Windows 7 Parental Controls
Begin setting up Windows 7 Parental Controls by configuring one or more user accounts as standard user accounts (accounts that your children will use). You can then configure Parental Controls from an administrator account. Do so by typing in parental in Start Menu Search to locate and access Parental Controls application. Select the user to which you would like to add Parental Controls. This will prompt the User Controls dialog. Parental Controls can be applied only to standard users and not to an administrator-class account. Another limitation is that while technically it is possible to configure Parental Controls on a system in which one or more administrators do not have passwords, it is not recommended. Parental Controls rely on controlled accounts (your kids’ accounts) not having access to administrator accounts. If one or more administrator-class accounts do not have passwords, your kids will be able to bypass any controls you set up. So be sure that any administrator-class accounts on the PC have passwords.
Parental Controls are not enabled for any standard user accounts by default. You can enable Parental Controls by checking the option titled On, enforce current settings, and you can configure features such as time limits, games restrictions, and allow and block specific programs.
Time Limits
Time Restrictions Parental Controls provides a graphical grid that allows you to configure exactly when your kids can use the computer. Windows 7 users can use the PC on any day at any time by default, but by dragging your mouse around the grid, you can prevent your children from using the computer at specific hours, such as late at night or during school hours.
Games Parental Controls
The Game Restrictions Parental Controls specifies whether your children can play games on the PC and which games they can access. Standard account holders can play all games by default. You can modify that setting using the screen that appears when you click Set game ratings. You can accept game ratings using the rating system enabled on your PC. The most common and default system is the Entertainment Software Ratings Board’s (ESRB). You can additionally block games based on content, using a range of content types, including unrated online games, alcohol and tobacco reference, alcohol reference, animated blood, blood, blood and gore, cartoon violence, comic mischief, crude humor, drug and alcohol reference, drug and tobacco reference, drug reference, edutainment, fantasy violence, and about 200 others.
Finally, you can also block or allow specific games, especially many Windows games that do not digitally identify their rating. The nice thing about this UI is that Parental Controls sees which games are already installed on the system and enables you to supply a Caesar-style yea or nay.
Allow and Block Specific Programs
This final setting lets you manually specify applications that you do or do not want your child to use. Standard users can access all of the applications installed on the system by default. Browse to find an application if you do not see it.
Simplest way to secure Windows 7
Out of the box, Windows 7 includes antispyware functionality in the form of Windows Defender, a two-way firewall in Windows Firewall; a hardened Web browser (Internet
Explorer 8); and automatic updating features that keep the system up-to-date, every day, with the latest security patches. Also included are changes to the User Account Control (UAC) feature, covered in the next chapter, making it less annoying and less likely to be turned off, thus reducing your exposure to malware. It would seem that Windows 7 comes with everything you need to be secure.Sadly, that’s not quite the case. First, Microsoft makes it too easy for users to opt out of one of the most important security features available in the system. In addition, one glaring security feature is missing from Windows 7. You’ll want to make sure you correct both of these issues before using Windows 7 online. Fortunately, doing so takes just two steps:
1. Enable automatic updating:
If you set up Windows 7 yourself, one of the final Setup steps is configuration of Automatic Updates, the Windows Update fea-ture that helps to ensure your system is always up-to-date. However, Automatic Updates can’t do its thing if you disable it, so make sure at the very least that you’ve cond this feature to install updates automatically. (Optionally, you can enable the installation of recommended updates as well, but these are rarely security oriented.) We can’t stress this enough: this feature needs to be enabled. If you’re not sure how it is cond, run Windows Update (Start Menu Search and then type windows update) and click Change Settings in the left side of the window. Make sure the option under important updates Install updates automati-cally (recommended) is selected.
2. Install an ant ivirus solution:
Many new PCs are preinstal led with security suites from companies such as McAfee and Symantec. While these suites are better than nothing, they’re also a bit bloated and perform poorly in our own tests. We prefer standalone antivirus solutions for this reason. There are many excellent options, including Symantec Antivirus, which in our own tests has proven to do an excellent job with minimal system impact. AVG free antivirus is another options for who are on budget. Security in Windows 7 starts with this simple rule: leave all the security settings on, at their defaults, and install an antivirus solution. That said, a full understanding of what’s available in Windows 7 from a security standpoint is, of course, beneficial. That’s what this chapter is all about.
Windows 7 Action Center explained
indows 7 Action Center is a new version of Vista Security Center. Action Center can be found at Control Panel >System and Security > Action Center. Action Center provides solutions to your PC problems.
Network firewall – This setting alerts you when windows firewall is off
Windows Update – Ensures window updates are on.
Virus Protection – Ensures system has AntiVirus installed
Spyware and unwanted software protection – Ensures Windows Defender is running.
Internet security settings – Ensures IE security settings are at their recommended levels.
User Account Control – Ensures UAC is on.
Network Access Protection – Ensures Network Access Control client is running.
Built-in Windows 7 Security features
Windows Defender
Over the years, hackers have come up with new and inventive ways to attack PCs. Recently, spyware, one of the most pervasive and difficult forms of malware yet invented, has become a serious issue. For this reason, Windows 7 includes an integrated antispyware and anti-malware package cal led Windows Defender. Unl ike some security products, you won’t typically see Windows Defender, as it’s designed to work in the background, keep-ing your system safe; but if you’d like to manually scan your system for malware or update your spyware definitions, you can do so by loading the Windows Defender application, available through the Start menu.Windows Defender does occasionally show up as an icon in the taskbar notification area. This generally happens when the tool has been unable to download new defini-tions, the files it uses to ensure that its antispyware database is up-to-date. In such a case, you can click the Windows Defender icon and trigger a manual download of the latest updates.
Windows Firewall
When Microsoft first shipped Windows XP in 2001, it included a feature called Internet Connection Firewall (ICF) that could have potentially thwarted many of the electronic attacks that ultimately crippled that system over the ensuing several years. There was just one problem: ICF was disabled by default and enabling and configuring it correctly required a master’s degree in rocket science (or at least in computer security). Microsoft wised up and shipped an improved ICF version, renamed as Windows Firewall, with Windows XP SP2. Best of all, it was enabled by default. Sure, it broke many applications at first, but now, years later, virtually all Windows applications know how to live in a firewall-based world.In Windows Vista, we were given an even better version of Windows Firewall. Unlike the XP SP2 version, the version in Windows Vista enabled monitoring both outbound and inbound network traffic. While Windows 7 doesn’t bring many Windows Firewall addi-tions, it does feature a much more informative interface, Windows Firewall is initially cond to block any unknown or untrusted connections to the PC that originate over the network. You can enable exceptions to this behavior via the Allowed Programs list, which you can access by clicking the link Allow a program or feature through Windows Firewall. Typically you just leave the settings as is, of course. Depending on the network type (Home, Work, or Publ ic) chosen when Windows 7 connects to a network, some programs and features are automatically cond to communicate through the firewall,
Windows Update
With Windows 98 over a decade ago, Microsoft introduced a Web-based service called Windows Update that provided software updates to Windows users. That service has since been superseded by Microsoft Update, which also provides updates to many other Microsoft software products. In Windows Vista, Windows Update was moved into the oper-ating system and made a client application, eliminating the number of Web browser hoops you had to jump through to keep your operating system up-to-date. Windows 7 continues to carry the Windows Update torch, making a few subtle changes for the good., Windows Update remains a client application that you can access from the Start menu. From here, you can check for and install new updates, hide updates you don’t want to be alerted about anymore, and view the history of updates you’ve already installed. You can also click a link to enable Microsoft Update functionality, enabling Windows Update to download and install updates for other Microsoft applications, such as Microsoft Office and various Windows Live products.
Windows 7 User Account Control (UAC)
No Windows feature has proven as controversial and misunderstood as User Account Control, or UAC. When it debuted in Windows Vista, tech pundits screamed far and wide about this reviled feature, spreading mistruths and misunderstandings and generally raising a lot of ruckus about nothing. If these pundits had just calmed down long enough to actually use User Account Control for longer than a single afternoon, they’d have dis-covered something very simple: it’s not really that annoying, and it does in fact increase the security of the system. Indeed, we would argue that User Account Control is one of the few features that really differentiate modern Windows versions from the increasingly crusty XP, because there’s no way to add this kind of functionality to XP, even through third-party add-on software. User Account Control is effective, and as ongoing security assessments have proven, it really does work.Great, but what is it exactly? In order to make the operating system more secure, Microsoft has architected Windows so that all of the tasks you can perform in the system are divided into two groups, those that require administrative privileges and those that don’t. Thisrequired a lot of thought and a lot of engineering work, naturally, because the com-pany had to weigh the ramifications of each potential action and then code the system accordingly.
The first iteration of UAC was implemented in Windows Vista with what Microsoft thought to be a decent technical compromise. In response to overwhelming user feedback sur-rounding the frequency of prompts, however, Microsoft modified UAC in Windows 7 to make it “less noisy” (that is, less annoying) by default. They did this by implementing a pair of “Notify me only when. . .” options, letting users perform common configuration tasks, prompting only when something out of the ordinary is done (for example, changing important configuration settings). The result is that UAC in Windows 7 is more configu-rable and less irritating than it was in Vista. But it’s even more controversial, because it’s not clear that it’s as secure as it used to be.
How UAC Works under the hood
Every user, whether cond as a standard user or an administrator, can perform any of the tasks in Windows 7 that do not require administrator privileges, just as they did in Windows XP. (The problem with XP, from a security standpoint, of course, is that all tasks were denoted as not requiring administrative privileges.) You can launch applica-tions, change time zone and power-management settings, add a printer, run Windows Update, and perform other similar tasks. However, when you attempt to run a task that does require administrative privileges, the system will force you to provide appropriate credentials in order to continue. The experiences vary a bit depending on the account type. Predictably, those who log on with administrator-class accounts experience a less annoying interruption.Standard users receive a User Account Control credentials dialog, as in 8-1. This dialog requires you to enter the password for an administrator account that is already cond on the system. Consider why this is useful. If you have cond your chil-dren with standard user accounts (as, frankly, you should if you’re going to allow them to share your PC), then they can let you know when they run into this dialog, giving you the option to allow or deny the task they are attempting to complete. Administrators receive a simpler dialog, called the User Account Control consent dialog,2. Because these users are already cond as administrators, theydo not have to provide administrator credentials. Instead they can simply click Yes to keep going. The presentation of these User Account Control dialogs can be quite jarring if you’re not familiar with the feature or if you’ve just recently switched to Windows 7 from XP. (Vista users are very well accustomed to this effect.) If you attempt to complete an adminis-trative task, the screen will flash, the background will darken, and the credentials or consent dialog will appear somewhere onscreen. Most important, the dialogs are modal: you can’t continue doing anything else until you have dealt with these dialogs one way or the other.
There’s also a third type of User Account Control dialog that sometimes appears regard-less of which type of user account you have cond. This dialog appears whenever you attempt to install an application that has not been digitally signed or validated by its creator. These types of applications are quite common, so you’re likely to see the dialog fairly frequently, especially when you’re initially configuring a new PC. Over time, these prompts will occur less and less because you won’t be regularly installing applications anymore.By design, this dialog is more colorful and “in your face” than the other User Account Control dialogs. Microsoft wants to ensure that you really think about it before continuing. Rule of thumb: you’re going to see this one a lot, but if you just downloaded an installer from a place you trust, it’s probably okay to go ahead and install it.
When UAC is left at its default setting, Windows 7 automatically elevates a hand-picked list of applications, further reducing the UAC dialogs you see. These applications are referred to as being white-listed for auto-elevation. They include:
WindowsehomeMcx2Prov.exe
WindowsSystem32AdapterTroubleshooter.exe
WindowsSystem32BitLockerWizardElev.exe
WindowsSystem32bthudtask.exe
WindowsSystem32chkntfs.exe
WindowsSystem32cleanmgr.exe
WindowsSystem32cliconfg.exe
WindowsSystem32CompMgmtLauncher.exe
WindowsSystem32ComputerDefaults.exe
WindowsSystem32dccw.exe
WindowsSystem32dcomcnfg.exe
WindowsSystem32DeviceEject.exe
WindowsSystem32DeviceProperties.exe
WindowsSystem32dfrgui.exe
WindowsSystem32djoin.exe
WindowsSystem32eudcedit.exe
WindowsSystem32eventvwr.exe
WindowsSystem32FXSUNATD.exe
WindowsSystem32hdwwiz.exe
WindowsSystem32ieUnatt.exe
WindowsSystem32iscsicli.exe
WindowsSystem32iscsicpl.exe
WindowsSystem32lpksetup.exe
WindowsSystem32MdSched.exe
WindowsSystem32msconfig.exe
WindowsSystem32msdt.exe
WindowsSystem32msra.exe
WindowsSystem32MultiDigiMon.exe
WindowsSystem32Netplwiz.exe
WindowsSystem32newdev.exe
WindowsSystem32ntprint.exe
WindowsSystem32ocsetup.exe
WindowsSystem32odbcad32.exe
WindowsSystem32OptionalFeatures.exe
WindowsSystem32perfmon.exe
WindowsSystem32printui.exe
WindowsSystem32rdpshell.exe
WindowsSystem32recdisc.exe
WindowsSystem32rrinstaller.exe
WindowsSystem32rstrui.exe
WindowsSystem32sdbinst.exe
WindowsSystem32sdclt.exe
How to configure Windows 7 firewall
Windows Firewall included with Windows 7 helps prevent unauthorized users or malicious software from accessing your computer. Windows Firewall does not allow traffic that was not sent in response to a request, to pass through the firewall.
To configure Windows Firewall, select Start > Control Panel > Large Icons View > Windows Firewall. Click Turn Windows Firewall On Or Off. This will prompt the Windows Firewall Settings dialog box.
The Windows Firewall Settings dialog box enables you to turn Windows Firewall on or off for both private and public networks. The On setting blocks external sources except those indicated on the Exceptions tab. The Off setting allows external sources to connect. There is also a check box for Block All Incoming Connections. This feature allows you to connect to networks that are not secure. When Block All Incoming Connections is enabled, exceptions are ignored and you receive no notification when an application is blocked by Windows Firewall.
The exceptions section of the Windows Firewall Settings dialog box allows you to classify which programs and services are allowed to pass through Windows Firewall. There is a defined list of programs and services you can choose from, or you can use the Add Another Program button to modify your exceptions. It is important that you enable exceptions carefully. Exceptions allow traffic to pass through the firewall, which can put your computer at risk due to the exposure. Remember that the Block All Incoming Connections setting ignores all exceptions.
Windows Firewall with Advanced Security
There are more advanced settings to be configured in Windows Firewall with Advanced Security (WFAS). To access Windows Firewall with Advanced Security, click Start > Control > Panel > Large Icons View > Windows Firewall and then click the Advanced Settings link. The Windows Firewall with Advanced Security on Local Computer dialog box appears and to the left on the scope pane shows that you can set up specific inbound and outbound rules, connection security rules, and monitoring rules. An overview of the firewall’s status and current profile settings is shown in the central area.
Inbound and Outbound Rules
Inbound and outbound rules have many preconfigured rules that can be enabled or disabled. Inbound rules monitor inbound traffic and outbound rules monitor outbound traffic. Many are disabled through default. If you double-click a rule, this will prompt its Properties dialog box. The rules can be filtered for easier viewing. Filtering can be done based on the rules, whether enabled or disabled, of the affected profile, or based on the rule group. If you have trouble finding a rule that suits your needs, you can create a new rule by right-clicking Inbound Rules or Outbound Rules in the scope pane and selecting New Rule. This will launch the New Inbound or Outbound Rule Wizard and it will ask whether you want to create a rule based on a particular program, protocol or port, predefined category, or custom settings.
How to Create a New Inbound Rule Allowing for Only Encrypted TCP Traffic:
1. Select Start > Control Panel > Large Icon View > Windows Firewall.
2. Click Advanced Settings on the left-hand side.
3. Right-click Inbound Rules and select New Rule.
4. Choose a Rule Type. To see all available options, choose Custom and click Next.
5. Choose the programs or services affected by this rule and then click Next.
6. Choose the protocol type and the local and remote port numbers affected by this rule and click Next.
7. Choose the local and remote IP addresses affected by this rule and click Next.
8. Indicate if this rule will allow the connection, allow the connection only if it is secure, or block the connection and then click Next.
9. Indicate whether you want to allow connections from certain users only and click Next.
10. Indicate whether you want to allow connections from certain computers only and then click Next.
11. Choose which profiles will be affected by this rule. You can select more than one profile and click Next.
12. Name your profile, type in a description and then click Finish. Your custom rule appears in the list of Inbound Rules and the rule is enabled.
13. Double-click the new rule you just created. Note that previously configured options can be changed.
14. You can disable the rule by deselecting the Enabled check box. Click OK.