Getting the Skinny on Vista Security

Microsoft says its new operating system is the safest Windows yet. Here's a primer on getting the most out of the new set of safeguards

Microsoft Windows is the world's most popular family of desktop operating systems. It has also been the computing world's biggest target, with frequent attacks on its Web browser, e-mail client, and other features. So Microsoft (MSFT) has issued a constant stream of updates to repair breaches in Windows' security. Despite these efforts, Microsoft has endured frequent criticism, much of it deserved, from users irritated by the continuing battle to secure systems and frustrated by ongoing losses of productivity, personal information, and privacy.

Microsoft hopes to turn the tide with Vista, the latest Windows upgrade, which debuted for consumers Jan. 29. Windows Vista contains Microsoft's most comprehensive collection of desktop-security features. But many of the safeguards are real departures from previous practice, and part of the method for benefiting from Vista's security features is knowing how they work.

Here's a primer on some of Vista's most notable safeguards.

1. Administrative Access. Windows Vista protects itself by reserving the most important tasks for a manager, or administrator, who can only get access to the system by using a password. To do this, Vista divides tasks into two categories. First there are those any user can perform, such as setting up desktop icons, changing desktop colors and sounds, and running programs. Then there are the tasks that only the computer's manager (known as the administrator) can perform, including setting up new users or installing software and hardware.

Which are which? Vista uses a four-color security shield icon to indicate which tasks are for administrators only. However, if a standard user needs to perform a task reserved only for administrators, there's a shortcut: a User Account Control dialog box appears and the administrator can enter a password to permit the task to run. As long as the administrator keeps his or her password confidential, User Account Control prevents standard users from tampering with the system.

2. Fraud Busters. Vista can protect you from fraud, scams, spyware and identity theft. Ever wonder which of those official-looking e-mail messages warning of dire consequences if you don't log in and correct account information are on the level? To stop phishers from walking away with your identity, both the new Windows Mail e-mail client and Internet Explorer 7 Web browser are equipped with antifraud features.

Windows Mail warns you of suspicious e-mails and blocks images and clickable links from suspicious e-mail and all junk e-mail. When Internet Explorer 7's antiphishing filter is enabled, it uses the same database used by Windows Mail to protect you against suspicious or fraudulent Web sites. Suspicious Web sites are displayed with a yellow address bar and known phishing sites are displayed with a red address bar, giving the user the option to close the Web page or continue anyway.

Keep in mind that although Microsoft is checking thousands of Web sites a month, there are millions of sites out there. So the latest scams may go undetected for a few days—or longer—before Windows Mail and IE 7 get the word to add them to the "naughty" list.

Spyware can take over your browser, display an endless stream of popup ads, slow down your system, and compromise your privacy. Windows Defender provides real-time anti-spyware functions for Windows Vista. Although Windows Defender's normal settings are designed to stop most threats, veteran spyware fighters agree that a single program isn't enough. Add another anti-spyware program to your system for a second layer of protection.

3. Parental Controls. Vista can help protect your kids. It's all too easy for your kids to sneak time on the computer and discover the dark underbelly of the Internet. Windows Vista's parental controls enable you to control when children can use the computer and the types of Web sites they can visit, limit game and DVD movie access by rating, and read reports of what the youngsters have been up to.

Parental controls aren't automatic, although they're not hard to set up, and you shouldn't assume that every movie DVD or Web site with undesirable ratings or content will be blocked. But even with these limitations, parental controls in Windows Vista make it easier to help children use the computer and the Internet responsibly.

4. Data Protection. Some editions of Windows Vista can prevent data theft. The number of people whose identity is threatened by data stored on stolen laptops keeps rising. Consider the 38,000 members of Kaiser Permanente Colorado, 380,000 Boeing employees, and 2.2 million U.S. military personnel, to name a few. If you use the Ultimate or Enterprise editions of Windows Vista, you can prevent a lost computer from revealing important info by using BitLocker. When you start a BitLocker-encrypted system, you must provide a PIN number provided at startup or connect a USB flash memory drive containing the unlock code. You can't gain access to a BitLocker-encrypted drive without the appropriate credentials.

5. Setting the Levels. You control how secure Windows Vista really is. It includes most of the tools needed to help secure your computers. However, one big missing piece is antivirus protection. Microsoft offers its Windows Live OneCare security suite, but you can also choose antivirus and security programs from many other vendors.

However, installing antivirus software isn't the last step in securing Windows Vista. You need to set up standard accounts, enable antiphishing settings in Internet Explorer, and configure parental controls. And these common-sense rules are still worthwhile: Don't click on e-mail links to go to banking or commerce sites—log in manually. And don't leave your administrator password lying around. Remember, you're still the best security tool your computer has.

    Before it's here, it's on the Bloomberg Terminal.