RE: Windows Vista current flaws
From: Roger A. Grimes (roger_at_banneretcs.com)
Date: 09/27/05
- Previous message: Mike Fetherston: "RE: Software Firewalls"
- Maybe in reply to: Jon Lawhead: "Windows Vista current flaws"
- Next in thread: Lance.Druger_at_wellsfargo.com: "RE: Windows Vista current flaws"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Sep 2005 12:33:08 -0400 To: "Jon Lawhead" <samurai@berkeley.edu>, <security-basics@securityfocus.com>
I'm not sure there is a "right" position on this...only conjecture and
opinion. Here's mine.
Vista has several new good security features, that make it a more secure
platform than XP, not the least of which is IE 7 and Least Privilege
User accounts. It, no doubt, has new security flaws. But few of them
will come out before its official release, and of those, none will be
widely exploited now because the OS isn't popular enough to allow
Vista-only malware to spread. So, overall,the risk is probably less than
XP...but it's all conjecture in the end.
Widely spreading malware is rarely cutting edge. Usually there has to be
a saturation of the marketplace with the vulnerable software, before the
risk really increases.
Roger
************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Consultant
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, CHFI, TICSA
*email: roger@banneretcs.com
*cell: 757-615-3355
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****
-----Original Message-----
From: Jon Lawhead [mailto:samurai@berkeley.edu]
Sent: Tuesday, September 27, 2005 12:01 AM
To: security-basics@securityfocus.com
Subject: Windows Vista current flaws
Greetings all,
I work in Network Security for UC Berkeley's residence halls. We have a
list of several "minimum security standards" that we require all
connected computers to meet before being allowed access to the network
(stuff like having a firewall program, antivirus, etc). One of the
standards involves having the latest patched version of a secure
operating system. I have a user on the network who wishes to run a
(legitimately acquired, or so he says) version of Windows Vista beta
version.
Before I decide on this, I wanted opinions on whether or not this is a
good idea. My first instinct is to disallow any beta operating systems
simply on the grounds that they'll be buggy by definition and may
potentially have serious security flaws, but I can't find anything to
back this up. Just wondering if I could get a few opinions on whether
or not this is a good idea. Thanks!
Jon Lawhead
Network Security Coordinator
Residential Computing
University of California, Berkeley
- Previous message: Mike Fetherston: "RE: Software Firewalls"
- Maybe in reply to: Jon Lawhead: "Windows Vista current flaws"
- Next in thread: Lance.Druger_at_wellsfargo.com: "RE: Windows Vista current flaws"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
