Manage Learn to apply best practices and optimize your operations.

Should businesses delay Windows Vista adoption and just buy Windows 7?

In many ways, the security features in Windows 7 are the result of Vista users' feedback and experiences. But should enterprises adopt the OS right away?

Should businesses that have held off on Windows Vista adoption just prepare for Windows 7? What are the potential security ramifications?
When it comes to migrating to a new Windows operating system, there are a lot of experts who recommend waiting until after the first service pack has been released before rolling it out to an enterprise environment. The approach keeps users from suffering from any of the initial "teething problems" that inevitably occur with version 1.0 software. However, as you are presumably still running Windows XP, or even Windows 2000, the security features in Windows 7 make me think that you should be an early adopter of Windows 7 when it's released later this year.

In many ways, the security features in Windows 7 are the result of Vista users' feedback and experiences; therefore, a lot of the teething problems have been addressed. Windows 7 has been developed using Microsoft's enhanced Security Development Lifecycle process during the planning, development and testing phases. Microsoft has worked hard to make the security features easier to understand, use and manage.

Take the User Account Control (UAC) feature, which requires users to approve system-level changes when using the system as an administrator. Many users found the deluge of authorization prompts too numerous and annoying. In Windows 7, without reducing security, the frequency of prompts can easily be adjusted with a slider. In fact, all the alerts from 10 existing security features, such as Defender, Windows Update, Diagnostics and Network Access Protection, are incorporated into an Action Center, which replaces the Security Center.

The accompanying help is far more user friendly as well. One great new feature in Windows 7 is BitLocker To Go, which extends the data encryption features of Vista's BitLocker to removable storage devices like USB thumb drives and flash drives. Finally, administrators have control over all those removable storage devices; encryption can be required for any removable storage device that users want to write data to. Group Policy can also set password strength or require a smart card to access protected devices.

Other welcome security features include AppLocker; as its name implies, it allows administrators to ensure that only authorized scripts, installers and dynamic load libraries (DLLs) are accessed, keeping malware and unlicensed software off corporate machines. Administrators and users will both appreciate DirectAccess, which securely connects employees to the corporate network without the need to use a conventional VPN, always a gripe with mobile workers. It also allows administrators to update Group Policy settings and distribute software updates whenever a Windows 7 machine connects to the Internet.

As you can see, Windows 7 has a lot going on in the security front. I would recommend you start getting familiar with it. A good place to start is Microsoft's Windows 7 site. Here, you can download the Windows 7 Release Candidate (RC) and begin testing it in your own environment. I'd also make use of the Microsoft Assessment and Planning (MAP) Toolkit, which helps organizations assess whether their PCs have the hardware resources to run Windows 7.

This was last published in August 2009

Dig Deeper on Microsoft Windows security

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.