Thursday, June 2, 2011

the most secure version of Windows


At this time, the most secure client version of Windows is the 64-bit version of Windows 7.

I've tried to edit the following to something that is as easily understood as possible...


An Introduction to Kernel Patch Protection

The kernel is the lowest-level, most central part of a computer operating system and one of the first pieces of code to load when the machine starts up. The kernel is what enables the software of the machine to talk to the hardware and is responsible for basic OS housekeeping tasks such as memory management, launching programs and processes, and managing the data on the disk. All applications and even the graphical interface of Windows run on a layer on top of the kernel. The performance, reliability, and security of the entire computer depend on the integrity of the kernel.

The kernel is the most carefully coded piece of the entire operating system. Since all other programs depend upon it, a glitch in the kernel can make all other programs crash or perform unexpectedly. You're probably also familiar with the term, "Blue Screen of Death" (BSoD). This is the result of an error in the kernel or in a driver running in the kernel that is so severe that the system can't recover from it. The BSoD is bad, so we want to do everything we can to keep customers from seeing it. One of the ways we can do that is to maintain the integrity of the kernel by restricting what software is allowed to run in and interact with it.

"Kernel patching" or "kernel hooking" is the practice of using unsupported mechanisms to modify or replace kernel code. Patching fundamentally violates the integrity of the Windows kernel and is undocumented, unsupported and has always been discouraged by Microsoft.  Kernel patching can result in unpredictable behavior, system instability and performance problems—like the Blue Screen of Death–which can lead to lost user productivity and data...

...Kernel Patch Protection was first supported on x64 (AMD64 and Intel EMT64T) CPU architecture versions of Microsoft Windows including Microsoft Windows Server 2003 SP1 and Windows XP Microsoft Windows XP Professional x64 Edition. (Patch protection is currently not supported on x86 or ia64 architectures.)



So, the lesson here is:  whenever possible, use software and hardware designed for the (64-bit version of the) operating system that you are using.


The Windows 7 Software Logo Program

The ‘Compatible with Windows 7 logo’ helps customers make better purchase decisions by identifying products that have passed Microsoft designed tests for compatibility and reliability on Windows 7. The logo provides the ultimate seal of approval...


The Windows 7 Application Compatibility List for IT Professionals is a Microsoft Office Excel-based spreadsheet listing software applications which have met Windows 7 Logo Program testing requirements for compatibility with 32-bit and 64-bit Windows 7, and have thereby earned the right to display the Windows 7 Logo Program logo with the application. These products are identified with the compatibility status “Compatible – Windows 7 Logo.”

...this list includes applications with the following compatibility statuses: “Compatible,” “Free Update Required,” “Paid Update Required,” “Future Compatibility,” and “Not Compatible.” These statuses are based upon the software publishers’ statements of compatibility. These products have not met the Windows 7 Logo Program testing requirements. For an explanation of the various compatibility statuses, please see the Release Notes for the Windows 7 Application Compatibility List on the first tab of the Excel spreadsheet.

For the latest catalog of compatible applications and hardware devices, please visit the Windows 7 Compatibility Center and select a region and language from the drop-down menu at the top of the page. You can also leave feedback on compatibility and suggest new products to get added in future reports.


No comments: