Windows IT Pro UPDATE--Revisiting the Vista Hack

ITPro Today

August 24, 2006

9 Min Read
ITPro Today logo in a gray background | ITPro Today

----------------| Windows IT Pro UPDATE |----------------

In This Issue * Revisiting the Vista Hack * From Windows IT Pro: What is Microsoft System Center? * From the Community: Real Physical Security * Ensure Secure Exchange and Disposal of Your Information

===============

THESE ADVERTISERS HELP US TO BRING YOU WINDOWS IT PRO UPDATE FREE OF CHARGE. NETWORK TESTING LABS COMPARES ARGENT TO MOM 2005
http://www.argent.com/w/whitepapers_mom.html?Source=WNT The Starter PKI Program
http://www.windowsitpro.com/go/whitepapers/thawte/pki/?code=ITProMid0822 Automatically fix links when you move or rename files!
http://www.linktek.com/downloads/download.htm

==========

Sponsor: Argent Software NETWORK TESTING LABS COMPARES ARGENT TO MOM 2005 Network Testing Labs, one of the world's leading independent research companies, concluded that "Argent's suite had a smaller footprint, was more scalable, supported more platforms, had a more responsive and intuitive user interface and gave us more useful reports," the report says. "Argent's suite of monitoring products emerged from our testing with flying colors." Download this FREE Comparison Paper now: http://www.argent.com/w/whitepapers_mom.html?Source=WNT

==========

***Commentary: Revisiting the Vista Hack
by Paul Thurrott, News Editor, [email protected] In the August 8 edition of Windows IT Pro Update ("Hacking Windows Vista" at http://windowsitpro.com/Article/ArticleID/93108/93108.html ), I described Joanna Rutkowska's efforts to bypass Windows Vista security during the Black Hat USA 2006 conference, held recently in Las Vegas. Her hack, called Blue Pill (ostensibly a reference to a scene from "The Matrix"), used AMD's Pacifica virtualization technologies, plus a heaping helping of the oldest hack of all time--human error--to work its magic. Because of these last two points, a number of readers cried foul at my attempt to label this event a valid Vista hack. Microsoft, as you might expect, was quick to disagree as well. In a posting on the Windows Vista Security blog (see URL below), Austin Wilson, a director in Microsoft's Windows Client Business Group, described the Blue Pill demonstration as an example of why there is no "silver bullet" when it comes to security. "It's very difficult to protect against an attacker that is sitting at the console of your computer with an administrator command window open," he wrote. "Both [demos that were shown] started by assuming that the person trying to execute the code already had administrative privileges on the computer ... She [demonstrated] a way for someone who has admin level access to attempt to insert unsigned code into the kernel on the x64 versions of Windows Vista." Wilson says that Microsoft is investigating whether Rutkowska's hack requires the company to make any changes to Vista prior to launch. But Wilson makes a good point: Vista is designed to ensure that users don't typically have administrator-level access, so this sort of hack won't be very common. Fair enough. My point in publicizing the Black Hat episode wasn't so much to point out that Vista was already successfully hacked, but rather to emphasize that Vista, like Windows XP before it, will be a primary attack vector for hackers because of its popularity. The question, of course, is whether Vista will suffer from the same withering array of electronic attacks that dogs XP today. The Black Hat episode is simply a warning that the bad guys will be looking very closely at Vista indeed. But there is more evidence that Vista won't be impervious to attack. Last week, Microsoft actually released two critical security updates for Vista Beta 2 and later. The software maker attempted to paint these releases in a positive note, with Microsoft's Alex Heaton noting that "Windows Vista is the first major Microsoft product release that will be serviced with security updates throughout the beta process ... Of the seven critical Windows updates released in August, only two (MS06-042 and MS06-051) also affect Vista Beta 2 or later." "Only" two? I mean no offense, but was that meant to be funny? If so, then customers might also find it hilarious that Microsoft doesn't include information about beta products in formal security bulletins. Fortunately, you can find out a bit about them in the Microsoft article," Available updates for Microsoft Windows Vista Beta 2" (http://support.microsoft.com/kb/921583/en-us ), which highlights all Vista updates that Microsoft has released since Beta 2: My point here is simple: Although Vista is a huge step up from XP from a security standpoint--honestly, an absolutely necessary and commendable upgrade--it shouldn't be viewed as a panacea of any kind. If this summer's handful of Vista critical security updates is any indication, Microsoft's corporate customers will be justified in making a slow, measured migration to Vista. Service Pack 1 (SP1) anyone? Back From Black Hat (Windows Vista Security Blog)
http://blogs.msdn.com/windowsvistasecurity/archive/2006/08/07/691441.aspx

=

==========

Sponsor: Thawte Test the Starter PKI Program to benefit your company with timesaving convenience and secure multiple domains and host names. http://www.windowsitpro.com/go/whitepapers/thawte/pki/?code=ITProMid0822

==========

***From Windows IT Pro: What is Microsoft System Center? John Savill offers a brief overview of what's new in Microsoft's rebranding of its management suite. Read the details at the following URL:
http://www.windowsitpro.com/Article/ArticleID/50225/50225.html ***From the Community: Real Physical Security Read Orin Thomas's latest posting to the Hyperbole, Embellishment, And Systems Administration blog at
http://www.windowsitpro.com/Blog/index.cfm?action=blogindex&DepartmentID=978 ------ Tell us what you think in this month's Instant Poll: What's your primary method of rolling out service packs?
http://www.windowsitpro.com ~~~~ Hot Spot: ~~~~ Automatically fix links when you move or rename files! Patented LinkFixerPlus is the first application that automatically fixes broken links in Excel, Word, Access, PowerPoint, Acrobat, InDesign, PageMaker, AutoCAD and other files when performing data migrations due to: server consolidations, server name changes, path name changes or folder reorganizations! Detailed broken link reporting too! Download the FREE trial version NOW at http://www.linktek.com/downloads/download.htm

==========

New and Improved
by Blake Eno, [email protected] Ensure Secure Exchange and Disposal of Your Information
EMC announced EMC Documentum Information Rights Management (IRM) Services and EMC Documentum Records Manager 5.3 to help you respond faster to changing regulatory requirements while enabling more secure information sharing and disposal. Documentum IRM Services leverages EMC's content management software from the acquisition of Authentica to give you more control over information access and use. Documentum IRM Services also provides an audit trail of all document activity. Documentum Records Manager helps you control the entire lifecycle of corporate records, from creation and protection to access and destruction. For more information, contact EMC at 508-435-1000.
http://www.emc.com WANTED: Your reviews of products that you've tested and used in production. Share your experiences and ratings of products to [email protected] and get a Best Buy gift certificate.

==========

***Events and Resources: http://www.windowsitpro.com/events Cross-Platform Data Roadshow Oracle professionals will cover key concepts about Oracle and SQL Server in enterprise database computing. This event provides invaluable information, including benefits of 64-bit computing on the Windows platform, SQL Server BI for Oracle, high-availability proof points for SQL and Oracle, and much more.
http://www.windowsitpro.com/roadshows/sqloracle/?code=0823emailannc Best Practices for Migrating Applications to a New Operating System Take the necessary steps for application management, from converting legacy applications to MSI to conflict and usability testing. Don't overlook an important component during your OS migration--join us for this free on-demand Web seminar.
http://www.windowsitpro.com/go/seminars/macrovision/appmanagement/?partnerref=0821emailannc Microsoft Tech·Ed: IT Forum Discover more at Microsoft's premier EMEA conference designed to provide IT professionals with technical training, information, and community resources to build, plan, deploy, and manage the secure connected enterprise. Visit the Website for further information and register before the Early Bird deadline of 29 September 2006 to save 300 euros.
http://www.microsoft.com/europe/teched-itforum
14 – 17 November 2006, Barcelona, Spain Total Cost of Ownership (TCO). It's every executive's favorite buzzword, but what does it really mean and how does it affect you? In this podcast, Ben Smith explains how your organization can use virtualization technology to measurably improve TCO for servers and clients.
http://www.windowsitpro.com/go/podcast/hp/virtualization/?code=0821emailannc Ensure that you're being effective with your internal network security. Are your DIY options protecting you against worms, BotNets, Trojans, and hackers? Make sure! On-Demand Web Seminar.
http://www.windowsitpro.com/go/seminars/alertlogic/outsourcing/?partnerref=0821emailannc

==========

==========

Monthly Online Pass--only $5.95 per month! Includes instant online access to every article ever published in Windows IT Pro, plus the latest digital issue. Order now:
https://store.pentontech.com/index.cfm?s=1&promocode=eu2068um Save $40 off Windows IT Pro Subscribe to Windows IT Pro magazine today and SAVE up to $40! Along with your 12 issues, you'll get FREE access to the entire Windows IT Pro online article archive, which houses more than 9,000 helpful IT articles. This is a limited-time offer, so order now:
https://store.pentontech.com/index.cfm?s=1&promocode=eu2068uw ==== Contact Us ==== About the newsletter -- [email protected] About technical questions -- http://www.windowsitpro.com/forums About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]

===============


This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today!
https://store.pentontech.com/index.cfm?s=1&promocode=eu205xwb

Subscribe to this newsletter at
http://www.windowsitpro.com/email

Make sure your copy of Windows IT Pro UPDATE doesn't get mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

Manage Your Account You are subscribed as %%$email%%

You are receiving this email message because you subscribed to this newsletter on our Web site. To unsubscribe, click the unsubscribe link:

http://list.windowsitpro.com/u?id=%%SUBSCRIBER_ID_TAG%%

View the Windows IT Pro Privacy policy at
http://www.windowsitpro.com/aboutus/index.cfm?action=privacy Windows IT Pro is a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department Copyright 2006, Penton Media, Inc. All Rights Reserved.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like