The new security features of Microsoft Windows 7 allows for better security features which can help the users to segregate each of them and figure out which one is good and bad. The new Windows operating system has been engineered with different features and applications that make it user-friendly and any user’s guide to better computing. Apart from the virtues, it also comes with limitations.

Neil MacDonald gave an insight into the various features of the operating system at the Gartner Summit; Risk Management Summit 2010 last week.

The AppLocker feature that Windows 7 holds proffers the users with an application-control capability, which is inbuilt with the power to prepare a list of applications that and IT manager wants to run. This technique is called “whitelisting” and this type of security control proffers a potential lock-down technique. The source of difficulty is that the applications that are used within organizations by the employees have a tendency to grow. Therefore, there is a necessity to manage the white list over a period of time so that the new list is always updated. MacDonald suggested that third-party security products are a better fit.

MacDonald strained on the fact that the whitelist needs to be cared and fed over time. he noted that there are a number of vendors building their mark in the application-control market. Few names of these vendors include Bit9, McAfee and Bit9.

BitLocker is another potential feature of the operating system that helps to protect system files as well as data. This feature is one of many security features that various businesses are willing to evaluate in Microsoft Windows 7. This feature holds a few minus points: no self-service key recovery, no smart card support for boot drive and no Windows single sign-on.

The license restriction imposes a confinement on operating system virtualization. The operating system does not support non-Windows machines or even Windows mobile.

MacDonald pointed out that Windows 7 BitLocker has not been legally certified under the Federal Governments FIPS 140 program and is on its way to certification.

Other security features as the user-account control imposes restrictions on the ability of applications or the users to make unofficial changes to the system. This feature has been improved to make the prompts insignificant. Unfortunately, it does not superimpose restrictions on a user who is running the system as a standard user from setting up or installing a software.

Direct Access is another Windows 7 security feature, which is an “always-on” VPN client that makes use of IPv6 below to address a workstation that is located in any part of the world, uniquely. Supporting this IPSec tunnel, MacDonald pointed out, can pose problematic for different reasons as there is a lot of complexity especially when organizations do not have an IPv6 network inbuilt.

As far as the most likely software is concerned, Windows Ultimate version is cheaper than Windows 7 Enterprise version. It also is officially the consumer version but carries only 5 years of fixes contradicting the 10 years fixes that Windows Enterprise carries.