This is the one of the ‘Writing Secure Code’ series book completely focused on security design & implementations incorporated into vista. Written by experts involved in secure development of Vista, book offers complete coverage of security defenses in precise and concise format. However unlike earlier security book in the series, this book is solely dedicated to Vista explaining its new security defenses in depth.
Here is the table of contents for this book
- Chapter 1. Code Quality
- Chapter 2. User Account Control, Integrity Levels, and Tokens
- Chapter 3. Buffer Overrun Defenses
- Chapter 4. Taking Advantage of Network Security Features and Defenses
- Chapter 5. Creating Secure and Resilient Services
- Chapter 6. Taking Advantage of Internet Explorer Defenses
- Chapter 7. Cryptographic Changes in Windows Vista
- Chapter 8. Authentication and Authorization
- Chapter 9. Miscellaneous Defenses
The book explains all the Vista security mechanisms such as UAC, integrity levels, various compiler/linker flags to prevent buffer exploitation, session isolation, new credential provider design, IE protected mode and many more. Also It contains complete ready to use code examples demonstrating usage of these security mechanisms. I have been referring this book since its release and found it to be very useful & informative.
Although you can grab all these vista security features by reading Microsoft knowledge base articles but the fastest and best way to do is to read this book.
Though this book has been specifically written for Vista, it still holds a good reference for Win 7 as well considering that there has not been much changes in Win 7 since Vista. At the end of the day this is must have book for any security conscious developer to unleash the security defenses of Vista and Win 7.