Following years of justifiable criticism about Windows security, Microsoft had promised that Vista would be the most secure Windows ever. This goal largely appears to have been met, though at some cost to the user: The OS's nagging User Account Control feature has been roundly lambasted as the Mother of All Windows Annoyances. Other security improvements are less irritating.
XP's version of the Windows Firewall protected you only against inbound threats: If malware infected your PC and attempted an outbound connection, Windows Firewall could do nothing about it.
Vista's firewall includes outbound filtering, though that's not readily apparent by looking at the Windows Firewall Settings tab. To configure outbound connections, you must launch the Windows Firewall with Advanced Security screen by typing wf.msc at a command prompt. We didn't test the firewall's effectiveness in our near-final prerelease copy of Vista, but the presence of outbound filtering could eliminate the need for a third-party firewall for at least some users.
Vista's Security Center is not much different from XP's, with a similar confused interface. Clicking the green button next to the firewall, the automatic updating, and so on does absolutely nothing--just as in XP. But links on the screen's upper left side let you configure security settings.
Windows Defender, Vista's bundled antispyware software, was impressive when PC World tested it under its former name, Windows Anti-Spyware. Its Software Explorer, for example, shows you programs that run at startup and ones currently running, plus details including whether an app is classified as malware. If so, you can take actions such as disabling or removing it. Like other antispyware apps, it provides real-time protection and performs daily system scans at a time you choose.
New, less visible features include Network Access Protection, which lets network administrators set requirements a PC must meet to connect to the network (current antivirus signatures, for example). BitLocker Drive Encryption, available only in Vista Enterprise and Ultimate, enables hardware-based lockdowns of a PC and its data.
Because so many attacks on Windows exploited security holes in Internet Explorer, Microsoft has beefed up Internet Explorer 7's defenses. Like other IE 7 features in Vista, most of these security improvements--including phishing site filters and address bars in pop-ups--duplicate those in the Windows XP version of the updated browser (see our review, "Radically New IE 7 or Updated Mozilla Firefox 2--Which Browser Is Better?"). One big difference: In Vista, IE 7 runs by default in the new Protected Mode, which keeps it from changing system files or settings.
New, Annoying Virtual Nanny
But User Account Control (UAC) has riled more Windows Vista testers than all other features combined. UAC prompts you to type in a password or click OK before taking certain actions--for example, turning the Windows Firewall on or off, adding or removing user accounts, or even running some applications. You sometimes get a warning: A small shield appears next to links or options that will summon the UAC prompt if clicked.
What's the point of this annoying virtual nanny? First, it protects against malware running unchecked. If your PC gets infected and the malware attempts to perform a dangerous action such as turning off your antivirus program or the firewall, UAC will stop it cold. Second, UAC can protect you against yourself, keeping you from making changes that could harm your computer.
That's all well and good, but Microsoft has gone overboard with this protection. Why should you get a UAC prompt when you try to change Windows' font size, or your PC's name? Because of UAC, using Vista can at times become a herky-jerky kind of experience, with so many annoying pop-ups coming at you that you want to scream "Stop!"
In fact, you can stop the prompts by turning off UAC entirely. Go to Control Panel, User Accounts and Family Safety, User Accounts, click the Turn User Account Control on or off link, and you'll send that nanny into the virtual ether.
Of course, if you do turn off UAC, then you have no one but yourself to blame if a piece of malware does get in and take over your system.