Security architecture of Windows Vista, Part 1

Thursday, January 24th, 2008

The mainstay of a secure operating system is access protection - the undesirable activities of malware (from the internet etc.) can only be blocked by preventing a free-for-all. With the user account control of Windows Vista, Microsoft is attempting to make it more palatable for the user to work with restricted rights. But even the rights of a normal user go too far if malware takes hold, since it can read, change or delete all the documents in the name of the user.

Programs which could be targeted by attacks from the internet therefore need to be further restricted to increase security. The Windows XP security model theoretically offers a wealth of features for this purpose. However, Microsoft has taken a different approach and provided Vista with another mechanism which is placed in front of the previous security model - Mandatory Integrity Control. Vista’s Integrity Levels, Part 1 - heise Security