Chapter 15
Download
1 / 100

Chapter 15 - PowerPoint PPT Presentation


  • 95 Views
  • Uploaded on

Chapter 15. Security Essential. Understanding Security Threats. What’s New in Windows 7 Monitoring Your Computer’s Security Blocking Intruders with Windows Firewall. Staying Secure with Windows Update . Blocking Viruses and Worms with an Antivirus Program.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Chapter 15' - liana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Chapter 15

Chapter 15

Security Essential


Understanding security threats
Understanding Security Threats

  • What’s New in Windows 7

  • Monitoring Your Computer’s Security

  • Blocking Intruders with Windows Firewall.

  • Staying Secure with Windows Update .

  • Blocking Viruses and Worms with an Antivirus Program.

  • Stopping Spyware with Windows Defender..........

  • Preventing Unsafe Actions with User Account Control.



  • Understanding security threats1
    Understanding Security Threats security steps—using a

    • When people talk about security threats in personal computers, they’re generally referring to viruses, worms, and spyware:


    • A security steps—using a virusis a program that can copy itself, usually by attaching itself to another object. Infections spread when an infected file is transferred to another computer over a network, over the internet, or on removable media, and then executed on the target computer. Viruses are typically written to destroy or corrupt data files, wipe out installed programs, or damage the operating system itself.

    • .


    • A security steps—using a wormis a program that replicates by copying itself from one computer on a network to another. Many modern worms also contain virus code that can damage data, consume so many system resources that they render the operating system unusable


    • Spyware security steps—using a is a term that has been applied to a variety of unwanted programs, including advertiser-sponsored software that tracks a user’s web surfing habits, programs that display pop-up ads, programs that redirect Internet Explorer to a search engine or home page that’s different from the one you specify, and more.


    • Spyware security steps—using a is a program that is installed without the user’s full and informed consent, often through deceptive means, and that displays advertising, records personal information, or changes a computer’s configuration without the user’s explicit permission.


    • Collectively, security steps—using a viruses, worms, and spyware in all their forms are often called malware.



    • Computers that have been taken over by other forms of malware are sometimes referred to as zombies or bots (short for robots). Armies of these zombies, called botnets, can be used to launch attacks against websites, to send spam without revealing the true sender’s address, and to propagate themselves.


    Securing your computer four essential steps
    Securing Your Computer: Four Essential Steps malware are sometimes referred to as

    • 1. Keep your firewall turned on. You can use Windows Firewall, which is included with Windows 7, or a firewall that you obtain elsewhere.

    • 2. Keep Windows up to date. Windows Update can do this for you automatically.

    • 3. Use an antivirus program. You’ll need to obtain one, as none is included with Windows.

    • 4. Use an antispyware program. Windows Defender, which is included with Windows 7, serves this function well.


    What s new in windows 7
    What’s New in Windows 7 malware are sometimes referred to as

    Among the key security improvements are these:

    • Windows Firewall Windows Firewall is substantially changed from the version in Windows XP. As in Windows Vista, it is a two-way firewall, monitoring outbound traffic as well as inbound, and it fully supports Internet Protocol version 6 (IPv6).

    • In Windows 7, Windows Firewall adds multiple access firewall profiles, a feature that provides appropriate protection for each connected network when you’re connected to more than one at a time—an increasingly common situation.



    • User Account Control (UAC) administrators have control over firewall rules and other settings.UAC reduces the danger of using an administrator account for everyday tasks by requesting your consent when an application needs to do something with system wide effect.



    • Windows Defender Vista because fewer tasks trigger UAC prompts, and new configuration options make it easier to control UAC so that it doesn’t control you.Windows Defender, an antispyware program, continuously monitors system settings to prevent the installation of known spyware and to alert you to the presence of spyware-like activity.



    • Internet Explorer confusing options—which is appropriate for a program that normally runs silently in the background.Internet Explorer runs in Protected Mode, which lessens the likelihood of installing malicious code. Effectively, it runs reduced privileges, able to write data only in locked-down temporary folders unless you grant permission to act outside the protected area.



    • Windows Biometric Service restrictions on ActiveX controls, a SmartScreen phishing filter, and InPrivate Filtering and InPrivate Browsing to prevent information about your browsing habits from being tracked. The Windows Biometric Service provides support for fingerprint biometric devices so that you can use a fingerprint reader to log on to your computer and to enter administrative credentials in response to UAC elevation prompts.


    • Data encryption restrictions on ActiveX controls, a SmartScreen phishing filter, and InPrivate Filtering and InPrivate Browsing to prevent information about your browsing habits from being tracked. BitLocker Drive Encryption (available only in Enterprise and Ultimate editions) encrypts entire hard drives—making the data they contain completely inaccessible to a thief who makes off with a computer. In Windows 7, BitLocker To Go can also be used to protect removable storage drives, such as portable hard drives and USB flash drives.


    • Parental Controls restrictions on ActiveX controls, a SmartScreen phishing filter, and InPrivate Filtering and InPrivate Browsing to prevent information about your browsing habits from being tracked. Parental Controls provide tools to help parents guide their kids’ use of the internet, games, and other programs.

    • Data redirection While running under a standard user’s account, an application that attempts to write to a protected system folder (such as %ProgramFiles% or %SystemRoot%) gets transparently redirected to a virtual file store within the user’s profile.


    • Similarly, if an application attempts to write to system wide areas of the registry (such as the HKEY_LOCAL_MACHINE hive), it gets redirected to virtual keys within the user’s section of the registry. Applications that attempt to read from these protected file and registry locations look first to the virtual stores.



    • Additional security on 64-bit computers run older applications—including many of those that required administrator access under Windows XP—while at the same time preventing malicious applications from writing to areas that could bring down the entire system.With the 64-bit versions of Windows, only digitally signed device drivers can be installed. This feature, called PatchGuard, ensures that kernel-level code is from a known source and has not been altered, as a means to prevent the installation of rootkits and any other code that tries to alter the underlying operating system.


    • Restrictions on removable drives run older applications—including many of those that required administrator access under Windows XP—while at the same time preventing malicious applications from writing to areas that could bring down the entire system.Through the use of Group Policy, administrators can control the use of removable storage devices, such as USB flash drives and external hard drives. These restrictions can help prevent the theft of sensitive data. In addition, they can be used to seal an entry point for viruses and other malware brought in from home.



    Monitoring your computer s security
    Monitoring Your Computer’s Security devices such as USB flash drives, lessening the chance that an attacker can fool you into running a hostile program by simply clicking on an entry in the AutoPlay list.

    • In Windows 7, security-related options have been gathered in Action Center, an application that replaces Security Center found in Windows XP and Windows Vista.

    • You can also open Action Center from Control Panel.


    Figure 15-1 Clicking the notification area icon displays a menu that includes links to directly address current problems, as well as a link to open Action Center itself.


    • The Security section in Action Center provides at-a-glance information about your security settings. Items that need your attention have a red or yellow bar red bar identifies important items that need immediate attention, such as detection of a virus or spyware, or that no firewall is enabled.


    • A information about your security settings. Items that need your attention have a red or yellow bar red bar identifies important items that need immediate attention, such as detection of a virus or spyware, or that no firewall is enabled. yellow bar denotes informational messages about suboptimal, but less critical, settings or status, such as when Windows Update is not set to automatically download and install critical updates. Next to the bar appear explanatory text and buttons that let you correct the problem (or configure Action Center so that it won’t bother you).


    Figure 15-2 Action Center collects security, maintenance, and troubleshooting information and settings in a single window.


    Note and troubleshooting information and settings in a single window.

    • Running more than one antivirus program can cause problems because the programs compete with each other to process each bit of information that passes through the computer. For this reason, Action Center doesn’t allow you to turn on an antivirus program until all others have been turned off. Antispyware programs, on the other hand, generally don’t have such conflicts, so you can safely run multiple programs if you really feel the need to do so.



    • A properly written third-party firewall can take ownership of a category and Windows Firewall no longer protects that category, even when Windows Firewall is turned on. If the third-party firewall is stopped or removed, however, and no other firewalls are registered for the category, Windows Firewall takes over.


    Figure 15-4 You can selectively disable and enable Action Center monitoring here, or you can manage monitored items individually by clicking links in the main Action Center window.


    Blocking intruders with windows firewall
    Blocking Intruders with Windows Firewall Center monitoring here, or you can manage monitored items individually by clicking links in the main Action Center window.

    • Your first line of defense in securing your computer is to protect it from attacks by outsiders. Once your computer is connected to the internet, it becomes just another node on a huge global network.


    • A Center monitoring here, or you can manage monitored items individually by clicking links in the main Action Center window.firewallprovides a barrier between your computer and the network to which it’s connected by preventing the entry of unwanted traffic while allowing transparent passage to authorized connections.


    Caution
    CAUTION! Center monitoring here, or you can manage monitored items individually by clicking links in the main Action Center window.

    • In today’s environment, you should run firewall software on each networked computer; don’t rely on corporate gateway firewalls and gateway antivirus solutions to protect your computer from another infected computer inside the perimeter.



    The firewall blocks all inbound traffic, with the exception of traffic sent in response to a request sent by your computer and unsolicited traffic that has been explicitly allowed by creating a rule.

    • All outgoing traffic is allowed.


    Stateful inspection packet filtering explained
    Stateful-Inspection Packet Filtering Explained of traffic sent in response to a request sent by your computer and unsolicited traffic that has been explicitly allowed by creating a rule.

    • Most firewalls work, by packet filtering—that is, they block or allow transmissions depending on the content of each packet that reaches the firewall.

    • A packet filter examines several attributes of each packet and can either route it (that is, forward it to the intended destination computer) or block it, based on any of these attributes:


    Stateful inspection packet filtering explained1
    Stateful-Inspection Packet Filtering Explained of traffic sent in response to a request sent by your computer and unsolicited traffic that has been explicitly allowed by creating a rule.

    • ●Source address The IP address of the computer that generated the packet

    • ●Destination address The IP address of the packet’s intended target computer

    • ●Network protocol The type of traffic, such as Internet Protocol (IP)

    • ●Transport protocol The higher level protocol, such as Transmission Control Protocol (TCP) or User Datagram Protocol (UDP)


    • Source and destination ports of traffic sent in response to a request sent by your computer and unsolicited traffic that has been explicitly allowed by creating a rule.The number that communicating computers use to identify a communications channel


    • Packet filtering alone is an of traffic sent in response to a request sent by your computer and unsolicited traffic that has been explicitly allowed by creating a rule.inadequate solution; incoming traffic that meets all the packet filter criteria could still be something you didn’t ask for or want.


    • Stateful-inspection packet filtering of traffic sent in response to a request sent by your computer and unsolicited traffic that has been explicitly allowed by creating a rule.goes a step further by restricting incoming traffic to responses to requests from your computer. Here’s a simplified example of how stateful-inspection filtering works to allow “good” incoming traffic:


    • 1. of traffic sent in response to a request sent by your computer and unsolicited traffic that has been explicitly allowed by creating a rule.You enter a URL in your browser’s address bar.

    • 2. The browser sends one or more packets of data, addressed to the web server. The destination port is 80, the standard port for HTTP web servers; the source port is an arbitrary number from 1024 through 65535.

    • 3. The firewall saves information about the connection in its state table, which it will use to validate returning inbound traffic.


    • 4. of traffic sent in response to a request sent by your computer and unsolicited traffic that has been explicitly allowed by creating a rule.After the web server and your computer complete the handshaking needed to open a TCP connection, the web server sends a reply (the contents of the webpage you requested) addressed to your computer’s IP address and source port.

    • 5. The firewall receives the incoming traffic and compares its source and destination addresses and ports with the information in its state table. If the information matches, the firewall permits the reply to pass through to the browser. If the data doesn’t match in all respects, the firewall silently discards the packet.

  • 6. Your browser displays the received information.


  • Using windows firewall in different network locations
    Using Windows Firewall in Different Network Locations of traffic sent in response to a request sent by your computer and unsolicited traffic that has been explicitly allowed by creating a rule.

    • Windows Firewall maintains a separate profile for each of three network location types:

    • ●Domain Used when your computer is joined to an Active Directory domain. In this environment, firewall settings are typically (but not necessarily) controlled by a network administrator.

    • ●Private Used when your computer is connected to a home or work network in a workgroup configuration.

    • Public Used when your computer is connected to a network in a public location, such as an airport or library.


    • If you’re simultaneously connected to more than one network (for example, if you have a Wi-Fi connection to your home network while you’re connected to your work domain through a virtual private network, or VPN, connection), Windows uses the appropriate profile for each connection with a feature called multiple access firewall profiles(MAFP).


    • You make network (for example, if you have a Wi-Fi connection to your home network while you’re connected to your work domain through a virtual private network, or VPN, connection), Windows uses the appropriate profile for each connection with a feature called settings in Windows Firewall independently for each network profile. The settings in a profile apply to all networks of the particular location type to which you connect.


    Managing windows firewall
    Managing Windows Firewall network (for example, if you have a Wi-Fi connection to your home network while you’re connected to your work domain through a virtual private network, or VPN, connection), Windows uses the appropriate profile for each connection with a feature called

    • Windows Firewall is a Control Panel application that provides a simple interface for monitoring firewall status and performing routine tasks, such as allowing a program through the firewall or blocking all incoming connections.


    • To open Windows Firewall, type network (for example, if you have a Wi-Fi connection to your home network while you’re connected to your work domain through a virtual private network, or VPN, connection), Windows uses the appropriate profile for each connection with a feature called firewall in the Start menu search box or in Control Panel. Click Windows Firewall.


    Figure 15-5 Windows Firewall shows status and settings for each currently connected network. The Domain Networks profile appears only on computers that have been joined to a domain.


    Enabling or disabling windows firewall
    Enabling or Disabling Windows Firewall each currently connected network. The Domain Networks profile appears only on computers that have been joined to a domain.


    The Block All Incoming Connections check box in Customize Settings provides additional safety. When it’s selected, Windows Firewall rejects all unsolicited incoming traffic—even traffic from allowed programs or that would ordinarily be permitted by a rule.

    For example, you might block all connections when you’re using a public wireless hotspot or when you know that your computer is actively under attack by others.



    Allowing connections through the firewall
    Allowing Connections Through the Firewall your computer from the internet. Even in this mode, you can still use your browser to connect to the internet.

    • In some situations, you want to allow other computers to initiate a connection to your computer. For example, you might use Remote Desktop, play multiplayer games, or chat via an instant messaging program; these types of programs typically require inbound connections so that others can contact you.


    The simplest way to enable a connection is to click Allow A Program Or Feature Through Windows Firewall.



    Restoring default settings
    Restoring Default Settings incoming connection, Windows Firewall asks for your permission by displaying a dialog box. You can add the program to the allowed programs list by clicking Allow Access.

    • If you’ve played around a bit with Windows Firewall and perhaps allowed connections that you should not have, you can get back to a known, secure state by clicking Restore Defaults in Windows Firewall.


    Open windows firewall with advanced security directly
    Open Windows Firewall With Advanced Security directly incoming connection, Windows Firewall asks for your permission by displaying a dialog box. You can add the program to the allowed programs list by clicking Allow Access.

    • You don’t need to open Windows Firewall to get to Windows Firewall With Advanced Security. In the Start menu search box, type wf.msc and press Ctrl+Shift+Enter to run it as an administrator.


    Staying secure with windows update
    Staying Secure with Windows Update incoming connection, Windows Firewall asks for your permission by displaying a dialog box. You can add the program to the allowed programs list by clicking Allow Access.

    • The second essential step in keeping your system secure is to be sure that you stay current with updates to Windows 7.

    • Microsoft issues frequent updates that provide updated device drivers as well as fixes to code that’s found to be faulty. Although some updates provide enhanced performance or functionality, many updates patch security holes.

    • Windows 7 includes Windows Update , a program that can perform updates for you automatically or, if you prefer, at your direction.


    • Microsoft’s security home page at incoming connection, Windows Firewall asks for your permission by displaying a dialog box. You can add the program to the allowed programs list by clicking Allow Access.w7io.com/1504 offers links to information about the latest security updates (which you already have installed if you use Windows Update), current security threats, security training sessions, guidance centers, and other information.


    • Microsoft TechNet Security Center ( incoming connection, Windows Firewall asks for your permission by displaying a dialog box. You can add the program to the allowed programs list by clicking Allow Access.w7io.com/1505) provides more technical details, aimed primarily at IT professionals.

    • You can sign up for alerts (sent via e-mail, RSS, or instant messenger) of security information from Microsoft at w7io.com/1509.


    Blocking viruses and worms with an antivirus program
    Blocking Viruses and Worms with an Antivirus Program incoming connection, Windows Firewall asks for your permission by displaying a dialog box. You can add the program to the allowed programs list by clicking Allow Access.

    • A virus is a computer program that replicates by attaching itself to another object. Viruses can infect program files, documents (in the form of macro viruses), or low-level disk and file-system structures such as the boot sector and partition table. Viruses can run when an infected program file runs; they can also reside in memory and infect files as the user opens, saves, or creates the files.


    • A incoming connection, Windows Firewall asks for your permission by displaying a dialog box. You can add the program to the allowed programs list by clicking Allow Access.worm is a standalone program that replicates by copying itself from one computer to another, usually over a network or through e-mail attachments. The distinction between viruses and worms can be blurry and for practical purposes is unimportant.


    Finding an antivirus program
    Finding an Antivirus Program incoming connection, Windows Firewall asks for your permission by displaying a dialog box. You can add the program to the allowed programs list by clicking Allow Access.

    • Plenty of good antivirus programs are available. You can start your search at the Windows 7 Security Software Providers page, w7io.com/1510, which provides links to publishers of Windows 7–compatible security software, including antivirus programs. (If you haven’t yet installed antivirus software, you’ll find a link to this page in Action Center. Next to Virus Protection, click Find A Program Online.)


    Note: incoming connection, Windows Firewall asks for your permission by displaying a dialog box. You can add the program to the allowed programs list by clicking Allow Access.

    • Microsoft’s entry in the consumer antivirus arena is Microsoft Security Essentials (w7io.com/1513).

    • Microsoft Security Essentials is based on the antivirus feature of Microsoft Forefront Client Security, a business-oriented program for protection against viruses and spyware. Microsoft Security Essentials is available to Windows users at no charge.


    Using an antivirus program
    Using an Antivirus Program incoming connection, Windows Firewall asks for your permission by displaying a dialog box. You can add the program to the allowed programs list by clicking Allow Access.

    • Installing an antivirus program is a good first step. But you’re not done yet! The initial setup enables the antivirus scanning engine—the code that checks files for possible viruses. The most important part of the package is the database of virus definitions (sometimes called the signature file). After installing an antivirus package on a new computer, update it to the latest definitions immediately.


    • Install updates to program files and virus definitions using the program developer’s recommended schedule, at least daily.

    • Scan each file that you access in any way. This feature is typically called real-time scanning, virus monitoring, or something similar. Don’t confuse this type of scanning with scheduled scans, which periodically scan the files stored on your computer to find infected files.

    • Scan e-mail attachments and block access to infected files.


    Scanning for viruses without an antivirus program
    Scanning for Viruses—Without an Antivirus Program the program developer’s recommended schedule, at least daily.

    • On the second Tuesday of each month, as part of its normal security releases, Microsoft releases an updated version of a utility called the Malicious Software Removal Tool (MSRT).

    • This utility is not designed to block new viruses from entering a computer; rather, its function is to clean up systems that have been infected with well-known and widespread viruses and other forms of malware. The MSRT is delivered by Windows Update, and on most computers, this tool runs silently and then deletes itself; it alerts you if it finds any infections, and lets you know if they were successfully removed.


    • If you prefer to scan one or more systems manually, you can download the current executable version of the MSRT from w7io.com/1514.

    • Because this utility is updated at least monthly, we do not recommend that you save this file. For details about this tool, read Microsoft Knowledge Base article 890830 (w7io.com/1515).



    Stopping spyware with windows defender
    Stopping Spyware with Windows Defender services are available from several antivirus vendors. The Windows Live safety scanner can be run from

    • Spyware is a term that has come to describe a variety of undesirable software programs, whose bad behavior ranges from annoying you with pop-up ads to surreptitiously sending your private information to other people. Indications of common spyware infections include the following:



    Note browser

    • For detailed information about the criteria that Windows Defender uses to identify spyware, visit w7io.com/1517.


    In addition to its real-time protection for spyware-like behavior, Windows Defender (shown in Figure 15-8) also scans your computer’s files periodically, looking for known spyware.


    • Windows Defender runs as a service, which allows it to provide protection for all users on your computer.

    • The Windows Defender user interface runs in the context of the current user (therefore, UAC elevation is required for some actions), but the scanning and spyware removal is done by the service—and without the need for administrative privileges.


    Note provide protection for all users on your computer.

    • Windows Defender is a good antispyware solution for computers in homes and in small business networks.

    • If you use a domain-based network, you might want to look into Microsoft Forefront Client Security (w7io.com/1519), which provides spyware protection with centralized control, management, and reporting.


    Scanning your computer for spyware
    Scanning Your Computer for Spyware provide protection for all users on your computer.

    • Scanning is one of the two primary detection mechanisms in Windows Defender. (The other is real-time protection.)

    • When Windows Defender scans your computer, it checks applications it finds against a database of spyware definitions. The database, which is frequently updated via Windows Update, contains detailed information about known spyware, including file names and version numbers, a description of the threat presented by each program, and a recommended action to take if the program is found on your computer.


    Scanning automatically
    Scanning Automatically provide protection for all users on your computer.

    • By default, Windows Defender scans your computer automatically once a day; your current scan schedule appears near the bottom of the home page in Windows Defender. You can modify the schedule and set other scanning options by clicking Tools and then clicking Options.


    Using real time protection
    Using Real-Time Protection provide protection for all users on your computer.

    • Real-time protection runs in the background, always on the lookout for spyware that attempts to install itself or to run. To enable real-time protection, open the Options page and click Real-Time Protection. For full protection, be sure that all check boxes are selected.

    • When real-time protection is enabled, if Windows Defender encounters spyware (or suspected spyware), an alert appears by the Action Center icon in the notification area, as shown below.


    Responding to windows defender alerts
    Responding to Windows Defender Alerts provide protection for all users on your computer.


    For each suspected spyware program you can specify one of three actions
    For each suspected spyware program, you can specify one of three actions:

    • Remove Windows Defender permanently removes the detected spyware from your computer.

    • Quarantine Windows Defender moves the program to a different folder and prevents the program from running.

    • Allow Windows Defender allows the program to be installed or to run and adds the program to the allowed list; Windows Defender no longer alerts you to its presence and its risks. You should allow only software that you know to be safe.


    Disabling windows defender
    Disabling Windows Defender three actions:

    • Choices on the Options page—specifically, the first option on the Automatic Scanning and Real-Time Protection panels—let you turn off automatic scanning and real-time protection.

    • Even if you turn off both options, however, the Windows Defender service continues to run and the program remains available for manual scans.

    • If you want to disable Windows Defender altogether, open Windows Defender, click Tools, click Options, and then click Administrator. Clear the Use This Program check box to disable Windows Defender.


    Preventing unsafe actions with user account control
    Preventing Unsafe Actions with User Account Control three actions:

    • Microsoft has made considerable changes to UAC in Windows 7.Users, whether logged on with an administrator account or a standard account, see far fewer prompts than in Windows Vista. In Windows 7, standard users can view Windows settings (in Device Manager, for example) without requiring elevation. (They’ll still need administrative credentials to make changes, however.) Standard users can install updates and drivers from Windows Update, pair Bluetooth devices, and reset the network adapter—all tasks that require elevation in Windows Vista—without a peep from UAC in Windows 7.


    What triggers uac prompts
    What Triggers UAC Prompts three actions:

    • The types of actions that require elevation to administrator status (and therefore display a UAC elevation prompt) include those that make changes to systemwide settings or to files in %SystemRoot% or %ProgramFiles%.

    • Among the actions that require elevation are the following:


    • ●Installing and uninstalling applications three actions:

    • ●Installing device drivers that are not included in Windows or provided through Windows Update

    • ●Installing ActiveX controls

    • ●Changing settings for Windows Firewall

    • ●Changing UAC settings

    • ●Configuring Windows Update

    • ●Adding or removing user accounts

    • ●Changing a user’s account type

    • ●Configuring Parental Controls

    • ●Running Task Scheduler

    • ●Restoring backed-up system files

    • ●Viewing or changing another user’s folders and files


    Dealing with uac prompts
    Dealing with UAC Prompts three actions:

    • At logon, Windows creates a token that is used to identify the privilege levels of your account. Standard users get a standard token, but administrators actually get two: a standard token and an administrator token.

    • The standard token is used to open Explorer.exe (the Windows shell), from which all subsequent programs are launched. Child processes inherit the token of the process that launches them so that, by default, all applications run as a standard user—even when you’re logged on with an administrator account. If you provide administrator credentials, Windows then opens the program using the administrator token. Note that any processes that the successfully elevated program opens also run as administrator.


    • As an elevation-requesting application attempts to open, UAC evaluates the application and the request and then displays an appropriate prompt. As an administrator, the most common prompt you’re likely to see is the consent prompt, which is shown in Figure 15-11.Read it, check the name of the program, click Yes, and carry on.


    Figure 15-12 To perform an administrative task, a standard user must enter the password for an administrator account.

    ●Red background and red shield icon Identifies an application from a blocked publisher or one that is blocked by Group Policy. Be extremely wary if you see one of these.

    ●Yellow-orange background and red shield icon Identifies an application (signed or unsigned) that is not yet trusted by the local computer. (See Figure 15-13.)

    ●Blue-green background Identifies an administrative application that is part of Windows. (See Figures 15-11 and 15-12.)

    ●Gray background Identifies an application that is Authenticode signed and trusted by the local computer.



    Modifying uac settings
    Modifying UAC Settings UAC prompt.

    • User Account Control is not for everybody, but in Windows 7 you can tone it down without disabling it altogether. To review your options and make changes, in the Start menu search box or in Control Panel, type uac and then click Change User Account Control Settings. A window similar to the one shown in Figure 15-14 appears.


    ad