Good afternoon all of my Vista Security gurus!
A huge thank you to Keith Combs and Shawn Travers for their help on the webcast! Thank you to everyone for asking a lot of great questions, if you need any more information please comment!
- Replay of the webcast: TechNet Webcast: Security Features in Windows Vista
- I blogged about some recent security news: Microsoft Security News and Articles
- Vista Security Guide: Book of the Month for April 2007: Windows Vista Security Guide
Question: Is there a difference between running an application as Admin and running as a standard user and waiting for the UAC prompts? How do you know when you need to use the Run as Admin option?
Answer: when elevation is needed, you are prompted by Windows Vista to confirm the creds. If you are running as the RID 500 administrator, you are not prompted.
Question: I’ve noticed IE 7 on Vista opens a new windows instead a new tab when opening a page form a different domain, is there a way to make it behave as IE 7 on XP does?
Answer: yes, those are under the tab options. I also like to go directly to the new tab that is created but it isn’t the default either
Question: Understand IE7 enhancements. what if I install another browser such as firefox? are the protections built into the browser or OS?
Answer: some of the security enhancements with IE7 are directly tied to the OS. For instance Protected mode is disabled if UAC is disabled.
Question: I’ve noticed that the I.E. 7 active x feature has run into issues with Outlook Web access (loss of functionality) is that still the case?
Answer: In the pre-release I know there were some challenges, I am not aware of anything ongoing at this point, I do know there is an update for S/MIME with IE7 and Exchange that is a KB article.
Question: In a home setting if you install Microsoft OneCare should you use VISTA Firewall or OneCare Firewall or both?
Answer: If you are a consumer with Onecare the nice feature of Onecare firewall is: Continuous firewall monitoring – The Windows Live OneCare firewall is a two-way managed firewall. This means that both inbound and outbound traffic is controlled. The firewall is also updated continually to help protect you.
Question: Do you have any information on the Cisco Microsoft NAC / NAP Partnership?
Answer: the best place to get that information is probably at http://blogs.technet.com/nap/
Question: I have noticed that when i install a Microsoft application that has multiple dialogs during the installation for selecting directories, selecting options clicking next after a phase completes etc. that the screen with the dialog pops under other screens on VISTA but pops on top in XP. Why do important messages requiring operator action pop under in VISTA on pop up in XP. Is it some how safer to try and hide the operator action screens?
Answer: This is really a question on using the right order by the installer (the installation engine)
Question: Would that enable me to allow all users to right to the same virtual store?
Answer: The Virtual Store is linked to the user profile check out – File System and Registry Virtualization In Windows Vista, many legacy applications that were not designed to support standard user accounts can run without modification, using the built-in file/registry virtualization feature. File/registry virtualization gives an application its own “virtualized” view of a resource it is attempting to change using a copy-on-write strategy. For example, when the application attempts to write to a file in the program files directory, Windows Vista gives the application its own private copy of the file in the user’s profile so the application will function properly. Virtualization also provides logging by default for applications that attempt to write to protected areas. So it would depend on how you implement the User Profiles
Question: If you install VISTA on a computer with a TPM chip and you don’t configure it for bitlocker can you turn it on later or do you have to reformat and repartition the boot disk to use bitlocker?
Answer: No. See http://support.microsoft.com/default.aspx/kb/930063
Question: Can bitlocker encrypt removable storage devices?
Answer: BitLocker provides a user interface for the encryption of the entire operating system volume, including Windows system files and the hibernation file. You can optionally use Encrypting File System (EFS) in Windows Vista to protect other volumes. The EFS keys are stored by default in the operating system volume. Therefore, if BitLocker is enabled for the operating system volume, all data that is protected by EFS is also indirectly protected by BitLocker. Additionally, advanced users can encrypt local data volumes using a command-line interface (manage-bde.wsf).
Question: Is the paging file also encrypted in Bit Locker protected?
Answer: Yes, because bit-locker encrypts the entire volume.
Question: What improvements to security are coming with SP1?
Answer: Take a look at Kai Axford’s blog: It’s Official: Windows Vista SP1 (Beta) News
Question: Which OS is bit locker in?
Answer: Windows Vista Enterprise & Ultimate