Interesting article, and a good peiece of history.

I have been running Service Pack 2 RC2 for a couple of weeks now. I have been fiddling with the new firewall and it seems to be ok. I have not stress tested the secuirty updates yet, but the box seemed to survive open to the net on the UK ISP "NTL" who are renowned for having a discoverable routable internal link between their clients resulting in large numbers of script kiddies and floating trojans on the network.

I too would have liked to hear Mircosoft say that they would put this technology into Windows 2000. If I am correct though, most of the firewall technology in use in the new firewall is based upon the firewall package which we saw introduced first in XP. While obviously they could code back and rebuild parts of Windows 2000, this will not increase their sales so to expect that is somewhat unreasonable. Open source users dont suffer this because they dont have to pay for updates, and updates can patch smaller parts of the OS (by source), so generally its easier; remember paid software and open source software do operate in different markets :)

As far as securing Windows goes, we all know what a nightmare it can be. That having been said, it is also true to say that you can stop most of your problems by enforcing strong group policy settings (on IE & IPsec) and by running a strong gateway firewall and a working Virus scanner. Perticularly important features of which being the scanning of e-mail. Many of the Outlook holes can also be worked out using Group Policy settings.

Moving away from Internet Explorer is harder in business as commonly many of your users are unlikely to enjoy change, even when the difference in front end is so small. Of course if you spent some time on it, they would hardly notice, as Firefox implements all the keyboard shortcuts in IE, and you could skin it to look the same; commonly though (and this probably is not true of security focus readers) most IT admins are either too busy or too lazy to put that effort into learning and deploying a new application. Furthermore there are still some niggles with Firefox which need to be addressed. Realistically its not quite version 1.0 software and it thus still has teething problems of a 0.91 baby.

The final problem that I see spreading like the plague is the Spyware and Malware issue. With Microsoft moving towards a more secure OS, with a strong network its Malware that is going to remain the issue. Users needlessly downloading "Free Desktop Games" and running them. Obviously if they have no install privilages that helps, but many of the free games installers dont need Admin rights, and unless the user cant add to the local drive, the install will run.

Maybe we should all start an Abuse database for sites which distribute Malware and Spyware, like the spam databases. Unlike the spam problem websites of genuine businesses dont tend to be infected with Malware or Spyware, so it may not be an unreasonable solution.

Only time will tell if this update really means more security under XP. Another idea for the mill as I leave though. With the new scope options introduced in the SP2 firewall it would be possible to lock all of your file transfer and management traffic to one server group. If an infection of a blaster like virus hit the network then, it would only create a local increase in traffic, and provided the server is not infected, the other machines would not get involved. That at least could be a step in the right direction.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/254/27419#27419