Re: Short List of Security Questions

dw85745 wrote:
As a Programmer and an End User one of my biggest frustrations is getting
"WHAT YOU SHOULD DO" Security Information related to Windows
I can write code all day long, but when it comes to securing Windows I knock
my head against the wall.

A short list of my questions are:

For each OS (Win98 through XP) and each version (Home and Pro):

1) Is default best?
No matter what OS you use, where do you get a detailed explanation regarding
what all the switches do in Internet Explorer and whether you should set
them or not. The #$%^% poor explanation you get when you right click on the
checkbox is useless as far as I'm concerned.

The default is usually the best in the newer Linux distros,
but never in Windows. The most secure thing you can do
in Windows is immediately download and install Firefox
and/or Opera and avoid the blue "e" as much as possible,
as well as other programs that use it, like Outlook and
Outlook Express.

Also in the case of Windows, each new version has been
more bloated, complex and with more points of exploit
than the prior versions, with any new security enhancements
more than offset by greater risks. Win3.11/Win95/Win98
were easy to secure with a couple well-chosen 3rd party
programs, but Win2k and especially XP are much more
problematic to both secure and to clean-up. Look at this
one guide covering Win2k/Xp:
http://www.markusjansson.net/exp.html

Even the file system is suspect -- while it's been touted
that NTFS is more secure and robust than Fat32, but in
real life it's very easy to bypass NTFS security and a
bad spot on the hard drive will mess up Windows
regardless, and more so, some of the newer worms
actually take advantage of NTFS to hide themselves:
http://www.f-secure.com/v-descs/potok.shtml


2) How do you keep an installed program from having access to other
programs or other parts of the system in a standalone home computer (here I
refer to file permissions and other security measures) ?

Windows never had that fine a level of security, but
Linux and other OS's have. Supposedly VIsta will have
some of this type of security.


3) Win98 had a big problem with NetBEUI. Do other windows OSes have this
type of or similar issues?

Well, TCP/IP has quite a number of security issues
in itself, so that's universal:
http://oldwww.cs.umu.se/local/kurser/TDBD03/vt96/lect/sec+fw2.html


4) After I go to Windows Update and download the security patches, what
changes have been made to my system ?

Mostly stuff Microsoft is not going to reveal the details
about. The bulk of the patches seem to be workarounds,
often of temporary effect, for exploits taking advantage of
highly problematic, ill-conceived design "features" often
involving Internet Explorer.

If Microsoft was truly serious about security, they would
have long ago rewritten IE to be a standard, standalone
application with no artificially elevated privileges and gotten
rid of ActiveX altogether.


5) What are the security differences between Home Edition and Pro Editions
(IMHO MS needs to include all security capability in Home as well as Pro)?

Think of Home as "Crippled Pro". There are differences in
what you can control, but the main security difference is
that the Administrator password in Home is blank and
is normally always left blank because you need to
restart in Safe mode to access the Administrator
account, which most Home users have no clue about
doing.


--------------------------------------------------------------
If anyone knows of an EXCELLENT book or a website that explains this by OS,
it would be appreciated.

Thanks
l

That's actually a can of worms. You can find all sorts of
reports claiming blah-blah has superior security because
of blah-blah-blah, and if you use this, this, and this
measure of security then blah, blah, blah.... But often
there are agendas behind such stuff.

With that said, here are some things to peruse:
http://www.theregister.co.uk/security/security_report_windows_vs_linux/
http://www.itjungle.com/two/two110304-story03.html
http://en.wikipedia.org/wiki/Comparison_of_operating_systems

FYI.

-BC

.

Relevant Pages

  • Re: The Myth of the secure Mac
    ... >>> secure than Home. ... Though this really has nothing to do with security. ... >>> I, on the other hand, was speaking about overall Windows security, not ... I do believe that Microsoft could adjust their prices for the ...
    (comp.sys.mac.advocacy)
  • [NT] Cumulative Security Update for Internet Explorer (MS04-025)
    ... Get your security news from a reliable source. ... * Microsoft Windows NT Workstation 4.0 Service Pack 6a ... Navigation Method Cross-Domain Vulnerability ...
    (Securiteam)
  • Re: Windows Is Now More Secure Than Linux
    ... >OpenSSL is compiled into just about every 'secure' application in the Unix ... You know, a lot of people see me as a "Windows defender", mainly because I pop ... The solution, if there is one, to security problems, is to choose a supplier ...
    (comp.security.misc)
  • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
    (Securiteam)
  • Re: The Myth of the secure Mac
    ... OEM Windows XP Home goes for a bit under $100. ... >> secure than Home. ... Though this really has nothing to do with security. ... Microsoft counts on third-party developers to provide more ...
    (comp.sys.mac.advocacy)