Microsoft presented security enhancements to be included in Longhorn Server at the company's recent TechEd conference...
in Orlando, Fla. And many of the features mentioned had people in the audience saying, "It's about time."
If all the enhancements actually make it into the final build, Longhorn should be the most secure Microsoft operating system ever. Keep in mind, though, that anything can change between now and when Longhorn is released, which is expected to be sometime in 2006. Please also note that there are dozens of security enhancements I could discuss. Here, I only focus on the more significant improvements.
Longhorn securely coded
One thing that will set Longhorn apart from Windows XP and Windows Server 2003 is that security was the primary design consideration, not an afterthought. Microsoft actually retrained its development staff on how to write secure code. The developers went on to create a threat model for each piece of code and have been performing extensive security testing against them. In case you are wondering, having the developers write secure code doesn't mean the operating system will be completely secure. What it does mean is that we probably won't have to worry about things like buffer overflow exploits against Longhorn.
Code integrity checking added
Longhorn also provides many new security features. One long-awaited feature is code integrity checking: Each of the operating system's files is digitally signed, and the operating system knows exactly how many bytes each file should be. If the feature works as planned, you won't have to worry about viruses or hackers replacing operating system files with malicious files of the same name. The operating system will be smart enough to detect such changes and prevent them.
Encrypting File System (EFS) improved
Another great security enhancement will be the way that the Encrypting File System (EFS) works. As you may know, EFS has been around since Windows 2000, but it has some shortcomings. For instance, you can't encrypt the volume that contains the operating system. That renders EFS useless for workstations that only have a single volume. As another example, if you lose the encryption key, your data could be gone forever (assuming that no key-recovery agent is available).
Longhorn will be the first Windows operating system that allows you to encrypt the volume that contains the operating system. The only catch is that doing so requires a Trusted Platform Module (TPM) hard drive. TPM-enabled hard drives aren't available for consumer-grade machines yet, but with Dell Inc., Hewlett-Packard Co., IBM and Toshiba Inc. already producing TPM hard drives for servers, I suspect they will be readily available before Longhorn hits the store shelves.
But what about those pesky EFS encryption keys? Longhorn will allow you to export your EFS keys to a smart card. This means that if your hard drive has a problem, you won't risk losing your EFS keys (and the ability to decrypt your data).
About the author: Brien M. Posey is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit his personal Web site at www.brienposey.com.
Vladimir K. writes:
Your statement that EFS "can't encrypt the volume that contains the operating system" is incorrect; EFS in Longhorn will. First, EFS never encrypted *any* disks, system or not. It did not even encrypt folders -- it works at the *file* level. Second, TPM had been introduced by TCPA in 1999 and not related to EFS at all.
Perhaps I should have phrased that differently. EFS does work at the file level. EFS has some limitations in that it can't encrypt system files. In Longhorn, however, you will be able to encrypt entire volumes including those that contain the operating system.
More information from SearchWindowsSecurity.com