Security in Windows 7: BitLocker and More
We wrap up our survey of security in Microsoft's new OS with a look at BitLocker ToGo, IE8, AppLocker, and the improved System Restore options.
User Account Control is the elephant in the room in any discussion of Vista security. UAC in Windows 7 is similarly elephantine. And, of course, cranking up networking security and giving power-ups to the firewall are hot topics, too. Besides these big-ticket items, however, Windows 7 brings a number of other security goodies, some of them quite interesting.
BitLocker To Go—Almost
Vista sailed in with a fleet of new security features, among them BitLocker, a whole-disk encryption tool designed to protect your data even after a malefactor makes off with your laptop. BitLocker reaches its full potential on computers that include a chip called a Trusted Protection Module (TPM). The Vista TPM transparently decrypts the drive once you've authenticated yourself with a password or smart card. A laptop thief can't break into the locked drive, even after booting to a different OS or moving the drive to another computer.Windows 7 extends this protection to cover removable drives. Its BitLocker To Go feature works even without a TPM—good thing, as my test system doesn't have one. Turning it on for a drive is as simple as choosing BitLocker from the right-click menu. You supply a passphrase or (if you're totally l33t) a smart card for encryption. You stash away a special 40-digit recovery key in case the passphrase slips your mind or the smart card slips out of your pocket. After a few minutes, the drive is encrypted. Simple!
The next time you slot in the drive, Windows 7 demands the passphrase or smart card. If your office is physically secure and mole-free, you can have Windows remember the authentication key and automatically unlock the drive on your computer (and only your computer).
You probably won't do this at home, but IT administrators can use Group Policy to enforce passphrase length and, cooler still, ban writing to any removable drive that isn't BitLocker-protected. It's a very useful tool against the very real problem known as podslurping. With this policy in place, employees can still bring in the virus-of-the-month on an unprotected drive, but they can't take away an unprotected copy of the personnel database or the latest company plans for world domination.
Naturally, you can use your encrypted USB drive on any Windows 7 system: Locking the device to a single computer would be absurd. Microsoft's documentation says again and again that you can even use an encrypted drive on an XP or Vista system. "BitLocker To Go also allows users to securely share data with users who have not yet deployed Windows 7."
Try as I might, however, I could not get any XP or Vista system to read my BitLocker To Go encrypted drive. Thickening the plot further, a description in the Group Policy controlling this feature contradicts the documentation. It says that on older systems "A readme.txt file will appear to be the sole contents of the device. This file informs the user that they must insert the device into a Windows 7 machine to be able to unlock it." That's not what I call sharing!
Microsoft confirmed that drives encrypted with BitLocker To Go really will be usable on older Windows systems—later. "BitLocker To Go is an example of one of the features shown at PDC that doesn't have full functionality in this pre-beta build. What you're experiencing is normal for pre-beta behavior." Fair enough. When they get this one working, it'll be a hot feature. I'm eager to test it when it's ready.
Security in IE8
Naturally this pre-beta of the next Windows relies on the beta of the next Internet Explorer as its built-in browser. PCMag's Michael Muchmore has thoroughly reported on IE8's new features. I'll quickly review those that relate to security in particular.
Porn mode The new InPrivate Browsing feature (called "porn mode" by some wags) lets you surf the Web without leaving traces. In this mode, the browser doesn't cache temporary Internet files, doesn't accept cookies, and doesn't record your surfing history. This kind of no-trace surfing is all the rage: Google's Chrome has its "incognito browsing," Safari offers "private browsing," and a similar feature is in the works for Firefox.
InPrivate Blocking IE8's InPrivate Blocking takes the concept even further: It blocks sites that invade your privacy by tracking your surfing habits across multiple sites. Any time a third-party Web site receives information from the site you're viewing, it gets a black mark from IE8. Ten black marks earns the site a spot on IE8's list of incorrigible snoops. When InPrivate Blocking is active, it prevents any connection with those sites. Of course, banner ad companies that sell their services to multiple sites often gather information to make sure you don't see the same ads over and over. Some of these Internet advertisers worry that this feature will wipe out their revenue stream, but Microsoft says it's not intended as an ad blocker. We'll see!
Smart history deletion One enhancement makes it easy to toss your cookies (and other browser traces) without losing automated log-ins for your Favorites. It's so simple you wonder why they didn't do it before. The Delete Browsing History dialog will still delete cookies, temporary Internet files, and browsing history, but it now has a check box to reprieve cookies and cache files from sites that appear in your Favorites. Good one!
SmartScreen Phishing protection is now called "SmartScreen," IE8 uses a scary blood red background to warn of phishing danger. It's much more convincing than IE7's pale, lackluster warning screen. A quick test suggests that it's at least as effective against phishing sites as IE7—no surprise there. But SmartScreen should also block sites known to host malware. I tried re-downloading all of my current crop of malware samples to test that feature. It didn't block a single one! The only site I found that actually triggered SmartScreen was one that Microsoft created specifically to test the feature. I managed to deduce the site's semi-concealed URL from one of their screen shots. Apparently this side of SmartScreen protection isn't yet ready for prime time in this pre-beta.
Bits and Pieces
Windows Defender, the lackluster tool that supplied spyware protection in Vista and Microsoft's ill-fated Windows Live OneCare, is still around in Windows 7. However, it appears to be a work in progress. Vista's Windows Defender had nine "security agents" for real-time protection. The help in the Windows 7 version lists five, but only two are present in Windows Defender itself. I'm not sure what's going on there. Finally, during the obligatory scan of my squeaky-clean new Windows 7 installation, it reported malware traces but changed its mind on completion. I'll dig into this feature later, when it's clearly "gold code." Who knows; before that happens it may morph into Morro, Microsoft's announced free, tiny malware fighter.
I've seen more problems caused by System Restore than solved by it; I'm not a big fan. Still, users often resort to it when trying to clean up a (real or imagined) malware problem. In Windows 7, you'll at least have a clear idea of what collateral damage may result, as it lists all programs and drivers that would be removed or brought back by invoking a particular System Restore point. It's way better than guessing at the right restore point and hoping for the best, which is what you have to do now.
IT departments will like the feature Microsoft is calling AppLocker. Accessed through Local Security Policy, it's a way to control which programs the users can and can't use, and it's a lot more flexible than Vista's Software Restriction Policies. Still, it's not for the average user. Windows 7 also includes built-in support for biometric devices: You can even configure it to log in with a fingerprint rather than a password.
So how does Windows 7 rate on security improvements, based on my look at the pre-beta? Not bad, but not stunning. When Windows Vista replaced Windows XP, security was a major selling point. Vista came in with a horde of brand-new features specifically aimed at propping up Windows's bad reputation in the security realm. There's no such quantum leap planned in going from Vista to Windows 7. UAC is still UAC, though slightly less strident. The firewall's new features are evolutionary, not revolutionary. BitLocker To Go is a nice enhancement, not a new trick for Windows. Virtually all the changes in the security area are simply tweaking and improving on existing Vista features. But then, that's what Windows 7 is all about, right? "It's Vista…but better!"