Understanding Windows Vista Service Hardening
Microsoft has been touting Windows Vista as the most secure Windows ever. Backing up that claim, Microsoft has included a number of new security features in the operating system. Thanks to pacpis for this news.
windows -
comments -
3.9.2007 Hardening Windows XP Professional
Windows XP has considerably more functionality than Windows 2000. With this functionality come more services and more potential security holes. Some of the measures undertaken by IST to reduce the risk are outlined in the extracts below. These are the security-related sections IST follows when building a Windows XP image for distribution within Academic Support.
NOTE: Most of these changes require you to sign on as an administrator.
The first and most important change to be applied is to set a password on all user accounts. Next it is very strongly advised that you do not log on with an administrative account but rather a ?User? or ?Power User? account.
windows -
comments -
Understanding Windows Vista Service Hardening
Microsoft has been touting Windows Vista as the most secure Windows ever. Backing up that claim, Microsoft has included a number of new security features in the operating system. Thanks to pacpis for this news.
windows -
comments -
3.9.2007Understanding Windows Vista Service Hardening
Microsoft has been touting Windows Vista as the most secure Windows ever. Backing up that claim, Microsoft has included a number of new security
features in the operating system. These new features ar..
winbeta.org -
04.09.2007Understanding Windows Vista Service Hardening
Microsoft has been touting Windows Vista as the most secure Windows ever. Backing up that claim, Microsoft has included a number of new security
features in the operating system. These new features are designed to address some of the common vectors by which previous versions of Windows have
fallen to anonymous miscreants and other criminals.
One such new feature in Windows Vista is known as Windows Service Hardening.
In older versions of Windows, services did not necessarily run with the least possible privileges. In fact, Windows services often ran under accounts
with very high level of access, such as the LocalSystem account. Further, users are often not aware of the services running on their systems, and do
not realise that some services are safe to disable. Finally, services and user applications ran in the same space, which could result in inappropriate
access. As a result of services running with privileges that did not match necessity, and services running that users did not require, Windows
desktops were left more vulnerable to attack.
winbeta.org -
04.09.2007IE7 for Windows XP Moves to Optional Updates
Some of our members are
reporting that earlier today Microsoft
removed Internet Explorer 7
from Critical updates (or
forced Automatic Updates if
set to Automatic) to Optional
updates, after a brief
disappearance all together
from the Windows Update
site.
Initial
reports indicate that Windows
Server 2003 still gets IE7 as
a critical update, most likely
because of the in-built
"hardening" that forces
Internet Explorer to confirm
web browsing outside of the
local intranet. Hardening is
set by default on Windows
Server 2003, a significant
security update over IE6.
However, the forced
update to IE7 on Windows XP
systems had Microsoft
scrambling to issue a patch
that blocks IE7 from being
shown on Windows Update.
Generally speaking IT system
managers roll out a browser
update only after extensive
testing, not when Microsoft
makes it available. I'd say
this move is one where
Microsoft really is listening
to the customer, and has been
widely appreciated in our
board
discussion.
neowin.net -
22.02.2007Hyper-V Security Guide
This Solution Accelerator provides instructions and recommendations to help strengthen the security of computers running the Hyper-V role on Windows
ServerĀ® 2008. It covers three core topics: hardening Hyper-V, delegating virtual machine management, and protecting virtual machines.
winbeta.org -
31.03.2009Microsoft Evaluating Yahoo Bid
Microsoft Corp is evaluating its bid for Yahoo Inc because the Internet company may have lost value since Microsoft made its offer, people familiar
with the matter said on Friday. The news, sent Yahoo shares down more than 5 percent in extended trade.
After weeks of silence, recent
comments from various sources to journalists suggest the software maker is hardening its stance and pushing Yahoo for action. The sources told Reuters
that Yahoo has lost key personnel, making the company less valuable, while generous severance packages it handed out to executives and full-time
employees in the case of a takeover have made it more expensive.
neowin.net -
05.04.2008Office 2003 SP3 to be mainly a security upgrade
Microsoft plans to make some
of the security improvements
and features it built into
Office 2007 available for
Office 2003 by releasing
Service Pack 3 (no release
date has been disclosed),
which will be primarily
focused on security, according
to Joshua Edwards, a technical
product manager for Office at
Microsoft. " We're trying
to take what we learned from
building Office 2007 and bring
as much as we can to Office
2003. We're not going to take
everything, but we will take
as much as we can ." So
far at least one apparently
serious security bug in Office
2007 has been reported.
Many of the changes
will be invisible to users,
hardening the applications and
file parsers against attacks,
Edwards said. Such changes
under the hood could help
protect against attacks that
exploit security
vulnerabilities in Office
applications. However, some
user features may also make it
to the older version,
including the ability to
select a preferred encryption
mechanism, a feature the U.S.
government requested for
Office 2007. The last service
pack for Office 2003 was
released in September 2005 and
also was aimed at beefing up
security, enhancing
application stability and
adding support for Microsoft
SQL Server 2005 and Microsoft
Visual Studio 2005.
neowin.net -
27.04.2007VM Security Risks: Phantom or Menace?
Virtual machines are threatening to crack the walls of data centers with a host of potential security threatsnothing that's been publicly exploited
yet but a fact that's borne out by a slew of vulnerabilities patched over the past seven months by major virtualization vendors
VMware, Microsoft and
XenSource.
David Lynch, vice president of marketing at
Embotics, a VM life-cycle management vendor, said during a presentation here at Interop Oct. 23 that a fundamental issue with
VMs is that they've come into enterprises via the back door, thereby slipping past standard security hardening. Meanwhile, VM sprawl has
virtualization instances popping up with nobody keeping track of them. Simply stated, organizations won't be able to secure these things, given that
nobody knows how many have been created, Lynch said.
"Even if you just replace
completely,
how do I make sure I replace all instances of virtual appliance?" Lynch told eWEEK following his presentation. "I asked the audience how many
people knew how many virtual machines . Three people put their hands up, out of about 50. That's a fundamental issue. People
don't know how many machines they have out there. How can you manage them? How can you make sure configurations are maintained, that they're where
they're supposed to be?"
winbeta.org - 25.10.2007
Who's Inflating Vista Security Expectations?
Opinion: Unsatisfied with
Microsoft's boring,
conservative claims, critics
invent new and unreasonable
ones that they can blame the
company for not meeting. As I
see it, the biggest question
in the security business this
year is how well Windows Vista
will hold up against what will
be the most concerted attack
in the industry's relatively
short history. The standards
for a fair analysis of this
question are more complicated
than many would have you
believe: Vista doesn't have
to be perfect in order to hold
up well. As even Microsoft
will tell you, if you actually
listen to what the company
says, nothing's perfect, and
a big part of hardening a
product against attack is to
be prepared for when a failure
occurs.
This is
why you keep hearing from
Microsoft about "Defense in
Depth." The idea is that a
failure in one form of
protection can be mitigated by
other protections. And these
protections don't stop with
what is provided in Windows
Vista. Any reasonable person,
business or consumer, will add
further security software to
Windows Vista. There is a
widespread consensus in the
security industry that Vista
is a more secure Windows and,
for what it's worth, the most
secure version of Windows
ever. Of course, they'll tell
you that's not enough, and of
course they're right.
neowin.net - 09.01.2007
Office 2003 to get security upgrade
Microsoft plans to make some
of the security improvements
and features it built into
Office 2007 available for
Office 2003, a company
representative said Thursday.
Service
Pack 3 for Office 2003 will be
focused on security, said
Joshua Edwards, a technical
product manager for Office at
Microsoft. "We're trying to
take what we learned from
building Office 2007 and bring
as much as we can to Office
2003," Edwards said in an
interview with CNET News.com.
Microsoft
hasn't yet set a release date
for the Office 2003 update,
which like other service packs
will be available as a free
upgrade. Also, there are no
details of what will be in the
update, other than that
Microsoft is "backporting"
work it did for Office 2007.
Click Read
More to view the rest of
this article.
jcxp.net - 28.04.2007
