Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Windows Vista current flaws

From: "Roger A. Grimes" <roger () banneretcs com>
Date: Tue, 27 Sep 2005 12:33:08 -0400
I'm not sure there is a "right" position on this...only conjecture and
opinion. Here's mine.

Vista has several new good security features, that make it a more secure
platform than XP, not the least of which is IE 7 and Least Privilege
User accounts. It, no doubt, has new security flaws. But few of them
will come out before its official release, and of those, none will be
widely exploited now because the OS isn't popular enough to allow
Vista-only malware to spread. So, overall,the risk is probably less than
XP...but it's all conjecture in the end.

Widely spreading malware is rarely cutting edge. Usually there has to be
a saturation of the marketplace with the vulnerable software, before the
risk really increases.

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Consultant 
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, CHFI, TICSA
*email: roger () banneretcs com
*cell: 757-615-3355
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****

 

-----Original Message-----
From: Jon Lawhead [mailto:samurai () berkeley edu] 
Sent: Tuesday, September 27, 2005 12:01 AM
To: security-basics () securityfocus com
Subject: Windows Vista current flaws

Greetings all,

I work in Network Security for UC Berkeley's residence halls.  We have a
list of several "minimum security standards" that we require all
connected computers to meet before being allowed access to the network
(stuff like having a firewall program, antivirus, etc).  One of the
standards involves having the latest patched version of a secure
operating system.  I have a user on the network who wishes to run a
(legitimately acquired, or so he says) version of Windows Vista beta
version. 
 Before I decide on this, I wanted opinions on whether or not this is a
good idea.  My first instinct is to disallow any beta operating systems
simply on the grounds that they'll be buggy by definition and may
potentially have serious security flaws, but I can't find anything to
back this up.  Just wondering if I could get a few opinions on whether
or not this is a good idea.  Thanks!


Jon Lawhead
Network Security Coordinator
Residential Computing
University of California, Berkeley
Previous By Date Next
Previous By Thread Next

Current thread: