Microsoft made significant changes to how it protects the Windows operating system kernel and added a number of new security controls when it transitioned . With Windows 7, many of those security controls are enhanced and there are some new features as well.

Here are three things Microsoft got right with :

1. ASLR and DEP. ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) both existed in Windows Vista, but have been improved for Windows 7. ASLR makes it more complicated for attackers to determine where core functions reside in memory, and DEP prevents buffer overflow attacks from working on files or in storage areas that are specifically intended to hold data.

Sophos Senior Security Advisor Chet Wisniewski says " ASLR was massively improved in Windows 7. This means that libraries (DLL's) are loaded into random memory addresses each time you boot. Malware often depends on specific files being in certain memory locations and this technology helps stop buffer overflows from working properly."