Security Basics mailing list archives

RE: Windows Vista current flaws

From: <Lance.Druger () wellsfargo com>
Date: Tue, 27 Sep 2005 12:10:30 -0500

Considering the small user base and that this is almost a complete
rewrite of windows there probably aren't too many active exploits.  I'd
allow it with the following caveats:

1. He must run a local bi-directional firewall (Windows Vista firewall I
believe is bi-directional) 

2. If exploits are uncovered he'll have to re-image the machine to the
standard. 

3. You offer no support or assistance

4. If you see suspicious traffic on the machine you'll kill the
connection

If he knows what he's doing he could just set up dual boot and you may
or may not be able to tell what he's running.  Better to be upfront than
to push him to work around the system.

No offence, but an un-patched XP machine is probably riskier at this
juncture, but I'm assuming the security standards aren't that high. This
is just my opinion.

Lance Druger


-----Original Message-----
From: Jon Lawhead [mailto:samurai () berkeley edu] 
Sent: Monday, September 26, 2005 9:01 PM
To: security-basics () securityfocus com
Subject: Windows Vista current flaws

Greetings all,

I work in Network Security for UC Berkeley's residence halls.  We have a
list of several "minimum 
security standards" that we require all connected computers to meet
before being allowed access to 
the network (stuff like having a firewall program, antivirus, etc).  One
of the standards involves 
having the latest patched version of a secure operating system.  I have
a user on the network who 
wishes to run a (legitimately acquired, or so he says) version of
Windows Vista beta version. 
 Before I decide on this, I wanted opinions on whether or not this is a
good idea.  My first 
instinct is to disallow any beta operating systems simply on the grounds
that they'll be buggy by 
definition and may potentially have serious security flaws, but I can't
find anything to back this 
up.  Just wondering if I could get a few opinions on whether or not this
is a good idea.  Thanks!


Jon Lawhead
Network Security Coordinator
Residential Computing
University of California, Berkeley

Current thread:

Windows Vista current flaws Jon Lawhead (Sep 27)
- Re: Windows Vista current flaws Micheal Espinola Jr (Sep 28)
  - Re: Windows Vista current flaws Sean Earp (Sep 28)
- RE: Windows Vista current flaws Joe_Wulf (Sep 28)
- <Possible follow-ups>
- RE: Windows Vista current flaws Roger A. Grimes (Sep 28)
- RE: Windows Vista current flaws Lance.Druger (Sep 28)
- Re: Windows Vista current flaws DMORROW5 (Sep 28)
- RE: Windows Vista current flaws Kofron, Matt (Sep 28)
- RE: Windows Vista current flaws Lance.Druger (Sep 28)
  - RE: Windows Vista current flaws Burton Strauss (Sep 30)
- RE: Windows Vista current flaws Cony Zhou 周圣 (Sep 30)
- Re: RE: Windows Vista current flaws kinoka2k (Sep 30)