Clinic Introduction 11

Facilities





12 Clinic Introduction
About This Clinic

This section provides you with a brief description of the clinic, objectives, and target
audience.
Description
This clinic introduces you to the new features of the Microsoft Windows Vista™
operating system that are relevant to IT professionals. These features include security
enhancements, user productivity enhancements, monitoring enhancements, and
manageability enhancements.
Objectives
After completing this clinic, you will be able to:
• Describe potential security risks.
• Understand the malware protection features in Windows Vista.
• Understand the network protection features in Windows Vista.
• Describe the security enhancements in Internet Explorer 7.0.
• Understand the data protection features in Windows Vista.
• Describe how Windows Vista enhances user productivity.
• Describe the Windows Vista User Interface Enhancements.
• Describe the Windows Vista Productivity enhancements.
Clinic Introduction 13

• Understand the Windows Features for Mobile PCs.

• Manage the Windows Vista Boot Process.
• Configure Power Management.
• Describe the benefits of enhanced monitoring and management.
• Describe Windows Vista system monitoring features.
• Monitor and control applications.
• Describe Group Policy enhancements in Windows Vista.
• Understand the remote management features in Windows Vista.
• Automate management tasks.

Audience
The target audience for this clinic includes the following:
• IT Professionals who generally perform desktop support for Windows computers.
Typical duties for this IT Professional are user support, desktop configuration, and
desktop troubleshooting. They will be particularly interested in the new features of
Windows Vista and how the changes affect Windows security, reliability,
performance, productivity and manageability.
• Technical decision makers can gain an overview of Windows Vista features and
benefits.

14 Clinic Introduction
Prerequisites

This clinic requires that you meet the following prerequisite:
• 1 year experience with Windows client and server operating systems in a corporate
environment
Clinic Introduction 15

Clinic Outline

Session 1, “Security Enhancements in Windows Vista,” provides an overview of new

security features in Windows Vista. Many of the changes in Windows Vista have been
made to prevent user-initiated security problems and to prevent unknown future attacks.
Security features relevant to malware, networks, Microsoft Internet Explorer® 7, and
data protection are covered.
Session 2, “User Productivity Enhancements in Windows Vista,” provides an overview
of the new features in Windows Vista that are seen and configured by users. IT
Professionals must be aware of these features to help and educate their users. Areas
covered include user interface enhancements, productivity tools, features for mobile PCs,
the startup process, and power management.
Session 3, “Monitoring and Managing Windows Vista,” provides an overview of the new
monitoring and management features in Windows Vista. For most organizations, the cost
of software management is far greater than that of software acquisition. The new
monitoring and management features in Windows Vista include Application Error
Reporting, Event Viewer enhancements, Group Policy enhancements, remote
management enhancements, reduced restarts, and Task Scheduler enhancements.
16 Clinic Introduction
Next Steps

The next step after completing this session is:
• Clinic 5057A, First Look: Windows Vista for IT Professionals Hands-On Labs.

Session 1: Security Enhancements in
Windows Vista

Table of Contents
Session Overview 1
Security Risks 2
Malware Protection Features 8
Network Protection Features in Windows Vista 25
Internet Explorer 7 Security Enhancements 37

Data Protection Features 50
Session Summary 61
Questions and Answers 62


Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any
real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or
should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting
the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval
system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft
makes no representations and warranties, either expressed, implied, or statutory, regarding these
manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or
product does not imply endorsement of Microsoft of the manufacturer or product. Links are provided to third
party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of
any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not
responsible for webcasting or any other form of transmission received from any linked site. Microsoft is
providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of
Microsoft of the site or the products contained therein.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights
covering subject matter in this document. Except as expressly provided in any written license agreement from
Microsoft, the furnishing of this document does not give you any license to these patents, trademarks,
copyrights, or other intellectual property.
© 2006 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, ActiveX, Aero, Bitlocker, BizTalk, DirectX, Internet Explorer, NetMeeting, Visual
Studio, Windows, Windows Media, Windows Server, and Windows Vista are either registered trademarks or
trademarks of Microsoft Corporation in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective
owners.
Session 1: Security Enhancements in Windows Vista 1

Session Overview

Introduction
Computer security is a critical issue for all organizations. Increased regulation has fueled
the need to ensure compliance with heightened security requirements such as privacy
laws. In addition to software flaws, many security issues are user initiated. The
Microsoft® Windows Vista™ operating system includes a variety of new features to
increase security.
Objectives
After completing this session, you will be able to:
• Describe potential security risks.
• Understand the malware protection features in Windows Vista.
• Understand the network protection features in Windows Vista.
• Describe the security enhancements in Microsoft Internet Explorer® 7.
• Understand the data protection features in Windows Vista.
2 Session 1: Security Enhancements in Windows Vista
Security Risks

Introduction
There are security risks inherent to all computer systems regardless of the operating
system that they run. Understanding security risks with computing systems is the first
step toward mitigating those risks. This section describes some of the security risks to
computing systems and provides a brief overview of how Windows Vista mitigates them.
Objectives
After completing this section, you will be able to:
• Describe security risks to computer systems.

• Describe how Windows Vista addresses security risks.
• Describe Windows Vista platform improvements.

Session 1: Security Enhancements in Windows Vista 3

What Are Security Risks?

To make it easier to plan defenses, security risks can be divided into broad categories.
Each category shares a set of characteristics that can be analyzed and protected against.
Security risk categories include:
• Malware. Malware is software that performs unauthorized operations on your
computer. Viruses, Trojans (Trojan horses), and spyware are examples of malware.
Malware can be introduced by users installing unauthorized software or visiting
malicious Web sites.
• Network risks. Computers are usually connected by a network. Much of the value we
gain from computers is based on using network resources like the Internet, database
servers, and file servers. However, computer networks facilitate attacks on computers.
Worms replicate themselves over networks, and hackers use networks to try and
break into systems.
• Web browser risks. Almost every information worker in an organization uses a Web
browser to perform research and access Internet and intranet applications. Some
malicious Web sites attempt to modify the configuration of the local computer by
exploiting flaws in Web browsers. Other Web sites attempt to impersonate legitimate
Web sites such as online banks to steal personal information in an attack known as
phishing.
4 Session 1: Security Enhancements in Windows Vista
• Data risks. As workers have become more mobile with portable computers, more
corporate data is being carried outside the physical walls of the organization. When a
portable computer is lost or stolen, it is often easy for unauthorized people to gain
access to corporate data stored on the portable computer. In addition, corporate data

is often transmitted outside the organization where there is no control over
retransmission or use of that data.
Session 1: Security Enhancements in Windows Vista 5

How Windows Vista Addresses Security Risks

One of the major focuses in Windows Vista development is increased security. Many of
the new features in Windows Vista are specifically designed to make Windows Vista
more secure than any previous version of Windows.
Windows Vista security features include:
• Hardened services to reduce the risk of a Windows service being used by an attacker.
• User Account Control (UAC) to limit the use of administrative privileges.
• Windows Defender to prevent and remove spyware.
• Windows Firewall enhancements to mitigate network risks.
• Network Access Protection (NAP) to control which workstations are able to access
the network.
• Internet Explorer Protected Mode to prevent malicious Web sites from affecting the
local computer.
• The Phishing Filter in Internet Explorer 7 reduces the likelihood of a phishing attack
being successful.
• BitLocker Drive Encryption to secure data on portable computer hard drives.
• Rights management to control how data is used, even outside your organization.
The preceding security topics are discussed in detail later in this session.
6 Session 1: Security Enhancements in Windows Vista
What Are the Platform Improvements?

In addition to the new features in Windows Vista that address security risks, there are
also some specific platform improvements. The platform improvements change some of
the security systems in Windows Vista to make them more effective and easier to use.
The platform improvements in Windows Vista are:

• Flexible authentication. Windows Vista authentication capabilities are more flexible,
providing a variety of choices for customized authentication mechanisms, such as
fingerprint scanners and smart cards. Deployment and management tools, such as
self-service personal identification number (PIN) reset tools, make smart cards easier
to manage and deploy. Smart cards can also be used to log on to Windows Vista.
Further, Windows Vista enables authentication using Internet Protocol version 6
(IPv6) or Web services.
• Easier certificate management. Certificate enrollment is made easier because
Windows Vista includes Credential Manager enhancements that enable backing up
and restoring credentials stored on the local computer. The new Digital Identity
Management Service (DIMS) provides certificate and credential roaming within an
Active Directory® directory service forest and end-to-end certificate life cycle
management scenarios.
Session 1: Security Enhancements in Windows Vista 7

• Enhanced auditing. Windows Vista auditing capabilities make it easier to track what
users do. Auditing areas now include multiple subcategories, making it much easier
to focus on events of interest. Windows Vista integrated audit event forwarding
collects and forwards critical audit data to a central location, enabling small networks
as well as enterprises to better organize and analyze audit data.
8 Session 1: Security Enhancements in Windows Vista
Malware Protection Features

Introduction
Malware is malicious software that is installed without your explicit consent. Malware
includes spyware, viruses, and worms. Malware can steal personal information and cause
system performance problems as well as data loss and system failures. Windows Vista
implements hardened services, UAC, and Windows Defender to limit the risks posed by
malware.
Objectives

After completing this section, you will be able to:
• Describe how malware is installed.
• Describe how Windows Vista protects against malware.
• Describe service hardening.
• Describe User Account Control.
• Understand how UAC helps prevent malware.
• Understand how to administer UAC.
• Describe Windows Defender.
• Understand Windows Defender scanning modes.
Session 1: Security Enhancements in Windows Vista 9

How Is Malware Installed?

Malware is installed without your explicit consent. It needs to either exploit a flaw in the
operating system or trick you into installing it. In most cases, viruses and worms exploit
flaws to install themselves, but spyware is usually established by tricking users into
installing it.
Buffer Overflows
The most common operating system flaw that is exploited by malware is the buffer
overflow. All Windows services and applications are designed to expect certain data
during communication. Most of the time when services and applications receive data,
they verify that the amount of data received is the amount of data that is expected.
However, if the verification step is accidentally omitted, a buffer overflow can occur.
A buffer overflow occurs when a service or application receives more input than was
expected and does not handle the additional data correctly. In most cases, a buffer
overflow results in the service or application stopping. Occasionally a buffer overflow
allows arbitrary code to be executed on the computer.
10 Session 1: Security Enhancements in Windows Vista
Trojans
A Trojan is software that pretends to be for one purpose but performs another. For

example, you could run a file management tool that you have downloaded from the
Internet, and the file management tool might install spyware.
When users are logged on using administrative credentials, they are allowed to install and
configure software. Trojans take advantage of this to install malware.
Social Engineering
Even if computer systems are completely secure from a technology perspective, the
systems are still vulnerable to user errors and actions. Social engineering is the process of
tricking a user into performing a task, such as installing undesirable software or
inadvertently providing password information.
Social engineering is used by malware creators when they offer users Internet Explorer
toolbars and additional software that adds emoticons to e-mail messages. Many of these
appear to be legitimate software but also install spyware. Sometimes software that
purports to remove spyware is actually spyware itself.
Session 1: Security Enhancements in Windows Vista 11

How Windows Vista Protects Against Malware

Windows Vista protects against malware with three specific enhancements:
• Windows Service Hardening. Windows Service Hardening restricts critical Windows
services from doing abnormal activities in the file system, registry, network, or other
resources that could be used to allow malware to install itself or attack other
computers. For example, the remote procedure call (RPC) service can be restricted
from replacing system files or modifying the registry.
• User Account Control. User Account Control (UAC) allows users to be productive
and change common settings while running as a standard user, without requiring
administrative privileges. This prevents users from making potentially dangerous
changes to their computers, without limiting their ability to run applications. Users
with administrative privileges run as a standard user most of the time and are
prompted for permission when administrative privileges are required.
• Windows Defender. Windows Defender is a tool to remove spyware and prevent

spyware installation. Even when users are tricked into installing spyware, Windows
Defender can still stop installation or remove it afterwards.
12 Session 1: Security Enhancements in Windows Vista
What Is Service Hardening?

Windows services represent a large percentage of the overall attack surface in
Windows—from the perspective of the amount of overall always-on code footprint in the
system, and the privilege level of that code. Windows Vista limits the number of services
that are running and operational by default. Before Windows Vista, many system and
third-party services ran in the context of the LocalSystem account, where any breach
could lead to unbounded damage to the local machine, including disk formatting, user
data access, or driver installation.
Windows Service Hardening reduces the damage potential of a compromised service by
introducing new concepts that are used by Windows services:
• Introducing a per-service security identifier (SID). It enables per-service identity,
which subsequently enables access control using the existing Windows access control
model covering all objects and resource managers that use access control lists
(ACLs). Services can now apply explicit ACLs to resources that are private to the
service, which prevents other services as well as the user from accessing the resource
directly.
• Moving services from the LocalSystem account to a lesser privileged account, such
as LocalService or NetworkService. This reduces the overall privilege level of the
service, which is similar to the benefits derived from User Account Control.
• Removing unnecessary Windows privileges on a per-service basis. For example,
removing the ability to do debugging.