Microsoft Windows Vista SIRT Roundtable Discussion January 12, 2007

1. Microsoft Windows VistaSIRT Roundtable DiscussionJanuary 12, 2007 Harvard Townsend Interim University IT Security Officer harv@k-state.edu 532-2985 College Court 114

2. Agenda • Vista versions – their features and availability • Security features • Trend Micro and Vista • SIRT recommendations for deployment • Microsoft seminar Feb. 6 in Union 212 • Other issues • Q&A Windows Vista

3. Versions http://www.microsoft.com/windowsvista/getready/editions/default.mspx • Starter – not available in US • Home Basic – limited functionality • Home Premium – minimum for K-State home use • Business – minimum for K-State computers • Ultimate – $$$ (business+multimedia tools) • Enterprise – not available retail; volume license customers with Software Assurance only) Windows Vista

4. Availability • Developers – available now; could order Business version from SHI since November • Retail consumers (i.e., ship with new Dell, etc. computers) – January 30 • Can pre-order from SHI now (and amazon.com) • Dell, Gateway, HP offer Vista “Express Upgrade” with new computer purchase (usually only a shipping fee added) until March 15 • Union Computer Store doesn’t know pricing yet or when it will be available Windows Vista

5. Vista Security • “SD3” – security by design, default, and deployment • Is more secure, but… • Vulnerabilities already identified (selling for $50K) • Still susceptible to social engineering, “stupid user” attacks (click-happy users) • Extent of damage can be limited with “User Account Control” (UAC) • Users don’t have admin control by default • Can perform common tasks w/o admin rights • Administrator Approval Mode prompts user before performing admin task like installing software • Many control settings (is good, but more complicated) • Some applications may break with UAC Windows Vista

6. Other Vista Security Features • Windows Defender built in • Real-time spyware protection • Updates managed by WSUS or Windows Update • Prompts user if a program tries to modify a protected area of the Vista kernel (“PatchGuard” locks kernel) • SIRT will re-evaluate Spybot recommendation • Windows Firewall • Filters both inbound and outbound traffic • Different rulesets depending on type of network connection • Windows Security Center more user oriented and comprehensive Windows Vista

7. Other Vista Security Features • Malicious Software Removal Tool • cleans up malware missed by antivirus software • New version monthly via WSUS, Windows Update • Similar to Trend OfficeScan Damage Cleanup Services • Software Restriction Policies • Control environment in which applications can operate • Similar to Windows XP Pro • Internet Explorer 7 security features • Group Policies easier to work with, but voluminous Windows Vista

8. Other Vista Security Features • BitLocker • Encrypts entire Windows volume (but leaves system volume unencrypted) • Cannot boot Linux and look at Windows files • Prompts for PIN or uses USB token at boot-up • Can store encryption keys and protect integrity of boot code with TPM chip • Don’t lose your PIN or USB key! • Affects performance of the computer • Only in Ultimate and Enterprise versions Windows Vista

9. Other Vista Security Features • Encrypting File System (EFS) • Encrypt individual files and/or folders • Can store decryption key on smartcard • Can generate recovery key • If use with BitLocker, EFS keys protected (hacker can’t get password hash to try brute force cracking) • Can encrypt multiple drives and network shares • Available in Business, Ultimate, and Enterprise versions Windows Vista

10. Other Vista Security Features • Rights Management Services • Protect info in transit (e-mail, docs, web content) • Requires a server • Application has to be RMS-compatible • Device Control • Prevent users from installing certain devices, like USB flash drive or other removable storage • Can turn off AutoPlay or AutoRun Windows Vista

11. Vista Security • Windows Vista Security Guide: http://www.microsoft.com/technet/windowsvista/security/guide.mspx • VERY useful document – get it, study it • Chapters on: • Implementing the Security Baseline (Group Policy) • Protecting Against Malware (UAC, Defender, Firewall, Security Center, Malicious Software Removal Tool) • Protecting Sensitive Data (BitLocker, EFS, Rights Mgmt, Device Control) Windows Vista

12. Trend Micro • Still need AV software with Vista • No OfficeScan client for Vista yet • Current version = 7.3 • Vista-compatible version = 8.0 • Expected Q207 (April-June?) • Cannot run Windows without antivirus/security software Windows Vista

13. SIRT Recommendations • Hold off on deployment until Trend Micro releases a compatible OfficeScan client • Use Business version or better for campus computers • Use Home Premium or better for personal computers brought to campus • Consider implementation plan carefully • Test all applications thoroughly • Don’t be in any hurry Windows Vista

14. Microsoft Visit • At K-State Feb. 6, Union 212 • Two sessions: • 10-11:30 A.M. – general overview of Vista and IE7, general Q&A • 1:30-3:30 P.M. – technical details, licensing, security, in-depth Q&A • Will be announced in IT Tuesday and sirt-contacts mailing list Windows Vista

15. Other Issues • License downgrade? Are probably some options, but unsure of details at this time • Can buy XP Pro for another year • License activation under Volume License Agreements http://www.microsoft.com/technet/windowsvista/plan/volact.mspx • Samba broken with default Vista configuration • Other applications reported to have problems – test! • New user interface – will be challenging transition for some Windows Vista

16. Q&A? Windows Vista