Businesses are eyeing a transition to Microsoft Windows 7, and with a wealth of security features that are part of it, it's worth figuring out the good and bad about each of them, says Gartner analyst Neil MacDonald, who notes in some cases, third party security products might be the better fit.
The AppLocker feature in Windows 7 offers an application control capability that lets the IT manager set up a list of applications allowed to run, said MacDonald in his presentation at the Gartner Summit & Risk Management Summit 2010 last week. Often called whitelisting, this type of security control offers a possible lock-down technique, but the downside is that applications used within organisations by employees tend to grow, "and the trick is managing the whitelist over time."
"Care and feeding of the whitelist becomes cumbersome over time," MacDonald said, noting that there are several vendors in the application-control market, including Bit9, CoreTrace and McAfee (which acquired SolidCore).
BitLocker, Microsoft's full-disk encryption capability for protecting system files and data, will be another security feature that businesses will want to evaluate in Microsoft Windows 7, MacDonald said. Calling it "good but not great," he noted that on the minus side of BitLocker, it has no self-service key recovery, no Windows single sign-on, and no smart card support for boot drive.
"By licence restriction, it cannot be used where operating system virtualisation is used," MacDonald pointed out. In addition, there's no support for non-Windows machines or Windows Mobile.
"It's another of those good but not great technologies," MacDonald said. "You should be encrypting all mobile devices."
Enterprises might want to look at product alternatives, including McAfee Safeboot, Sophos-acquired Utimaco, Credant Technologies, and PGP and GuardianEdge, both of which Symantec recently announced it was acquiring.