Hands On: A Hard Look at Windows Vista

Internet Explorer Security
Internet Explorer has long been a hackers' favorite target, and in Windows Vista, Microsoft has built in a variety of protections to help keep IE, as well as your computer, safe.

First and foremost is Protected Mode, which shields the operating system from actions taken by Internet Explorer or any Internet Explorer add-ins. So even if malware breaks Internet Explorers security features, it shouldn't be able to do harm to your PC, because Protected Mode in essence locks Internet Explorer inside a safe box. Protected Mode isn't available in IE 7 in Windows XP; it works only in the Windows Vista version.

Windows Firewall
Those who have been longing for a true firewall for Windows will be pleased to know that Windows Vista includes a two-way firewall. The firewall in Windows XP only blocked dangerous inbound connections but did not provide any protection for unwanted outbound connections. So if your PC was invaded by a Trojan or spyware, those programs would be allowed to make outbound connections unimpeded. Windows Vista changes that, and the Windows Firewall includes outbound protection as well.

As with Windows XP, you can customize how inbound protection works by opening and closing ports, blocking and unblocking programs and so on through Windows Firewall Settings, available via Control Panel > Security > Allow a Program through Windows Firewall.

But oddly, at first it appears that you can't do the same for outbound connections. In fact, you can, but you'll have to do a bit of digging to find out how. You need to run Windows Firewall with Advanced Security. To do it, at a command prompt, type wf.msc and press Enter.

Now you can protect both inbound and outbound connections. (Click image to see larger view)

Given that Windows Firewall now has outbound filtering, there's little reason for most people to need a third-party firewall such as ZoneAlarm.

Windows Defender
The Windows Defender antispyware built into Windows Vista is no different than the one available as a free download for Windows XP, or the one built into Windows Live OneCare. It's a solid, serviceable antispyware application that includes live protection as well as automated spyware scanning.

The best thing about Windows Defender is that it was purposely designed not to pop up frequently, requiring user decisions. The worst thing about Windows Defender is that compared to products like Webroot's Spy Sweeper or Safer Networking's Spybot Search & Destroy, it offers limited protection.

One of Defender's more useful features is its Software Explorer, which provides help beyond spyware. Software Explorer lets you see programs running on your PC in a variety of categories, including Startup Programs and Currently Running Programs. It provides in-depth information about each program, including its name, executable file, publisher, path, file size and more. You can enable, disable or remove any program.

Windows Defender doesn't give a whole lot of advice in helping you decide which programs you should let run -- but on the other hand, if Windows Defender allows a program to run, it considers the program safe. You can always do a Google search to track down any application about which you're suspicious, and Windows Defender gives you plenty of information about each app, so it should be easy to do a search.

The Software Explorer gives you in-depth information about programs running on your PC. (Click image to see larger view)