Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2007-01-29 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Windows Vista availability

Published: 2007-01-29
Last Updated: 2007-01-30 21:22:00 UTC
by Johannes Ullrich (Version: 3)
0 comment(s)
Tonight, Windows Vista will go on sale to consumers.  For many Microsoft subscribers (mostly businesses), it has been available since December.  If you have any particular security related "gotchas", let us know.

A couple things to consider before jumping into Vista:
  • Make sure your Anti Virus solution works with Vista.
  • Windows Vista's firewall is configured by default to allow all outbound connections.  You may want to tighten this down.  There are a few specific outbound "allow" rules which you should probably keep enabled (for example for DNS and DHCP).  So by default, the outbound firewall comes with "all traffic allowed" + specific "allowed" rules.  I know, this sounds redundant, but the idea is to keep your system working even if you switch the default rule to block outbound traffic.
  • IPv6 will be enabled by default.  Make sure your firewall will block it and related tunneling protocols.
  • Note that Windows Vista will not prevent users (or administrators) from doing stupid stuff ;-). If you know how to secure XP or your current Windows version, stick with it for production use until you are familiar with Vista.
As with all major upgrades like this: Test! Test! Test! Don't implement with haste.  Ultimately, this will be a forced upgrade as support for XP will  cease at some point.  So look at alternatives (e.g. Vista or another OS) in time.  Support for XP will be available through Apr 2009 (with "extended support", meaning security patches, theoretically available until 2014, see MS press release).  See Microsoft's support lifecycle policy

There has been some talk about "Vista Phishing".  Essentially e-mail viruses that will trick users unfamiliar with Vista into downloading and installing malware.  Again. Let us know if you see any of that.

Great URL at Indiana Univeristy, submitted to use by David: http://kb.iu.edu/data/aurg.html

Update:  Several readers have pointed out that there are already updates available for Vista, so make sure you have configured Automatic Updates or are using WSUS (or similar) to keep your systems patched.
Keywords:
0 comment(s)
Diary Archives