Laptop Security: Windows® Vista™ vs. XP
Security features in the Windows Vista operating system have been designed to
address the vulnerabilities exposed in laptops running XP and described in the 3
scenarios above and many more. Each Windows Vista feature is described below:
TPM
(Trusted Platform Module)
Chips Support
Windows Vista
TPM Services Architecture supports a TPM
(Trusted Platform Module) version 1.2 microchip on the motherboard. The TPM stores keys,
passwords, and certificates in encrypted form using
RSA, SHA-1 and HMAC.
[25] A
TPM chip increases the security of BitLocker
encryption by making more secure encryption
schemes available, along with the certainty that an encrypted disk cannot be
read if removed from the machine. The disk also cannot by read if the TPM chip
is tampered with in any way. [9]
Windows
Vista
provides a new authentication architecture that is simpler for
other companies to build interfaces, thus allowing easier implementation of
strong authentication devices such as smart cards and biometric devices like
fingerprint or retina scanners. Microsoft believes this will lead to a
proliferation of these devices for the Windows Vista operating system.
Microsoft has increased the security
of connections to wireless networks with the Windows Vista platform by adding
support for encryption technologies not supported in XP, such as native support
for the highest level of standards-based security currently available for
wireless networks, Wi-Fi Protected Access 2 (WPA2).
Windows Vista allows users to determine the preferred
connection order of wireless networks whether or not they broadcast their SSIDs
(Service Set Identifier). [10] Windows XP
had no facility to designate a non-broadcasting wireless network as a preferred
connection. This forced users to configure routers to broadcast their SSIDs and
advertise their existence to hackers, or manually connect their laptops each
time they restarted.
Windows Vista also has a long list of wireless enhancements
not found in XP that augment the security, efficiency, manageability, and ease
of use for users:
·
Next Generation TCP/IP
Stack incorporates features like receive window auto tuning and compound TCP and
Explicit Congestion Notification (ECN) support to increase speed and stability.
·
Policy-based Quality of
Service (QoS) allows setting of inbound and outbound throttle rates and the
receive window size.
·
Server Message Block 2.0
(SMB) supports larger buffer sizes and fewer packets than SMB 1.0 in XP.
·
Http.sys enhancements
improve management of HTTP (Hyper Text Transfer Protocol – used by all web
sites) with better authentication, performance and logging than XP.
·
WinINet enhancements
support IPv6and better decompression to make
web downloads faster. Also supports uploads greater than 4 GB.
·
Windows Sockets
enhancements give better security, stability, logging and diagnostics.
·
Network Driver Interface
Specification (NDIS) 6.0 offloads more network traffic processing to the network
adapter, saving Central Processing Unit (CPU) cycles.
·
Network Awareness provides
a platform to allow the operating system and other applications to adjust to
changes in network connections.
·
Windows Peer-to-Peer
Networking enhancements include the addition of Windows Meeting Space and other
user-to-user improvements over XP.
·
The Native Wi-Fi
architecture is no longer an emulation of standard Ethernet 802.3, allowing for
specific wireless improvements.
·
User interface improvements
for wireless connections include the new Network and Sharing Center.
·
Wireless Group Policy
enhancements allow easier and centralized configuration of wireless connections.
·
The changes in Wireless
Auto Configuration provide more tools to thwart malicious wireless users and
supports non-broadcast networks.
·
WPA2 Support is direct
(when loaded on an XP machine it must be configured indirectly from a Windows
Vista or Longhorn machine).
·
Integration with Network
Access Protection (NAP) when using 802.1X authentication allows limited or no
access to computers that do not meet health requirements.
·
Host-based Extensible
Authentication Protocol (EAPHost) infrastructure for greater security.
·
Wireless connections on
Windows Vista now support the Network Diagnostics Framework making them much
easier to troubleshoot.
·
Command-line support for
configuring wireless settings (not available on XP).
·
Single Sign Onmakes it simpler to use the Domain login for wireless network
authentication.
![[Valid RSS]](../images/valid-rss.png "Validate my RSS feed")
