Security: Frequently Asked Questions




For a complete view of Windows 7 resources, articles, demos, and guidance, please visit the Springboard Series for Windows 7 on the Windows Client TechCenter.
For a downloadable version of this document, see the Security: Frequently Asked Questions in the Microsoft Download Center (

What is the Action Center?

New to Windows® 7, the Action Center provides a centralized location for system notifications. As a replacement for and expansion of the Windows Security Center, the Action Center displays notifications for issues that relate to the security and maintenance of the computer and provides links to related tasks. Consolidating notifications and related tasks help keep your computer secure and healthy while limiting interruptions.

What does the Action Center tell me about?

The Action Center consolidates notifications from multiple Windows features, including Windows Firewall, Windows Update, Windows Defender, Windows Advanced Backup, and User Account Control. If the Action Center detects no issues, the Action Center displays a white flag in the notification area. If an issue requires attention, the Action Center displays a red and white “X” over the flag to alert you. You can click the flag to see a list of issues, quickly resolve those issues, or open the Action Center for more information about your computer’s status. In addition, third-party security software like antivirus, antispyware, and firewall programs can also report status through Action Center.

What is User Account Control?

User Account Control (UAC) is a set of technologies that helps legacy applications to run with standard user rights and ISVs to adapt their software to work well with standard user rights. This gives users a more compatible choice to secure their systems by running with standard user rights instead of administrator rights. Microsoft engineered Windows 7 to put the user in control of their prompt experience and to quiet the system in general so that all user prompts are more meaningful when they do appear.

How is UAC different in Windows 7 than in Windows Vista?

Windows 7 provides users with four options for the UAC prompt experience. We have worked to make these options discoverable and more understandable through a new control panel interface. The default setting for UAC is set to notify when programs attempt to change settings, which makes UAC prompts less frequent in normal use of the computer. We have enabled additional Windows operations that users perform often to work without administrative rights. We have also reduced numerous instances of duplicate notifications for common activities, for example when installing applications from IE. We have also made it easier for administrators to look at specific Windows settings on the system without needing administrative privileges by refactoring many of our control panel applications to separate interfaces for viewing system settings from those that modify them.

What is BitLocker To Go?

Windows Vista® introduced BitLocker™ Drive Encryption, which provided full-volume drive encryption. In Windows 7, the BitLocker To Go™ feature extends the BitLocker Drive Encryption feature to removable storage devices such as USB flash drives and external hard drives. You can use these encrypted drives on other computers running on Windows 7, as long as you know the password that you used to protect the drive.

Is BitLocker To Go available in every version of Windows 7?

BitLocker to Go is available in Windows 7 Enterprise and Windows 7 Ultimate. As a result, you will need a premium version of Windows to enable protection of a BitLocker To Go protected removable storage device; however, a BitLocker To Go protected removable storage device can be unlocked and utilized for full read/write access on any version of Windows 7.

Will drives that are encrypted with BitLocker To Go work on other Windows versions?

BitLocker To Go provides read-only support for removable devices on older versions of Windows allowing you to more securely share files with users who are still running Windows Vista and Windows XP.

What if I lose my BitLocker To Go password?

When BitLocker To Go encrypts a drive, it prompts you to either save or print a 48-digit recovery key. You will need this key if you forget your password. When BitLocker prompts you to enter the password to unlock the flash drive, click I forgot my password. You then can either type the recovery key or open the file that you saved during when you encrypted the drive.

Which type of encryption does BitLocker To Go use?

By default, BitLocker To Go uses AES-128 with the Elephant Diffuser to encrypt the drive volume.

What should I tell my friends and family about Windows 7 security?

With Windows Vista, we employed a defense-in-depth approach to help protect customers from malware. This includes features like Security Development Lifecycle (SDL), User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP). Windows 7 retains all of the development processes, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released. At the end of the day, our goal is to take our most secure operating system ever, Windows Vista, and engineer an even more secure Windows 7—while also making it more usable and manageable.