Security Basics mailing list archives
RE: Windows Vista current flaws
From: "Roger A. Grimes" <roger () banneretcs com>
Date: Tue, 27 Sep 2005 12:33:08 -0400
I'm not sure there is a "right" position on this...only conjecture and opinion. Here's mine. Vista has several new good security features, that make it a more secure platform than XP, not the least of which is IE 7 and Least Privilege User accounts. It, no doubt, has new security flaws. But few of them will come out before its official release, and of those, none will be widely exploited now because the OS isn't popular enough to allow Vista-only malware to spread. So, overall,the risk is probably less than XP...but it's all conjecture in the end. Widely spreading malware is rarely cutting edge. Usually there has to be a saturation of the marketplace with the vulnerable software, before the risk really increases. Roger ************************************************************************ *** *Roger A. Grimes, Banneret Computer Security, Consultant *CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, CHFI, TICSA *email: roger () banneretcs com *cell: 757-615-3355 *Author of Honeypots for Windows (Apress) *http://www.apress.com/book/bookDisplay.html?bID=281 ************************************************************************ **** -----Original Message----- From: Jon Lawhead [mailto:samurai () berkeley edu] Sent: Tuesday, September 27, 2005 12:01 AM To: security-basics () securityfocus com Subject: Windows Vista current flaws Greetings all, I work in Network Security for UC Berkeley's residence halls. We have a list of several "minimum security standards" that we require all connected computers to meet before being allowed access to the network (stuff like having a firewall program, antivirus, etc). One of the standards involves having the latest patched version of a secure operating system. I have a user on the network who wishes to run a (legitimately acquired, or so he says) version of Windows Vista beta version. Before I decide on this, I wanted opinions on whether or not this is a good idea. My first instinct is to disallow any beta operating systems simply on the grounds that they'll be buggy by definition and may potentially have serious security flaws, but I can't find anything to back this up. Just wondering if I could get a few opinions on whether or not this is a good idea. Thanks! Jon Lawhead Network Security Coordinator Residential Computing University of California, Berkeley
Current thread:
- Windows Vista current flaws Jon Lawhead (Sep 27)
- Re: Windows Vista current flaws Micheal Espinola Jr (Sep 28)
- Re: Windows Vista current flaws Sean Earp (Sep 28)
- RE: Windows Vista current flaws Joe_Wulf (Sep 28)
- <Possible follow-ups>
- RE: Windows Vista current flaws Roger A. Grimes (Sep 28)
- RE: Windows Vista current flaws Lance.Druger (Sep 28)
- Re: Windows Vista current flaws DMORROW5 (Sep 28)
- RE: Windows Vista current flaws Kofron, Matt (Sep 28)
- RE: Windows Vista current flaws Lance.Druger (Sep 28)
- RE: Windows Vista current flaws Burton Strauss (Sep 30)
- RE: Windows Vista current flaws Cony Zhou 周圣 (Sep 30)
- Re: RE: Windows Vista current flaws kinoka2k (Sep 30)
- Re: Windows Vista current flaws Micheal Espinola Jr (Sep 28)