News

Security Changes Coming in Vista SP1

• By Jabulani Leffall
• 09/10/2007

Analysts say that while the security tweaks, which include improvements in encryption, kernel patch protection and programming interfaces, are nothing earth-shattering, they address some of the early concerns about Vista among some vendors and security administrators, concerns which include data integrity and security monitoring.

Here's a preview of the planned improvements:

BitLocker:

Microsoft's BitLocker encryption update is the first and most prominent of the projected security features to accompany SP1. BitLocker addresses the compromise of data through theft or accidentally losing a computer device such as a USB key. Through the BitLocker control panel, SP1 users will be able to manage and configure drive encryption for disk volumes beyond the standard OS volume. Users with complex and intricate storage set up on their internal hard disk, or across multiple hard drives, can now be protected with BitLocker. The previous version had less comprehensive encryption coverage, addressing limited data volume.

Kernel Patch Protection:

On the eve of Vista's release, Microsoft wanted to preserve OS integrity by blocking access to the Windows kernel through its PatchGuard feature. This led to criticism from the European Commission, and Microsoft eventually agreed to provide better kernel access by making code modifications that would allow outsiders to use the kernel.

To extend that commitment and pacify the EU and other software firms such as McAfee and Symantec, SP1 will include the first set of supported APIs that allow third-party software and malicious software detection programs to work alongside Windows Kernel Patch Protection on 64-bit versions of Vista.

The programming interfaces are designed to help administrators develop software that extends the functionality of the Windows kernel, with provisions for version control and tracking, all without having to disable Kernel Patch Protection during the installation of unique, customized security dashboards.

Windows Security Center:

Since the inception of XP SP2, users and administrators have used Windows Security Center (WSC) to view the status of computer security settings and services. An issue with WSC is that it doesn't play well with others, but an SP1 upgrade alleviates that problem by allowing third-party security applications to better communicate and integrate with the OS.

The other big WSC change is in handling unverified applications. WSC will provide current status updates for software that isn't compatible with Vista SP1 for 90 days after SP1 is installed. After that time, Windows Security Center will report the application's status as "yellow", indicating that Windows Security Center can neither verify the app's compatibility nor ensure the security status of the application. Any number of reasons can cause a yellow warning, including but not limited to incomplete downloads or installation, failure to initialize or the need for an application update.

Being able to view the status of any given application will allow security personnel to see what is and isn't working security wise on the system, as well as monitor user account control. For admins, it means the ability to limit certain applications to specified users. For instance, security admins can use WSC to see how well -- or even if -- programs such as Norton AntiVirus or other non-Windows software are operating in concert with Vista, or interfering with smooth OS operation and causing system slowdowns and crashes.

Some critics believe that despite these changes, Windows Security Center is still merely detective, rather than preventative. In other words, a pop-up that suggests a required update on a software firewall or anti-virus application is entirely different from a program that keeps malicious agents at bay or scans and cleans viruses.

Neil MacDonald, Vice President of Gartner Research and a Gartner Fellow of Information Security, said these security changes, as well as those for SP1 as a whole, may placate some Vista users, but that Microsoft still has bigger fish to fry.

"The real question is 'Does this change the equation for businesses that haven't migrated to Vista yet?', and the answer to that is no," MacDonald said. "It's still a cost issue and we have to see what actually happens when (SP1) is released. It's getting harder and harder for Microsoft to compel users. Linux isn't the real threat, the threat lies within Microsoft's own install base. They have to make things a 'must-use' again."