Security in Windows Vista, 2007 Office and Exchange 2007

A new way of working needs a new paradigm for security, and Windows Vista is designed to deliver it. Vista alone includes almost 200 entirely new security features.

Security in Windows Vista, 2007 Office and Exchange 2007

Office 2007 presents a radically different way of working, with employees no longer limited to the desktop and company information being disseminated far more effectively. A new way of working needs a new paradigm for security, and Windows Vista is designed to deliver it. Vista alone includes almost 200 entirely new security features; Mary Branscombe finds out what’s in the box.

Top of page

Security today: big bucks for organised criminals

It's easy to see just how bad the current security situation is. The recent explosive growth in spam has been fuelled by a similar growth in the number of compromised PCs. Malware isn't a tool for mindless destruction anymore, and there's money to be made by increasingly sophisticated criminal gangs. Brian Burke of IDC sees spyware-based attacks as a significant threat, with "more than three-quarters of all corporate machines infected with various forms of spyware." That's a threat which can steal key business information, affect system and network performance, and drain support resources which the midsize business can ill afford to lose.

Top of page

Closing the vulnerabilities with Vista

Microsoft is targeting many of the root causes of these attacks with its family of new business software: Windows Vista, 2007 Office System and Exchange 2007. Code has been rewritten to close off common attack routes, and new tools and technologies aim to make these the most secure tools Microsoft has released to date. A lot of lessons were learnt in the development of Windows XP Service Pack 2, and Microsoft's Jim Allchin believes the most significant benefit from a wide adoption of Vista is protection from rootkits. "Most malicious Web sites currently install rootkits, and Vista will be a welcome blow to them."

Most malicious Web sites currently install rootkits, and Vista will be a welcome blow to them.

Windows Vista introduces many new security features (more than 180 in total), starting with a change in the way it handles memory. Applications run in random memory locations, rather than the same place every time. This makes it harder for attackers to write code to compromise specific applications. Other security enhancements include BitLocker whole disk encryption, which works in conjunction with hardware security mechanisms to secure your data. With BitLocker, leaving your laptop in a taxi won’t mean compromising thousands of customer details – a risk faced by many midsize businesses with mobile workers (and a constant source of amusement to the press). System administrators can lock down USB ports, stopping malware arriving and data leaving on flash drives and MP3 players. The firewall is significantly improved. Microsoft's Jacob Jaffe believes the security tools should give businesses more confidence: “as a business, I have much greater confidence that the intellectual property that I have as the core asset of my organisation will stay inside my enterprise as appropriate.”

Internet Explorer 7 also helps to secure systems, with a new phishing filter to keep users away from malicious web sites. The combination of Vista and IE 7 adds further security features, with extra protection limiting what the browser can install. Vista also includes the Windows Defender anti-spyware tool, which cleans common malware infections from PCs. And users who connect laptops to public Wi-Fi networks won't expose the office network; firewall settings are changed and private shares disabled automatically.

Top of page

Security features in Office 2007

Upgrading to the 2007 Office System should significantly reduce internal and external risks for the midsize business. The new XML file formats segregate documents with macros from ordinary documents, giving them a separate file extension. Businesses that roll out the SharePoint document management platform will be able to use Excel Services to share information without exposing business logic, as well as using Information Rights Management to lock down access to files by applying the policy to the document library rather than leaving it up to individual users. It's easier to make sure files don't contain information you don't want to share with customers, like comments and revisions. IT departments can also add custom inspection tools to remove company specific information, including customer names so you can reuse common documents without inadvertently leaking information.

There's also increased support for digital signatures, making them feel more like traditional signatures. Microsoft's Lauren Antonoff notes that "People don’t equate digital signatures in any way with signing a document so we created this thing that looks like a signature line: you can sign with a tablet, type in, or paste in an image of signature - and digitally sign the document at the same time."

Top of page

Security and Compliance go hand in hand for Outlook and Exchange

Midsize businesses don't have the staff for a formal compliance department to cope with increasing regulation. Exchange 2007 therefore offers more granular journaling tools to help you keep an accurate audit trail. Managed email folders also help with compliance, with Exchange delivering folders to people by role. Managed folders can expire documents automatically to control storage or protect key documents and messages from deletion. There's also increased network security, with internal SMTP traffic now encrypted, and more tools in an Exchange edge server to deal with denial of service attacks. Jaffe sees this adding to "the levels of control I can now have on content that I'm storing on those servers, protecting it through policy and establishing workflows and the more granular control of who can have access to which information." The result will be that users will be presented with information that's relevant to them, and not exposed to information they shouldn't see.

Jaffe claims “without adjusting any settings, as I deploy Office 2007, as I deploy Vista, these versions of the software will be the most secure versions that we have offered in our history”. Security expert Roger Grimes agrees; “Windows has always been relatively secure, but not all the default settings were appropriately set. Vista's secure defaults will absolutely make it harder for the end user to hurt themselves. More data will be encrypted by default. Dozens of old security holes are forever closed.” Only the advanced tools will require new skills or additional training, as many are managed using familiar systems administration techniques, but you will need hardware that supports BitLocker and users will need guidance on how to respond to User Account Control prompts. Security is a process rather than a state; businesses still need to protect themselves and maintain control but these new releases simplify the task for the midsize business by giving you a more secure system to start from.

Top of page

Further reading

Top of page

Next steps

About the author Mary Branscombe has been reviewing hardware and software since computers ran on elastic bands and good luck. Titles she’s written for include The Guardian, FT Digital Business, IT Pro, The Developer Register, PC Answers, PC Advisor, Application Development Advisor, The Official Windows XP Magazine, International Developer, Enterprise Server Magazine, ZDNet UK, Internet Advisor, PC Magazine, The Official Office XP Magazine, and many, many more.

Top of page