1, Kernel Patch: System-level security platform is a bright spot is the Kernel Patch, it can prevent the process list and other core information malicious modification, this security is only in the operating system can be implemented, other anti-virus software is not possible.
2, Process permissions control: Low-level processes can not modify high-level processes.
3, User Rights control UAC: The user is removed from the administrator privilege level, under the default conditions users no longer use Administrator rights, although UAC has been controversial, in the use of the author is often cumbersome, but user rights control is indeed the development of the operating system, because users have been using administrator rights is very dangerous.
Of course, Win7 still has a great improvement, in Vista, UAC management scope is very wide, many applications have encountered UAC prompts. In Win7, it reduces the need for UAC prompts, emphasizing security while paying more attention to the user experience
4, the audit function: Win7 to the audit function has done a great deal of optimization, simplifying the configuration at the same time, increased the specific user and user group management measures, special characters can be special treatment.
5. Secure access: The configuration of multiple firewalls on a single machine. Win7 inside can be configured to store multiple firewall configuration, with the user location changes, automatically switch to different firewall configuration.
6, DNSSEC support: Enhanced domain name Resolution Protocol standards, the old DNS is risky, so added to the DNS enhanced version of the DNSSEC support.
7. NAP Network Rights protection: This is the feature introduced in Vista, continue to inherit. The computer can be tested for health.
8, DirectAccess safe and seamless connection with the company network: remote users through the VPN difficult access to corporate resources, it faces the challenge of remote machine management. The solution to the Win7 system is DirectAccess, which provides a consistent access to corporate resources both inside and outside the company. Improve the efficiency of remote users. The only limitation is that it can only be used in server2008 systems.
9. Application Control AppLocker: Prohibit unauthorized applications from running on the network. Standardize the application management through the Group Policy. One of the highlights is that the rules are simple, can be based on the vendor's trust certification, such as you put AAA company blacklist, after all the company's software products and procedures will be rejected.
10, data protection BitLocker: Protect the laptop after the loss of data security issues, but also support for U disk encryption and protection, USB flash drive is one of the important ways to spread the virus, BitLocker can be used to encrypt the USB disk processing, to prevent others to your USB drive data writing. This is a barrier to the risk of virus intrusion.