With such an immense user base, there must be a myriad of details you need to work on. What's the most significant security challenge Microsoft tackled while developing Windows 7?
No matter how good the technical protections are, it is important to help the user to make the best decisions that will help keep them safe from malicious users and software. Changes in UAC are an example of this sort of work to reduce the number of prompts all users will see while helping move the ecosystem to an environment where everyone can run as a standard (non-privileged) user by default. Other great examples include the new SmartScreen Filter and Clickjacking prevention technologies that are included with Windows 7 through Internet Explorer 8.
Is the rising skill level of malicious users combined with an increasing variety of attacks becoming a significant problem when developing something as demanding as a new version of Windows?
Clearly, the sophistication and motives of malicious users has changed dramatically over the past few years. We continue to work with security researchers and others to understand not only today’s threat landscape but tomorrows as well. This helps us build protections into the system that help secure your PC from acquiring and running code without the user’s consent. In addition, we continue to make sure Windows is resistant to both tampering and circumventing the protections within the system.
What has been the response of the security community to Windows 7 releases so far? Are you satisfied with the feedback? What have you learned?
The response by the security community to Windows 7 has been great so far. There has been some confusion about UAC and the changes we made there, but it provides a great example of how we can listen and work with the community to provide a product we can all be proud of.
What are the core differences between Windows 7 and Windows Vista when it comes to security?
Windows 7 builds upon the security foundations of Windows Vista and retains the development, including going through the Security Development Lifecycle, and technologies that made Windows Vista the most secure Windows operating system ever released. Core security enhancements from Vista like User Account Control (UAC), Kernel Patch Protection, Windows Service Hardening, Address Space Layout Randomization (ASLR), and Data Execution Prevention (DEP), etc. are all retained. In addition, we have added new security features like AppLocker to help control the applications that run in their environment. We have enhanced the core BitLocker Drive Encryption to make it easier for IT to deploy and manage the technology in their environment. In addition, we have responded to customer requests to extended support for BitLocker to removable storage devices through BitLocker To Go. Finally, Windows 7, coupled with internet explorer 8, provides flexible security protection against malware and intrusions for the proliferation of web based attacks that occur today.
How much did usability issues influence the way decisions were made?
Our goal with Windows 7 was to take the most secure OS ever, Windows Vista, and engineer an even more secure Windows 7—while also making it more usable and manageable. So in Windows 7, we’ve given a great deal of thought to how we marry enhanced security with ease-of-use.