The devil's guide to Windows Vista security

How to fly with all the safeties off

Microsoft, as you probably know, has spent a lot of time and millions of dollars to make Windows Vista more secure and ultimately to protect users from themselves.

But you -- you've been using computers for years, right? You don't need any of this hand-holding. You were infested with malware that one time, but that wasn't your fault. And no one has noticed the eight toolbars in your browser whose origin you couldn't explain.

Oh, and your significant other was very understanding about Blaster causing you to work 80-hour weeks cleaning up a software wasteland.

You and your network are clearly ready for Vista without the locks. Here's how to fly with all the safeties off.

Turn User Account Control completely off

User Account Control, or UAC, is a new security feature that limits the authority of accounts users are running in, restricting them from entering protected areas or performing sensitive actions on the system. Briefly, users log on, whether they are power users, ordinary users or administrators, and are assigned a normal security token.

However, when an action is requested that requires administrative privileges, a logon prompt is displayed and the user must enter credentials; at that time, an administrative security token is assigned to them that allows them to carry out the protected function. This really bothers some people, especially power users, who think they don't need to be protected from themselves.

For the people who subscribe to that school of thought, it's relatively easy to turn off UAC entirely. You'll need to open GPEDIT.MSC, acknowledge the very UAC prompt you're trying to disable, and then disable everything beginning with "User Account Control" under Computer Configuration/Windows Settings/Security Settings/Local Policies/Security Options.

Expose the real, hidden administrator account

Windows Vista hides and disables the true administrator account that you've come to expect to find in NT-based versions of Windows. The idea is that you should use regular user accounts with "Vista administrator" permissions, which simply grant administrative tokens to a normal user, allowing him or her to perform a restricted operation within the official context of a standard account.

However, you can expose the true administrator account in Windows Vista -- the one that acts like the administrator in Windows 2000 and XP-by following the instructions in this article by Scot Finnie.

Turn off data execution prevention

Data Execution Prevention (DEP) is a security feature introduced in Windows XP, Windows Server 2003 and now in Windows Vista, that looks for malicious code trying to execute. If DEP's analysis of a process beginning execution makes DEP think the resulting code will cause some sort of unwanted activity, DEP intervenes and shuts the process down.

Join the newsletter!

Error: Please check your email address.

More about INSMicrosoft

Show Comments

Market Place