I’ve just attended a Windows 7 Roadmap session and some of the enhanced security features of Windows 7 and Server 2008 R2 were demonstrated.
Bitlocker to go
Bitlocker will be available for USB keys and other removable devices. The demonstration showed a once click encryption of a USB stick which is secured against a passphrase or smart card. Group policy preferences will be able to enforce the use of Bitlocker and Bitlocker to go in the domain. Bitlocker to go encypted devices will also be backwards compatible with Windows Vista and XP.
A white list of applications can be created using digital signatures. They can be filtered by publisher, version number and other fields which are automatically extracted from an applications executable package.