Network World - Businesses are eyeing a transition to Microsoft Windows 7, and with a wealth of security features that are part of it, it's worth figuring out the good and bad about each of them, says Gartner analyst Neil MacDonald, who notes in some cases, third-party security products might be the better fit.
The AppLocker feature in Windows 7 offers an application-control capability that lets the IT manager set up a list of applications allowed to run, said MacDonald in his presentation at the Gartner Summit & Risk Management Summit 2010 last week. Often called whitelisting, this type of security control offers a possible lock-down technique, but the downside is that applications used within organizations by employees tend to grow, "and the trick is managing the whitelist over time."
"Care and feeding of the whitelist becomes cumbersome over time," MacDonald said, noting that there are several vendors in the application-control market, including Bit9, CoreTrace and McAfee (which acquired SolidCore) .
BitLocker, Microsoft's full-disk encryption capability for protecting system files and data, will be another security feature that businesses will want to evaluate in Microsoft Windows 7, MacDonald said. Calling it "good but not great," he noted that on the minus side of BitLocker, it has no self-service key recovery, no Windows single sign-on, and no smart card support for boot drive.
"By license restriction, it cannot be used where operating system virtualization is used," MacDonald pointed out. In addition, there's no support for non-Windows machines or Windows Mobile.
"It's another of those good but not great technologies," MacDonald said. "You should be encrypting all mobile devices."
Enterprises might want to look at product alternatives, including McAfee Safeboot, Sophos-acquired Utimaco, Credant Technologies, and PGP and GuardianEdge, both of which Symantec recently announced it was acquiring.
Prices for this type of desktop encryption product have been dropping from $75 to $90 five years ago to today's range of about $10 to $15, he noted. Encryption today is often something "thrown in to get your business from the antivirus vendor," MacDonald said.
Windows 7 BitLocker has not yet been certified under the federal government's FIPS 140 program though it's in process to receive that certification, he pointed out.
Other security controls in Windows 7 also have their pros and cons, according to MacDonald.
For instance, the user-account control, which limits the ability of either applications or users to make unsanctioned system changes, has been improved to minimize prompts. But on the downside, it won't prevent someone running as a standard user from still installing software, so application control may still be needed.
- HP sticks thumb in Microsoft's eye, discounts consumer Windows 7 PCs
- Microsoft retracts Windows 7 PC end-of-sales deadline
- Microsoft ends Windows 7 retail sales
- Microsoft promises IE11 on Windows 7
- Boutique PC seller laughs all the way to the bank on the back of Windows 7
- Microsoft starts auto-installing Windows 7 SP1 on consumer PCs Tuesday
- Microsoft warns of looming retirement for Windows 7 RTM
- Consumer Reports makes case for Windows 7 PCs
- Microsoft doubles support lifespan for consumer Windows 7, Vista
- At CES, Microsoft sets stage for lower Windows revenue
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Government Agency Webifies Outdated COBOL Applications Let this CTO tell you how his agency converted 1980s-era green screens into an e-filing portal for the 100,000 cases handled each year...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the... All Applications White Papers | Webcasts