Stories by: Roger A. Grimes

Windows 7 has been warmly received and swiftly adopted by businesses, with the result that many IT admins are now struggling with the platform's new security features. In addition to changes to User Account Control, BitLocker, and other features inherited from Windows Vista, Windows 7 introduces a slew of new security capabilities that businesses will want to take advantage of.

Microsoft's AppLocker, the application control feature included in Windows 7 and Windows Server 2008 R2, is an improvement on the Software Restriction Policies (SRP) introduced with Windows XP Professional. AppLocker allows application execution rules and exceptions to them to be defined based on file attributes such as path, publisher, product name, file name, file version, and so on. Policies can then be assigned to computers, users, security groups, and organizational units through Active Directory.

Lumension Application Control is a strong whitelisting solution with broad file coverage, excellent reporting, and a complete set of Windows file definitions that can be used to spot potentially troublesome changes to system files. Its one noteworthy shortcoming is the inability to create whitelisting rules based on the digital signatures of application publishers.

As many product vendors can readily tell you, this reviewer is the ultimate computer security cynic and a tough writer to please. I'm unsparingly critical of overhyped products. Although I've evaluated a number of excellent products over the years, I've never given a perfect 10 in any scorecard category -- until now. Bit9 Parity is one of the few computer security products that, if deployed in your Windows environment, will radically and immediately reduce your enterprise's level of security risk. It's not perfect, and it did not score a perfect 10 in every field -- but it earned the highest score this reviewer has ever given.

CoreTrace's Bouncer 5 is application control and more. Bouncer is the only product in InfoWorld's review that successfully protected against buffer overflows. It also offers unique write protection of whitelisted files and does a nice job of handling updates to controlled applications.

McAfee Application Control 5.0 (due out Dec. 15) is the result of McAfee's acquisition of Solidcore and the integration of Solidcore S3 Control with McAfee ePolicy Orchestrator (ePO). McAfee Application Control rivals SignaCert for the broadest client support among all the products in InfoWorld's review. It also boasts write protection and ownership protection of whitelisted files, good reporting and alerting, and no significant cons.

SignaCert was one of the first whitelisting products available, and it now boasts more than 1 billion predefined file signatures as part of its Global Trust Repository service. It also offers file authenticity ratings, wide platform support, extensibility through XML, and excellent documentation. SignaCert's significant weakness is that it does not natively block file executions -- the only product in InfoWorld's review that does not include this ability as a standard feature.

Opera has long been an underrated, feature-rich browser worthy of greater attention and a larger market share. It runs on Microsoft Windows, Mac, Linux, FreeBSD, Solaris, mobile phones, Nintendo gaming systems, and other now historical operating systems. Like all of the leading browsers, it supports Java and JavaScript, and its impressive, growing feature set pushes beyond today's standards such as tabbed browsing to include the likes of voice-controlled browsing, e-mail, and instant messaging. Opera has many unique security features too, and the granularity of its security controls easily beats that of most rivals, the exception being Microsoft's Internet Explorer.

Malware evolves in trends. Yesterday's boot virus is today's Web server exploit program. Malware follows popularity, and it morphs to get past ubiquitous defences. Understanding the growing trends in malware will help you plan better defences