorn" acts as health policy server and clients need to use Windows Vista or better. A VPN server, RADIUS server or DHCP server can also act as the health policy server.

Authentication and logon

Graphical identification and authentication (GINA), used for secure authentication and interactive logon has been replaced by Credential Providers. Combined with supporting hardware, Credential Providers can extend the operating system to enable users to logon through biometric devices (fingerprint, retinal, or voice recognition), passwords, PINs and smart card certificates, or any custom authentication package and schema third party developers wish to create. Enterprises may develop, deploy, and optionally enforce custom authentication mechanisms for all domain users. Credential Providers may be designed to support Single sign-on (SSO), authenticating users to a secure network access point (leveraging RADIUS and other technologies) as well as machine logon. Credential Providers are also designed to support application-specific credential gathering, and may be used for authentication to network resources, joining machines to a domain, or to provide administrator consent for User Account Control. Fast User Switching which was limited to workgroup computers on Windows XP, can now also be enabled for computers joined to a domain, starting with Windows Vista.

Crypto NexGen

Crypto NexGen (CNG), is an update to the Crypto API, featuring support for plugging in custom cryptographic APIs into the CNG runtime. Also, CNG will support Elliptic Curve Cryptography. The CNG API will also integrate with the smart-card subsystem by including a Base Smart Card Cryptographic Service Provider (Base CSP) module which encapsulates the smart card API. Smart card manufacturers just have to make their devices compatible with this, rather than provide a from-scratch solution.

x86-64 -specific features

  • Data Execution Prevention (DEP) uses only the NX-bit support in processors, with no fallback software emulation. This ensures that the less effective software-enforced DEP (which is only safe exception handling) is not used. In 32 bit versions, however, software-enforced DEP is an option.
  • An upgraded Kernel Patch Protection, also referred to as PatchGuard, prevents third-party software, including kernel-mode drivers from modifying the kernel, or any data structure used by the kernel, in any way; if any modification is detected, the system is shutdown. This mitigates a common tactic used by rootkits to hide themselves from user-mode applications.[5] PatchGuard was first introduced in the x64 edition of Windows Server 2003 Service Pack 1, and was included in Windows XP Professional x64 edition.
  • Code Integrity check-sums signed code. Before loading system binaries, it is verified against the check-sum to ensure it has not modified. The binaries are verified by looking up their signatures in the system catalogs

Other features

A number of specific changes have been made:

  • Windows Resource Protection prevents "potentially damaging system configuration changes",[6] by preventing change to system files and settings by any process other than Windows Installer. Also changes to registry by unauthorized software are blocked.
  • Protected-Mode IE: Internet Explorer is a low integrity process, it cannot gain write access to files and registry keys in a user's profile, protecting the user from malicious content and security vulnerabilities, even in ActiveX controls.
  • Windows Firewall has been upgraded to support outbound packet filtering and full IPv6 support. A new MMC-based interface has been introduced which offers much more advanced control over the firewall.[7]
  • Network Location Awareness integration with the Windows Firewall. All newly connected networks gets defaulted to "Public Location" which locks down listening ports and services. If a network is marked as trusted, windows remembers that setting for the future connections to that network.
  • Session 0 Isolation: Previous versions of Windows ran System services in the same login session as the locally logged-in user (Session 0). In Windows Vista, Session 0 is now reserved for these services, and all interactive logins are done in other sessions.[8] This is intended to help mitigate a class of exploits of the Windows message-passing system, known as Shatter attacks.
  • Full support for the "NX" (No-Execute) feature of modern processors. This feature, present as NX (EVP) in AMD's AMD64 processors and as XD (EDB) in Intel's processors, can flag certain parts of memory as containing data instead of executable code, which prevents overflow errors from resulting in arbitrary code execution. This feature was introduced in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1.
  • Address Space Layout Randomization (ASLR) to prevent Return-to-libc buffer overflow attacks.
  • BitLocker Drive Encryption. Formerly known as "Secure Startup", this software utilizes a Trusted Platform Module (compliant with the 1.2 version of the TCG specifications) to improve PC security. It ensures that the PC running Windows Vista starts in a known-good state, and it also protects data from unauthorized access through full volume encryption.[9] Data on the volume is encrypted with a Full Volume Encryption Key (FVEK), which is further encrypted with a Volume Master Key(VMK) and stored on the disk itself.
  • Windows Vista can use Smart Cards or Smart Card/Password combo for user authentication.
  • Windows Vista can use smart cards to store Encrypting File System (EFS) keys. This makes sure that encrypted files are accessible only as long as the smart card is physically available.
  • User-Mode Driver Framework prevents drivers from directly accessing the kernel but instead access it through a dedicated API. This new feature is important because a majority of system crashes can be traced to improperly installed third-party device drivers.[10]

See also

  • Computer security


  1. ^ Steve Lipner, Michael Howard (March, 2005). The Trustworthy Computing Security Development Lifecycle. Microsoft Developer Network. Retrieved on 2006-02-15.
  2. ^ Michael Howard (May 26, 2006). Address Space Layout Randomization in Windows Vista. Microsoft. Retrieved on 2006-05-26.
  3. ^ a b Output Content Protection and Windows Vista. WHDC. Microsoft (April 27, 2005). Retrieved on 2006-04-30.
  4. ^ Windows Vista Security and Data Protection Improvements – Windows Service Hardening. TechNet. Microsoft (June 1, 2005). Retrieved on 2006-05-21.
  5. ^ Field, Scott (2006-08-11). An Introduction to Kernel Patch Protection. Windows Vista Security blog. MSDN Blogs. Retrieved on 2006-08-12.
  6. ^ Windows Vista Management features
  7. ^ The January 2006 issue of The Cable Guy covers the new features and interfaces in Windows Firewall in greater detail.
  8. ^ Impact of Session 0 Isolation on Services and Drivers in Windows Vista covers Windows Vista's session isolation changes.
  9. ^ Windows Vista Beta 2 BitLocker Drive Encryption Step-by-Step Guide. Microsoft TechNet (2005). Retrieved on 2006-04-13.
  10. ^ (2007). Windows Vista Ultimate Review=. Retrieved on 2007-01-31.

External links

  • Vulnerability Report: Microsoft Windows Vista including known unpatched vulnerabilities from Secunia
  • Vista vulnerabilities from SecurityFocus
Retrieved from ""
  • Article
  • Discussion
  • Edit this page
  • History
Personal tools
  • Sign in / create account
  • Main page
  • Community portal
  • Current events
  • Recent changes
  • Random article
  • About Wikipedia
  • Contact us
  • Make a donation
  • Help
  • What links here
  • Related changes
  • Upload file
  • Special pages
  • Printable version
  • Cite this article