Windows Vista availability
Tonight, Windows Vista will go on sale to consumers. For many Microsoft subscribers (mostly businesses), it has been available since December. If you have any particular security related "gotchas", let us know.
A couple things to consider before jumping into Vista:
There has been some talk about "Vista Phishing". Essentially e-mail viruses that will trick users unfamiliar with Vista into downloading and installing malware. Again. Let us know if you see any of that.
Great URL at Indiana Univeristy, submitted to use by David: http://kb.iu.edu/data/aurg.html
Update: Several readers have pointed out that there are already updates available for Vista, so make sure you have configured Automatic Updates or are using WSUS (or similar) to keep your systems patched.
A couple things to consider before jumping into Vista:
- Make sure your Anti Virus solution works with Vista.
- Windows Vista's firewall is configured by default to allow all outbound connections. You may want to tighten this down. There are a few specific outbound "allow" rules which you should probably keep enabled (for example for DNS and DHCP). So by default, the outbound firewall comes with "all traffic allowed" + specific "allowed" rules. I know, this sounds redundant, but the idea is to keep your system working even if you switch the default rule to block outbound traffic.
- IPv6 will be enabled by default. Make sure your firewall will block it and related tunneling protocols.
- Note that Windows Vista will not prevent users (or administrators) from doing stupid stuff ;-). If you know how to secure XP or your current Windows version, stick with it for production use until you are familiar with Vista.
There has been some talk about "Vista Phishing". Essentially e-mail viruses that will trick users unfamiliar with Vista into downloading and installing malware. Again. Let us know if you see any of that.
Great URL at Indiana Univeristy, submitted to use by David: http://kb.iu.edu/data/aurg.html
Update: Several readers have pointed out that there are already updates available for Vista, so make sure you have configured Automatic Updates or are using WSUS (or similar) to keep your systems patched.
Keywords:
0 comment(s)
My next class:
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
×
Diary Archives
Comments