Main article: Security and safety features new to Windows Vista
Improved security was a primary design goal for Vista. Microsoft's Trustworthy Computing initiative, which aims to improve public trust in its products, has had a direct effect on its development. This effort has resulted in a number of new security and safety features.
User Account Control, or UAC is perhaps the most significant and visible of these changes. UAC is a security technology that makes it possible for users to use their computer with fewer privileges by default, with a view to stopping malware from making unauthorized changes to the system. This was often difficult in previous versions of Windows, as the previous "limited" user accounts proved too restrictive and incompatible with a large proportion of application software, and even prevented some basic operations such as looking at the calendar from the notification tray. In Windows Vista, when an action is performed that requires administrative rights (such as installing/uninstalling software or making system-wide configuration changes), the user is first prompted for an administrator name and password; in cases where the user is already an administrator, the user is still prompted to confirm the pending privileged action. Regular use of the computer such as running programs, printing, or surfing the Internet does not trigger UAC prompts. User Account Control asks for credentials in a Secure Desktop mode, in which the entire screen is dimmed, and only the authorization window is active and highlighted. The intent is to stop a malicious program misleading the user by interfering with the authorization window, and to hint to the user the importance of the prompt.
Testing by Symantec Corporation has proven the effectiveness of UAC. Symantec used over 2,000 active malware samples, consisting of backdoors, keyloggers, rootkits, mass mailers, trojan horses, spyware, adware, and various other samples. Each was executed on a default Windows Vista installation within a standard user account. UAC effectively blocked over 50 percent of each threat, excluding rootkits. 5 percent or less of the malware which evaded UAC survived a reboot.
Internet Explorer 7's new security and safety features include a phishing filter, IDN with anti-spoofing capabilities, and integration with system-wide parental controls. For added security, ActiveX controls are disabled by default. Also, Internet Explorer operates in a protected mode, which operates with lower permissions than the user and runs in isolation from other applications in the operating system, preventing it from accessing or modifying anything besides the Temporary Internet Files directory. Microsoft's anti-spyware product, Windows Defender, has been incorporated into Windows, providing protection against malware and other threats. Changes to various system configuration settings (such as new auto-starting applications) are blocked unless the user gives consent.
Whereas prior releases of Windows supported per-file encryption using Encrypting File System, the Enterprise and Ultimate editions of Vista include BitLocker Drive Encryption which can protect entire volumes, notably the operating system volume. However, BitLocker requires approximately a 1.5-gigabyte partition to be permanently unencrypted and to contain system files in order for Windows to boot. In normal circumstances, the only time this partition is accessed is when the computer is booting, or when there is a Windows update that changes files in this area which is a legitimate reason to access this section of the drive. The area can be a potential security issue, because a hexadecimal editor (such as dskprobe.exe), or malicious software running with administrator and/or kernel level privileges would be able to write to this "Ghost Partition" and allow a piece of malicious software to compromise the system, or disable the encryption. BitLocker can work in conjunction with a Trusted Platform Module (TPM) cryptoprocessor (version 1.2) embedded in a computer's motherboard, or with a USB key. However, as with other full disk encryption technologies, BitLocker is vulnerable to a cold boot attack, especially where TPM is used as a key protector without a boot PIN being required too.
A variety of other privilege-restriction techniques are also built into Vista. An example is the concept of "integrity levels" in user processes, whereby a process with a lower integrity level cannot interact with processes of a higher integrity level and cannot perform DLL–injection to a processes of a higher integrity level. The security restrictions of Windows services are more fine-grained, so that services (especially those listening on the network) have no ability to interact with parts of the operating system they do not need to. Obfuscation techniques such as address space layout randomization are used to increase the amount of effort required of malware before successful infiltration of a system. Code Integrity verifies that system binaries haven’t been tampered with by malicious code.
As part of the redesign of the network stack, Windows Firewall has been upgraded, with new support for filtering both incoming and outgoing traffic. Advanced packet filter rules can be created which can grant or deny communications to specific services.
The 64-bit versions of Vista require that all device drivers be digitally signed, so that the creator of the driver can be identified.
HP Printer Support
hidden mini camera