Windows 7 brings several security enhancements that don't sacrifice usability. We look at the five best features that businesses should definitely be using.

Hate it or love it, there's no doubt Microsoft Windows Vista marked a huge step forward in Windows security. Microsoft's quest to make its operating system as easy to manage as possible for the 'typical' user has often meant sacrificing adequate safeguards against intrusion and infection.

For example, the recently identified notorious vulnerability network worms in Vista's predecessor Windows XP. Microsoft shipped the operating system with a firewall but initially left it turned off by default.

Windows 7 has continued that improvement Vista made to security, adding several new features and enhancing many others - most obviously the User Account Control system, which proved so obnoxious in Vista that many users turned it off, leaving their systems vulnerable to intrusion in exchange for a less annoying experience. UAC has been revamped in Windows 7 to be less intrusive and more discerning about what constitutes a true threat, and therefore more effective.

Other Windows 7 security features are less apparent, especially those intended for businesses concerned with protecting not just one computer but an entire network. Among the most important new features are DirectAccess, a VPN replacement for computers on Windows networks; the Windows Biometric Framework, which standardizes the way fingerprints are used by scanners and biometric applications; and AppLocker, which improves on previous Windows versions' Software Restriction Policies to limit which software can be run on a machine.

Also key are BitLocker To Go, which extends the full-disk encryption of BitLocker to external hard drives, and a refined procedure for handling multiple firewall profiles so that the level of protection better matches the location from which a user connects to the internet.

In typical Microsoft fashion, these features have been made available with little fanfare or guidance. Let's take a look at each to see how they can help Windows shops secure their computers and networks.

Note that some of these features are available for all versions of Windows 7, while others require the Enterprise or Ultimate editions. What's more, you won't be able to fully implement some features until you've upgraded all your users to Windows 7, and at least one - DirectAccess - has back-end requirements that most companies don't have in place yet. These features will, however, work side by side with older technologies for users who are still on earlier versions of Windows.

So even though you may not be able to take full advantage of all the new security features immediately, the time to start planning for them is now. We'll start with the features that you can use right away and work our way up to those that require planning.

NEXT PAGE: Multiple active firewall profiles

  1. The security enhancements that don't sacrifice usability
  2. Multiple active firewall profiles
  3. BitLocker To Go
  4. AppLocker
  5. DirectAccess