Actually, Windows 7 is about 10 times closer to Vista than to Windows 8 when it comes to security enhancements. Just in memory protection alone...
Credit: Valasek's presentation at BlackHat on Win8 memory protections
Don't know who made these lists but they are mostly BS.
Virtual Memory Non-Determinism was introduced in Vista (so of course Win7 has it as well). It still only applies on a per-app basis (the app must be built with a flag to allow it). There is no reason for x64 bit applications built using VS2008 or later not to, but older apps (since it wasn't available when they were built) and a lot of newer x86 apps will not have it enabled because it increases heap fragmentation.
Guard pages are there (and many debuggers use them) since
Windows 2000, possibly even Windows NT, not sure. So the red checkboxes for Vista and Windows 7 are pretty blatant silly BS there.
Abitrary Free Protection (assuming they mean the C level allocator, not the VirtualAlloc/VirtualFree calls which have always blown up if you free abitrary pointers even in Windows 95), is mostly irrelevant, since performance conscious applications routinely replace the default visual C++ runtime malloc/free with SmartHeap or other 3rd party allocators, and sometimes wrap those 3rd party allocators for better control/debugging. And pretty much every debug allocator does that. Also, this is
NOT an OS level feature, but basically a
compiler runtime library one. VS2012 might implement it in the release allocator where VS2010 did not but that has nothing to do with Windows 7 vs. Windows 8.
Similarly, they would have to be talking about
Compiler runtime allocators,
not the OS when listing "LFH Non-Determinism" and "Cache Aligned Allocations", as LFH only applies to small allocations, and the OS itself doesn't deal with anything smaller than a VM page. I have in fact created my own allocators that do cache aligned allocations for performance in
Windows 2003 server.
I have no idea what some of the others like "FrontEndStatusBitmap" actually are or what exactly they mean by "Exception Handler Removal" (and a quick google search didn't help), so can't comment on them.