If you’re planning a migration to Windows 7, you’re not alone. A recent study of 1,100 IT professionals, found “40 percent will have already [deployed] or plan on deploying Windows 7 by the end of 2010.”1 However, as you move forward, it’s essential to separate myth from reality about the built-in security of Microsoft’s latest offering.

Myth 1: “There’s No Need for Additional Security with Windows 7”

While Microsoft has made improvements to its built-in security in Windows 7, those features alone don’t constitute a comprehensive security solution. Businesses will still need to implement a layered security strategy that includes protection at the endpoint, web, network, and gateway. Even Microsoft recommends that “you install security software to help protect your computer[s] from viruses and other security threats.” Make sure your digital assets are protected You want to ensure that you have continuous, end-to-end protection against all threats—from rootkits to hacker attacks. Comprehensive security for your endpoints should at a minimum include anti-virus, anti-spyware, anti-spam, web security, desktop firewall, intrusion prevention, device control, encryption, network access control, and policy auditing.

Myth 2: “Windows 7 Security Capabilities Are Included Free”

Many of Microsoft’s security features are only available with the more expensive SKUs of Windows 7. These SKUs are only available to companies that purchase Windows 7 Ultimate or sign enterprise software agreements or software assurance contracts. Get better value out of your security investment  By investing in real security solutions, you get purpose-built software that does what it’s supposed to, offers a consistent management experience, and has dedicated support behind it. Specifically, you want  to use an end-to-end portfolio of security products that provides a centralized management console for administrating security across all of your systems, networks, data, and compliance solutions. 

Myth 3: “The Security Capabilities in Windows 7 Are Good Enough”

Today’s threat landscape features a constantly changing stream of worms, spyware, Trojans, bots, rootkits, hackers, identity thieves, and targeted attacks. In defeating these threats, Windows 7 security simply comes up short: • BitLocker offers limited functionality and platform coverage, weak authentication support, and it’s already proven to be vulnerable to Firewire and Evil Maid attacks • Firewall offers some protection against network-based threats. But it lacks deep packet inspection and a host intrusion prevention system (HIPS) to stop today’s sophisticated attacks. Plus, managing this firewall on any more than a few dozen endpoints will quickly overburden IT staff.  Solution Brief The Seven Security Myths of Microsoft Windows 7 Give your company, employees, and customers better security Weak security is basically no security. To ensure your security solutions can meet the challenges of your environment, get the strongest, most comprehensive endpoint security portfolio available, you want solutions that are proven in mid-sized businesses and enterprises comparable to yours.

Myth 4: Windows 7 Security Gives Me Zero-Day Protection”

The security functions provided in Windows 7 don’t provide any defense against zero-day attacks.  And while the Microsoft Windows Firewall is a critical first line of defense, it’s only one piece of the security puzzle. Put real zero-day protection in place Zero-day protection is important to guarding against emerging threats. You want to make sure your security solutions effectively analyze the behavior of users, websites, and Web 2.0 content in near real time to preemptively detect and block both known and new attacks.

Myth 5: “Microsoft’s AppLocker Is an Alternative to Anti-Virus”

Application control solutions like AppLocker should be seen as a complementary technology to anti-virus software—not as an alternative to it. Put your trust in layered security For comprehensive endpoint security, you want to implement a layered strategy. A great way to do this is to deploy a single integrated package of layered protection. In addition, that package should also include centralized management to reduce operational costs over time.  

Myth 6: “Windows 7’s Security Can Be Managed from a Single, Centralized Console”

Most security features within Windows 7 lack a dedicated management console, relying almost exclusively on group policy objects. This lack of centralized management quickly leads to higher operational costs to implement and manage Windows 7 security in the enterprise. Drive down total cost of ownership (TCO) with centralized management For maximum efficiency, you want to be able to manage all your security and operating system environments from a single console—and drive down your management and compliance costs.

Myth 7: “Microsoft Is a Security Solution Vendor”

Microsoft is an operating system vendor with some limited security features built into its operating systems. Microsoft has no security vision and no stated desire to become a security vendor.