Vista Security Tips: Yes, I Like the Prompts

Windows Vista has been in the news a lot lately -– in particular, Vista’s security. The new security features have been the target of both praise and ridicule. Even Apple took a jab at Vista’s security with its latest TV ad mocking Vista’s security prompts. Say what you will, but I personally like the prompts. And get used to them; prompts are most likely a sign of things to come.

Vista’s security prompts are part of a new technology called User Access Control (UAC). Microsoft designed UAC to address a problem, that so many people use their PC on a daily basis logged in as an Administrator. The reason for that is simple: it’s just such a hassle not being an administrator. With Windows XP, just about anything you do requires administrator rights, and too many programs simply don’t run correctly unless you are an administrator.

Although using your computer as an administrator lets you do anything you want, malware can also exploit that power to do anything it wants. Suppose you run a new freeware program you just downloaded from some Web site. That program is running as a system administrator and can do anything it wants. Although we hope we can trust this stuff, the fact is that we simply cannot.

So Microsoft’s first attempt to fix the running-as-administrator issue is UAC. UAC allows users to log in with an unprivileged account for day-to-day use but also provides an easy method to enter administrator credentials only when needed. Unprivileged login means that any programs you run also run as unprivileged, therefore you have better in-depth protection from malware.

But UAC is much more than just making it easier to use your computer without privileges. The UAC prompts serve as a warning sign that what you are about to do has the potential of unwanted consequences.

I have seen a cookie jar that insults your eating habits every time you lift the lid. Sure, that can be annoying and it certainly won’t prevent anyone from taking a cookie, but it does make you think every time you lift that lid. That’s why we buy them – because as humans we seem to need those reminders.

UAC is a lot like those cookie jar insults, although perhaps a little bit nicer. You can complain about those constant security prompts in Vista all you want, but you have to admit that most of us need those reminders. So why not embrace them?

Vista’s security features are an opportunity to learn how to be safe with your computer. Every time you see that UAC prompt, you should pause for a moment before hitting continue — and not be afraid to hit Cancel more often.

Windows Vista provides a good opportunity for setting up some new house rules for computer use. Here is some advice to get you started:

Use an Unprivileged Account
This one should be obvious by now, but you need to take the time to create a user account that is not an administrator. And don’t forget to set strong passwords on both that account and the real administrator account.

Using Internet Explorer Zones
Windows Vista and IE7 have a new feature called Protected Mode. This feature makes your system much more resilient to malicious attacks by limiting how a malicious Web site can access your computer. Vista enables Protected Mode by default but there are some important points to remember. First of all, IE does not use Protected Mode for Web sites that are in your Trusted Sites zone. Often, when a Web site doesn’t work properly we just make it a trusted site and everything works. But before adding that Web site you should always think twice.

Do You Really Trust That Site?
My 10-year-old son recently shared with me his way of judging a site’s trustworthiness: if he has heard of it on TV, it is probably safe. That’s actually pretty good advice.

Block Phishing
IE7 has a built-in phishing filter that warns you of known malicious phishing, spyware, and scam sites. You should always enable this as a layer of defense against these types of attacks. Furthermore, several companies make add-ins for Internet Explorer that not only warn you of potential phishing sites but some of them also provide a reputation rating for known Web sites.

Two of these add-ins are McAfee’s SiteAdvisor and Comodo’s VerificationEngine. Both of these add-ins also work in Firefox. Or if you are a Firefox user you might also want to try out WOT from WOT.

Understand the Prompts
The UAC prompts are actually very well thought out. They run in a secure mode that isn’t part of your regular desktop. The dimming of the screen prevents you from being tricked into interacting with malicious programs.

The prompts use several colors, ranging from blue to red, indicating the potential severity of the action you are about to take. But most importantly, those prompts are a reminder that you are crossing the line between a regular user and a privileged user. Pause before you act and remember that Cancel is always the safe choice – if it turns out you really did want to take the action, just repeat what you did and hit Continue this time.

Install Anti-Virus Protection
Windows Vista includes Windows Defender and a built-in firewall as some protection, but you still need to install an anti-virus program.

You may find that can be confusing because there are so many to choose from. The fact is that the differences between the major brands are subtle and your choice probably isn’t going to make the difference between being protected or not. I suggest asking a few people what they use and see if they are happy (or perhaps more importantly if they are unhappy) with the product.

Use BitLocker on Laptops

If you use a laptop for work or are just worried about the personal data you have stored, consider using the BitLocker feature available in the Enterprise and Ultimate versions of Vista. BitLocker allows you to encrypt your entire hard drive to protect the contents if your laptop ever gets lost or stolen. You don’t want your personal information accessible to anyone else and if you store the personal information of others on your laptop, you certainly don’t want to be the next news headline.

Vista security is a bit of a change from the way we are used to using our systems, but that’s probably what we need. Take advantage of these changes to retrain yourself on a new standard of information security. Think about what you are doing and pause when you see the warning flags. And just be glad that your PC doesn’t tell you how fat you are.

Mark Burnett is a security consultant and author who helps organizations secure Windows servers. He is author of Perfect Passwords and has authored or co-authored seven other security books, as well as many magazine and Web articles.

Adapted from

Do you have a comment or question about this article or other small business topics in general? Speak out in the Forums. Join the discussion today!

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.