Internet Explorer 7's new security and safety features include a phishing filter, IDN with anti-spoofing capabilities, and integration with system-wide parental controls. For added security, ActiveX controls are disabled by default. Also, Internet Explorer operates in a protected mode, which operates with lower permissions than the user and runs in isolation from other applications in the operating system, preventing it from accessing or modifying anything besides the Temporary Internet Files directory. Microsoft's anti-spyware product, Windows Defender, has been incorporated into Windows, providing protection against malware and other threats. Changes to various system configuration settings (such as new auto-starting applications) are blocked unless the user gives consent.
Whereas prior releases of Windows supported per-file encryption using Encrypting File System, the Enterprise and Ultimate editions of Vista include BitLocker Drive Encryption which can protect entire volumes, notably the operating system volume. However, BitLocker requires approximately a 1.5-gigabyte partition to be permanently unencrypted and to contain system files in order for Windows to boot. In normal circumstances, the only time this partition is accessed is when the computer is booting, or when there is a Windows update that changes files in this area which is a legitimate reason to access this section of the drive. The area can be a potential security issue, because a hexadecimal editor (such as dskprobe.exe), or malicious software running with administrator and/or kernel level privileges would be able to write to this "Ghost Partition" and allow a piece of malicious software to compromise the system, or disable the encryption. BitLocker can work in conjunction with a Trusted Platform Module (TPM) cryptoprocessor (version 1.2) embedded in a computer's motherboard, or with a USB key. However, as with other full disk encryption technologies, BitLocker is vulnerable to a cold boot attack, especially where TPM is used as a key protector without a boot PIN being required too.
A variety of other privilege-restriction techniques are also built into Vista. An example is the concept of "integrity levels" in user processes, whereby a process with a lower integrity level cannot interact with processes of a higher integrity level and cannot perform DLL–injection to a processes of a higher integrity level. The security restrictions of Windows services are more fine-grained, so that services (especially those listening on the network) have no ability to interact with parts of the operating system they do not need to. Obfuscation techniques such as address space layout randomization are used to increase the amount of effort required of malware before successful infiltration of a system. Code Integrity verifies that system binaries haven’t been tampered with by malicious code.
As part of the redesign of the network stack, Windows Firewall has been upgraded, with new support for filtering both incoming and outgoing traffic. Advanced packet filter rules can be created which can grant or deny communications to specific services.
The 64-bit versions of Vista require that all device drivers be digitally signed, so that the creator of the driver can be identified.
free credit score
business debt consolidation