Manualshelf

Datasheet

ManualsBrandsWiley ManualsSoftware978-0-470-11805-4
12345678910
10
Part I: Vista Security Essentials
to software and systems development and deployment, and are indicative of
the Microsoft commitment to security. Here, in a nutshell, are the principles:
Secure by Design: This principle addresses the overall design and archi-
tecture of the application. The application is built upon solid security prin-
ciples that take into account various threats and security vulnerabilities.
Secure by Default: This is a principle that is used to reduce the attack
surface of an application or system. By default, features or services that
aren’t needed are turned off, and applications aren’t given any more
authority than needed. As more features are needed, they can be
enabled. However, by default, the system is as secure as possible.
Secure in Deployment: This principle is related to keeping systems and
applications up to date with OS or application patches to reduce any
vulnerabilities.
Secure in Communications: This principle relates to how an organization
communicates security best practices. This communication plays a critical
part in an organization’s ability to have a secure computing environment.
The Vista OS consists largely of new code that was written under the aus-
pices of this methodology, and any existing code leveraged by Vista was
reviewed and revised to make it more secure. A variety of new features and
functionality are available in Vista that assist the user in restricting user
access, defending against spyware and malware, protecting against network
related threats, and more.
The Vista User Account Control
Microsoft added a feature in Vista that provides some mitigation to a
common mistake made by many users: namely, frequently using an account
with elevated privilege to perform everyday tasks. Users mistakenly provide
an account that they commonly use to log on to their system with the ability
to modify system settings, change the Registry, install software, and more.
What they don’t realize is that this creates a substantial vulnerability if a mal-
ware program is executed in the context of such an account. The malware
can then have authority to perform tasks and cause damage that it might not
have otherwise been able to do.
User Account Control is essentially an intermediary that requests user consent
prior to performing a task requiring elevated permission, such as changing
system settings, installing software, and so on. In this way, it effectively treats
every user as a standard user by default. Even if an account has the privileges
to perform these elevated tasks, the user is prompted (see Figure 1-1).
For more on setting User Account Control, see Chapter 4.
05_118054 ch01.qxp 10/11/07 9:38 AM Page 10