Security on Your Terms
Windows® 7 includes new features that help put you in control of your security experience. Do you want User Account Control (UAC) to prompt for every significant configuration change or only for changes that programs make? Do you want to see all security- and maintenance-related messages, or do you want to ignore some of them? You are in control.
This article describes some of the new or changed security features in Windows 7. These features include the new Action Center and the updated UAC. This article also describes how Windows 7 extends BitLocker™ Drive Encryption to portable storage devices.
Also see the following related documents:
For a complete view of Windows 7 resources, articles, demos, and guidance, please visit the Springboard Series for Windows 7 on the Windows Client TechCenter.
For a downloadable version of this document, see the Security on Your Terms in the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=162573).
The New Action Center
Earlier versions of Windows can do a great job of alerting you to security issues. However, notifications come in multiple user experiences and from multiple programs and features. This behavior can be frustrating to users, who often either disable or ignore the notifications. Ignoring notifications can cause the computer’s health to decline, which in turn, could cause even more notifications.
Windows 7 introduces a new feature called the Action Center, which consolidates notifications to help put the user in control.
The Action Center, which Figure 1 shows, is a centralized location for notifications relating to security, issue reports, virus protection, network firewall, and more. This feature replaces and expands on the Windows Security Center in Windows Vista®. The Action Center notifies you that an issue needs attention by placing a red and white “X” over its icon in the notification area; when no issues have been detected, the icon is a plain white flag.
Figure 1. Action Center
The Action Center can simplify the process of recognizing an issue, understanding its importance, and fixing it. You can use the Action Center to help find an antivirus program, update malware protection, turn on a firewall, update Windows, and more—each with just one click. Action Center notifications include, but are not limited to, the following:
Internet security settings
Spyware and related protection
Check for updates
The Action Center is one of many Windows 7 features that can help friends and family be more self-sufficient. The feature can help novice users better understand and maintain their computers. Additionally, the Action Center makes fixing many types of problems extremely easy; users can fix many problems with a single click. Because of the Action Center, you might find that you get fewer phone calls from panicked friends and family.
Changes to UAC
UAC is a set of technologies that helps legacy applications to run with Standard User rights. Users can better secure their computers by running with Standard User rights instead of with Administrator rights. While most people appreciate the enhanced security UAC offers, Microsoft did hear complaints about the high number of UAC prompts. This led some customers to turn off UAC, which concerns Microsoft from a security perspective.
Windows 7 reduces the number of prompts users see: this makes the prompts that are displayed more meaningful. In Windows 7, UAC prompts users when it really matters and not just because they want to change the size of text on the display. Windows 7 also gives people who use administrator accounts more control over the prompt experience. As Figure 2 shows, users can choose between the following four settings in the User Account Control Settings dialog box:
Always notify me when: This setting is the same as the default Windows Vista behavior. Windows 7 notifies you when programs try to install software or make changes to the computer as well as when you make changes to Windows settings.
Notify me only when programs try to make changes to my computer: This setting is the new default in Windows 7 and is the most appropriate setting for most users. Windows 7 notifies you only when programs try to install software or make changes to the computer.
Notify me only when programs try to make changes to my computer (do not dim my desktop): This setting is similar to the previous setting but turns off the secure desktop (i.e., does not dim the Windows desktop to prevent interaction with it). Microsoft recommends this setting only if dimming the Windows desktop takes longer than desired.
Never notify me when: This setting disables UAC. Microsoft does not recommend this setting. Use this setting only if you must use applications that are incompatible with UAC.
Figure 2. User Account Control Settings dialog box
UAC can help your friends and family make more informed decisions about what applications can make changes on their computers. The changes in Windows 7 can reduce user frustration, thus reducing the number of frantic calls you are likely to receive after you get home from a long day at work. Ultimately, these changes can help make your friends’ and family members’ computers more stable and secure.
BitLocker To Go
Do you use portable storage, such as USB flash drives? Do you know where all these devices are at this very moment? Have you ever loaned one of these storage devices to a friend who never gave it back? Last question: Do you know what is on each of those USB flash drives? Probably not. Portable drives are commonplace, and many users put important personal information, such as financial records, on them. Protecting the contents of these drives can be vitally important.
Windows Vista introduced BitLocker Drive Encryption, which provides full-volume drive encryption. In Windows 7, the BitLocker To Go™ feature extends BitLocker Drive Encryption to removable storage devices such as USB flash drives and external USB hard disks.
You can use a locked portable drive on any computer running Windows 7, as long as you know the password or have the smartcard to unlock it. And if you know the correct password, you can read a locked portable drive on computers running Windows XP or Windows Vista by using the BitLocker To Go Reader, which resides on the encrypted drive.
BitLocker To Go can help you, your friends, and your family better protect the data on portable storage devices in case it is ever lost or stolen.
Windows 7 helps put the user in control of computer security. Users can configure the types of prompts UAC displays or which messages the Action Center displays. Additionally, new and changed security features in Windows 7 can help make your friends and family more self-sufficient and can keep their computers in better health. The result could be fewer phone calls about computer problems.