Friday, March 7, 2008

Windows Vista: Is it secure enough for business?

Microsoft’s latest desktop operating system, Windows Vista, contains a wide range of new features, from the user interface to the heart of the operating system. However, it is the new security-related technologies which were given top priority by Microsoft in response to the many criticisms of the vulnerabilities in Vista’s forerunner, Windows XP. Developments include improved monitoring and reporting on security status, minimized opportunity for attack and improved defense against spyware. There is also a new mechanism to prevent rogue code from being able to make malicious changes to the operating system kernel, and improved browser and firewall functionality.

Windows Security Center

Windows Security Center (WSC) runs in the background, monitoring and reporting on the security status of a computer. First introduced by Microsoft in Windows XP Service Pack 2, the enhanced version in Vista provides greater integration both with other Vista security features and with third-party security solutions.

As with Windows XP, WSC monitors the internet firewall and checks the status of automatic updates and anti-virus software but it has been extended in Vista to include monitoring of anti-spyware applications. Monitoring of the security settings in Internet Explorer 7 and of the new User Account Control function (see below) has also been added.

Part of the reasoning behind the enhancements to WSC is to raise end-user awareness of security issues by alerting them to any problems. While this clearly has home-user benefits, businesses and other organizations like education and government institutions will find this both insufficient and annoying and so might well choose to disable these
end-user alerts.

In addition, some security vendors have reacted negatively to the fact that WSC cannot be automatically disabled when their alternative security solutions are installed, although Sophos cannot see why any vendor should object to a built-in security center reporting on the status of its software.

User Account Control

User Account Control (UAC) is one of the most important security features in Windows Vista. Its objective is to minimize the opportunity for attack, preventing the installation of today’s malware threats, in a scenario where end users are given local administrator rights. As with Windows XP, end users are given administrator rights by default. However, instead of invoking administrator status in a blanket fashion across all applications, the Vista login generates two security tokens: StandardUser and Administrator.

By default, Vista assigns the StandardUser token to applications, so applications that do not require administrator rights will run with no user intervention. However, many applications require administrator privileges and in this case the Administrator token is invoked and the user is asked to cancel or allow the program as appropriate, as shown in the figure.


From a security point of view UAC is a significant step forward and the principle of the least required privilege is theoretically a good one as, by default, registry and file system access are restricted. This means that malware is prevented from automatically copying itself to locations such as the Windows system folder and cannot be written to registry keys in order to be automatically launched by the operating system. The principle of the StandardUser token also prevents malicious applications from writing to the memory space of other processes, a technique commonly used by malware to bypass personal or client firewalls.

Unfortunately UAC is not just secure but intrusive, with a high level of alerts, many of which are not intuitive for non-technical users. The danger is that they will automatically select “Allow” when prompted, without fully considering whether they should. The other danger is that UAC can be disabled – and indeed many beta testers chose to do this – which removes the improved security.

Windows Defender

Windows Defender is a free anti-spyware program built into Windows Vista that will detect and remove some adware, spyware and other unwanted programs. The software uses automatic updates provided by Microsoft analysts to help detect and remove new threats as they are identified. This protection does not offer comprehensive antimalware protection, in spite of the fact that the information in WSC implies that it does.

Windows Defender only supports Windows XP Service Pack 2 or later, or Windows Server 2003 Service Pack 1 or later. It does not support other operating systems including Windows 95/98/Me and 2000. And because it is targeted at the consumer market it does not offer any central administration capabilities. So it offers little to multi-platform, centrally managed enterprise networks.


Kernel protection

Two new mechanisms have been introduced to protect the operating system kernel – Kernel Patch Protection (KPP), or PatchGuard, and mandatory signing of drivers.

KPP has been implemented in 64-bit Vista to prevent a particular type of malicious activity that manipulates the operating system kernel, causing serious security breaches and adversely impacting the stability, reliability and performance of the operating system and user applications. Commonly known as “rootkits” this type of malware is often used to hide other potentially unwanted software, such as bots and spyware. KPP prevents kernel mode drivers from extending or replacing operating system services and should therefore stop rogue drivers from making malicious changes to the kernel.

KPP has not been added to 32-bit Vista since many programs (including security software) use the kernel space in an undocumented way and Microsoft was concerned about compatibility with the existing application set. This means that 32-bit systems remain vulnerable to rootkit attack. However, the second kernel protection mechanism – mandatory signing of drivers – has been implemented in both 32-bit and 64-bit Vista and can be set to prevent unsigned drivers from loading.

Some security vendors have complained that they are being “locked out” of the Vista operating system kernel by KPP. This is because they need to be able to make changes inside Microsoft’s kernel in order to ensure their existing products can support 64-bit versions.

While it is true that there will now be some dependency on Microsoft to deliver kernel interfaces which could slow all security vendors down, this is more than compensated for by the additional security offered by a locked down kernel. Windows Vista with KPP is a step in the right direction for customers – although, since this is a software mechanism it is quite likely that it will be circumvented by malware writers sooner or later – and security vendors should embrace and work with it rather than fight it.


Internet Explorer 7

Windows Vista’s built-in web browser, Internet Explorer 7 (IE7), includes security enhancements designed to protect users from phishing and spoofing attacks. In protected mode it helps prevent data and configuration settings from being deleted or changed by malicious websites or malware.

The feature is enforced by a new mechanism, called Mandatory Integrity Control, whereby every process has an integrity level assigned and each level limits access to system objects (registry, file system, other processes. etc).

The new IE7 protected mode actually runs IE with the integrity level “Low” – which is lower than the default for most user processes. This happens for all security zones except the trusted zone. Downloaded programs inherit the low integrity level which should prevent malicious programs and PUAs from infecting the system and integrating with the browser.

IE7 also has a phishing filter, which helps users browse more safely by advising them when websites might be attempting to steal their confidential information. The filter works by analyzing website content, looking for known characteristics of phishing techniques and using a global network of data sources to decide if the website should be trusted.


Windows Firewall

Windows Vista includes a new firewall that goes beyond the Windows XP Service Pack 2 firewall. Application-aware outbound filtering has been added as have location-based profiles, which allow users to set up different rules based on the network location.

However, the default policy is still to allow all outgoing traffic and the default settings will not provide any additional protection over the firewall in XP SP2.

In addition, although some management is available through Group Policy, the central management function does not provide enterprise administrators with the visibility, monitoring, policy configuration and rapid response capability that enterprise-level security management consoles deliver.

Other security features

Windows Vista also includes improved Wi-Fi security, readiness for multi-factor authentication, BitLocker data protection, a Network Access Protection client, and improved auditing for compliance.

In Windows Vista, wireless networking is more secure by default, and includes support for the latest and most secure wireless networking protocol, Wi-Fi Protected Access 2 (WPA2).

Windows Vista comes with an API to make it easier to add smart card and other systems such as biometrics to Windows authentication, to make it harder for hackers to gain access to computers and data through password cracking or social engineering techniques.

Enhanced encryption enables organizations to protect against theft or loss of corporate intellectual property. Windows Vista has improved support for data protection at the document, file, directory, and machine level, including the ability to define which employees have access to certain data. Encryption keys can now be stored on smart cards. The BitLocker disk encryption system provides some protection against hacking attacks that involve booting from removable disks.

The Network Access Protection (NAP) client can be used to prevent rogue or unprotected computers gaining full access to a network, although it will only really be implementable once the necessary server components are released with the next release of Windows Server, codenamed Longhorn, expected to be released soon.

16 comments:

逆円助 said...

さあ、今夏も新たな出会いを経験してみませんか?当サイトは円助交際の逆、つまり女性が男性を円助する『逆円助交際』を提供します。逆円交際を未経験の方でも気軽に遊べる大人のマッチングシステムです。年齢上限・容姿・経験一切問いません。男性の方は無料で登録して頂けます。貴方も新たな出会いを経験してみませんか

メル友募集 said...

最近仕事ばかりで毎日退屈してます。そろそろ恋人欲しいです☆もう夏だし海とか行きたいな♪ k.c.0720@docomo.ne.jp 連絡待ってるよ☆

家出 said...

最近TVや雑誌で紹介されている家出掲示板では、全国各地のネットカフェ等を泊り歩いている家出娘のメッセージが多数書き込みされています。彼女たちはお金がないので掲示板で知り合った男性の家にでもすぐに泊まりに行くようです。あなたも書き込みに返事を返してみませんか

動物占い said...

あなたの性格を、動物に例えて占っちゃいます。もしかしたらこんな動物かも!?動物占いをうまく使って、楽しい人間関係を築いてください

家出 said...

家出中の女性や泊まる所が無い女性達がネットカフェなどで、飲み放題のドリンクで空腹を満たす生活を送っています。当サイトはそんな女性達をサポートしたいという人たちと困っている女性たちの為のサイトです

セレブラブ said...

セレブ女性との割り切りお付き合いで大金を稼いでみませんか?女性に癒しと快楽、男性に謝礼とお互い満たしあえる当サイト、セレブラブはあなたの登録をお待ちしております。

夏フェス!! said...

夏フェス一緒に行ってくれる人募集!!夏の思い出一緒につくろぉ☆ megumi-0830@docomo.ne.jp 連絡してね♪

無料ゲーム said...

あなたのゲーマー度を無料ゲーム感覚で測定します。15個の質問に答えるだけの簡単測定で一度遊んでみませんか?ゲームが得意な人もそうでない人もぜひどうぞ。

素人 said...

Hな女性たちは素人ホストを自宅やホテルに呼び、ひとときの癒しを求めていらっしゃいます。当サイトでは男性ホスト様の人員が不足しており、一日3~4人の女性の相手をするホストもおられます。興味を持たれた方は当サイトにぜひお越しください

出会い系 said...

実は出会い系には…関係者用入り口があるのを知っていますか?広告主やスポンサー用に用意されたIDではサクラや業者が立ち入ることが出来ないようになっているのです。当サイトでは極秘に入手した関係者用URLが公開されています

逆援助 said...

男性はお金、女性は快楽を得る逆援助に興味はありませんか?お金を払っても性的欲求を満たしたいセレブ達との割り切り1日のお付き合いで当サイトでは大金を得ることができます。無料登録なのでアルバイト感覚でOK、詳しくはTOPページでどうぞ。

友達募集 said...

ホムペ完成記念!私の事みんなに知ってもらいたくて頑張りましたぁ。色々とご感想をお待ちしているので思った事を意見してください。メアドはほむぺにのせてありますぅ!★ fan.jna@docomo.ne.jp

家出 said...

夏休みで気軽に家出する女子○生が急増しています。しかし家出したはいいものの泊る所やお金が無い彼女たちは、掲示板などで泊めてくれる男性を探す子も多いようです。当掲示板にも夏休みに入ってから通常の3倍以上のメッセージが寄せられています

人妻 said...

今最もアツイバイトは人妻とのセフレ契約です。当サイトではお金を払ってでもセフレがほしい人妻が集まり、男性会員様との逆援生活を待っています。当サイトで欲求不満の女性との出会いをしてみませんか

素人 said...

素人ホストでは、男性のテクニック次第で女性会員様から高額な謝礼がもらえます。欲求不満な人妻や、男性と出会いが無い女性達が当サイトで男性を求めていらっしゃいます。興味のある方はTOPページからどうぞ

友達募集中 said...

少し魅惑な自分をネットだから公開してみました。普段言えない事など、思い切って告白しているプロフなので興味ある方はぜひ除いてみてください連絡待ってまぁす。 hinyaaaaa@docomo.ne.jp