A guide to Windows 7 security

Lock down your PC, protect your data, and safeguard your network with Windows 7's security tools.

Until now, Windows Vista was the most secure version of the Windows operating system. Windows 7 picks up where Vista left off, and improves on that foundation to provide an even more secure computing experience. Microsoft also incorporated user feedback about Vista to enrich the user experience and to ensure that the security features are intuitive and user-friendly. Here's a look at some of the more significant security enhancements in Windows 7.

Core System Security

As it did with Windows Vista, Microsoft developed Windows 7 according to the Security Development Lifecycle (SDL). It built the new OS from the ground up to be a secure computing environment and retained the key security features that helped protect Vista, such as Kernel Patch Protection, Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Mandatory Integrity Levels. These features provide a strong foundation to guard against malicious software and other attacks. A few key elements are worth noting.

Enhanced UAC

You're probably familiar with UAC, or User Account Control. Introduced with Windows Vista, the feature is meant to help enforce least-privileged access and to improve the total cost of ownership by allowing organizations to deploy the operating system without granting administrator access to users. Though Microsoft's primary intent with UAC was to force software developers to use better coding practices and not expect access to sensitive areas of the operating system, most people have perceived UAC as a security feature.

When users think of UAC, they typically associate it with the access-consent prompts it issues. Though Microsoft has made significant progress since Vista's introduction in reducing the types and number of events that trigger the UAC prompt (or that prevent standard users from executing tasks entirely), UAC has still been the subject of a great deal of negative feedback for Vista.

171979-fig1.uacslider._originaljpeg

With Windows 7, Microsoft has again reduced the number of applications and operating system tasks that trigger the prompt. It has also incorporated a more flexible interface for UAC. Under User Accounts in the Control Panel, you can select Change User Account Control Settings to adjust the feature with a slider.

The configuration slider lets you choose from among four levels of UAC protection, ranging from Always Notify (essentially the level of UAC protection that Windows Vista provides) to Never Notify. Obviously, you'll get the most protection with Always Notify. The advantage to setting the slider to Never Notify as opposed to disabling UAC completely is that the prompt is only one aspect of what UAC does. Under the Never Notify setting, though UAC pop-ups will no longer interrupt you, some of UAC's core protections will remain, including Protected Mode Internet Explorer.

Integrated Fingerprint Scanner Support

Many Windows users configure the operating system to log them in without a user name and password--but that's the computer equivalent of leaving the front door of your house wide open with a neon sign flashing "Enter Here." I highly recommend that you assign all user accounts in Windows 7 a relatively strong password or passphrase (that means your dog's name or your favorite basketball team don't count).

Even passwords aren't all they're cracked up to be. Passwords are secure only until they're cracked, and cracking a password is more a matter of when than if, assuming an attacker is sufficiently dedicated. Experts recommend two-factor authentications--in other words, adding another layer of protection on top of the password--for better security. Many computers, laptops in particular, come equipped with built-in biometric security in the form of a fingerprint scanner. With Windows 7, Microsoft provides much smoother integration between the operating system and the fingerprint-scanning hardware.

171979-fig2.fingerprintscanner._originaljpeg

Windows 7 has better driver support and more reliable fingerprint reading across different hardware platforms. Configuring and using a fingerprint reader with Windows 7 for logging in to the operating system, as well as for authenticating users for other applications and Web sites, is easy. Click on Biometric Devices in the Control Panel to access the console for enrolling and managing fingerprint data and customizing biometric-security settings.

The Biometric Devices console will display any detected biometric devices. If the fingerprint reader is not yet configured, the status will display 'Not Enrolled'. Click on that status to access the console.

You can add scans of one finger or all ten. Adding multiple fingers allows you to continue using the biometric security even if your primary finger is in a bandage, for instance, or if your hand is in a cast. On screen, select the finger you want to add, and then place your finger on the fingerprint reader (or slowly drag your finger across the reader, depending on the type of hardware you have). You will have to scan each finger successfully at least three times to register it in the database, similar to how you have to reenter a password to confirm that you entered it correctly.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Windows VistasecurityWindows 7

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?