RE: Which Windows OS is Safest

["Rusty Chiles" <rustychiles () cox net>]

The safest windows is whatever version is able to mitigate the latest and
greatest 0-day attack. If security comes before convenience, then perhaps
you should look into windows 2003, which has a more secure default
configuration in combination with Ciscos CSA (Cisco Security Agent) which
sits between the API and Kernel of the os, and only allows what you allow to
execute. This can be managed via a central mgmt console, so deploying a
large number of desktops and the management of them is simplified. Yes, you
will need to tune your config for the environment, but once this is done you
will be in a better position should you be "targeted" by a exploit, hack
attack, etc. In tests this solution has mitigated most if not all of the
latest 0-day exploits against the windows operating system in addition to
network born virus attacks. No solution is perfect, but this in combination
with religous patching, and a well secured and segmented network with good
traffic filtering / control is your best bet.

Have fun,

-Rusty


-----Original Message-----
From: Leon North [mailto:leon_nc () linuxmail org]
Sent: Monday, June 28, 2004 3:16 AM
To: security-basics () securityfocus com
Subject: RE: Which Windows OS is Safest


So far one of every Win OS has been suggested, so I'll buy into the debate,
probably to my peril! :)

Using an out of date Windows OS is simply security through obscurity. This
is not a good approach.

What you want is an OS which you have the greatest ability to lockdown.
Never mind these systems are widely publicised as being compromised, this is
nearly always due to the admin not protecting it properly, more so than the
OS itself. For the desktop, start with the latest version WinXP, take
advantage of the inbuilt security features (e.g. NTLMv2 removing LM hash,
NTFS with secure non-default permissions, various local security policy
settings etc), then follow general best practices for any OS (e.g. patch
managing by testing and updating within a given timeframe etc). You will
then be in a far better situation than any older Windows alternative.

Installing an old OS and hoping it won't be a 'sexy' target is little better
than sticking your head in the sand.

Then again if your religion tells you different, preach away...

Leon



I would like to know what is regarded as the safest Windows OS as I need to
set up a few new computers for system administrators to use and I would like
to use a Windows OS as the system administrators who will be using the
computers have only experience with Windows. I know that the wisest thing to
do wouold be to teach them how to use another OS like OpenBSD but it isn't
possible.

 Thanks.

 Artturi Lehtiö
 artturi.lehtio () vidafalt com



>



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


--
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org
This allows you to send and receive SMS through your mailbox.


Powered by Outblaze

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------