There's improved auditing all the way around, including the ability to kick off external programs (such as a sniffer) when a specified event type is noted. You'll also have improved support for non-password authentication mechanisms (smart cards, fingerprint readers, etc.). On a related note, EFS (Encrypting File System) keys can be stored on smart cards.

Windows services, often an entry point for buffer overflows and malware, will be hardened. Although Vista will include more services than any of its predecessors, more of them will run in the Local Service and Network Service contexts (instead of Local System), along with a complete code inspection and rewrite of vulnerable services. Each service will be given its own SID, allowing permissions, privileges, and firewall settings to be set per service.

Microsoft has added a new NTFS ACE (access control entry) permission called Creator Owner. It will allow more granular permissions to be set ahead of time for new objects and their owners. Currently, NTFS permissions can be given to the Creator Owner's group. This new ACE permission is the opposite -- it will allow for a permission called Creator Owner to be given to another security principal.

The Power Users group will be degraded or removed. The Windows Firewall will do outbound blocking, and the new version will alert the user when an unapproved program attempts to connect to an Internet location or attempts to set up a listening service.

On new OS installs, the Windows Firewall will be enabled with no exceptions allowed until after patching is completed. This feature is already built in to Windows Server 2003 SP1, and it prevents roving malware from exploiting Windows prior to patches being installed.