Search:      heaven1580am.com  Web  Audio
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Resilient IT / Analytics and ROI

Preparing for Windows Vista

By Tom Schmidt

Today's evolving security threat environment has prompted an increasing number of enterprises to implement best security practices and defense-in-depth strategies. These organizations realize they need a broad set of solutions to protect their infrastructure and information.

With the imminent release of Microsoft's new Windows Vista operating system, enterprises will be newly challenged to protect themselves. While Windows Vista is expected to significantly improve security in the operating system itself, it does not provide the full protection that enterprises need.

In a report released earlier this year, Yankee Group security analyst Andrew Jaquith wrote:

"The new operating system will significantly improve the default security posture of Windows [and lead to a] substantial reduction in risk for most users. However, the Windows security problem will continue to be a permanent fact of life and Microsoft won't always be able to provide the mature enterprise management features enterprises want."

This article shows how the threat environment into which Windows Vista will be released should prompt enterprises to seek the most complete protection possible against risks to security, availability, performance, and compliance.

Out of the blue
Recently, the latest edition of the Internet Security Threat Report tracked the proportion of previously unseen malicious code threats. These are defined as distinct malicious code threats that are detected on decoy computers before they are detected by other means.

Between January 1 and June 30, 2006, 18% of all distinct malicious code samples detected were not previously seen. According to the researchers, a high proportion of previously unseen malicious code indicates that attackers are more actively attempting to evade detection by signature-based antivirus and intrusion detection systems.

One of the factors contributing to the increase in previously unseen threats is the number of variants within malicious code families. This indicates that attackers are commonly updating current malicious code to create new variants instead of creating new malicious code from scratch.

Previously unseen threats are particularly dangerous because traditional defenses, such as some signature-based antivirus products, are typically unable to detect them.

Off the radar screen
Researchers also concluded that the current threat landscape is populated by lower profile, more targeted attacks, which propagate at a slower rate to avoid detection and thereby increase the likelihood of successful compromise. For example, instead of exploiting server vulnerabilities, as traditional attacks often did, these threats tend to exploit vulnerabilities in client-side applications that require a degree of user interaction, such as word processors and spreadsheets. A number of these have been zero-day vulnerabilities. These types of threats also attempt to escape detection in order to remain on host systems for longer periods so that they can steal information or provide remote access.

Zero-day attacks, especially against Microsoft's Office products, have significantly increased in frequency this year. According to a July SecurityFocus news story:

"The deluge of vulnerabilities for the Office programs -- Word, Excel, PowerPoint, Outlook, and, for professional users, Access -- signals a shift in the focus of vulnerability research and underscores the impact of flaw-finding tools known as fuzzers. The vulnerabilities in Office also highlight the threat that such files, if remained unchecked, can pose to a corporate network. Not since the days of macro viruses and Melissa have Office files posed such a danger to computer security."

Increasing vulnerabilities
At the same time, overall vulnerabilities continue to multiply. Some 2,249 new vulnerabilities were documented in the first half of 2006. That's an 18% increase over the 1,912 vulnerabilities documented in the second half of 2005. It's also a 20% increase over the 1,874 vulnerabilities that were reported in the first half of 2005. More vulnerabilities were documented in this reporting period than in any other previous six-month period.

How to account for such increases? Researchers say the continued growth in vulnerabilities that affect Web applications is responsible. (Web applications rely on a Web browser for their user interface, use HTTP as the transport protocol, and reside on Web servers.) Vulnerabilities affecting Web applications accounted for 69% of all vulnerabilities that were documented in the first half of 2006. In many cases, Web applications don't undergo the same degree of quality assurance and testing as other applications.

Browser vulnerabilities
Given the rise in vulnerabilities affecting Web applications, it's no surprise that the Web browser has become a prime attack target. According to the Threat Report:

"Browsers are becoming more complex and feature-rich, which can expose them to vulnerabilities in newly implemented features. Due to the integration of various content-handling applications, such as productivity suites and media players, browsers remain a viable attack vector for many client-side vulnerabilities."

This is especially true of Windows, where the browser is associated with many other operating system processes and features. In the first half of 2006, 38 new vulnerabilities were documented in Microsoft Internet Explorer. That's a 52% increase over the 25 vulnerabilities published in the previous six-month period.

Looking ahead to Vista
Given that the various versions of Windows are deployed on an estimated 90% of desktop systems around the world, a concerted effort by attackers to discover and exploit shortcomings in Windows Vista is to be expected.

Organizations need to conduct thorough security audits to reduce possible exposure to attack with the new operating system. That may mean deploying Windows Vista only in isolated lab environments at first.

At the same time, enterprises need to continue to employ defense-in-depth strategies, which emphasize multiple, overlapping, and mutually supportive defensive systems to guard against single-point failures in any specific technology or protection method. This should include the deployment of regularly updated antivirus, firewalls, intrusion detection, and intrusion protection systems on client systems.

Above all, enterprises contemplating a move to Windows Vista must also look beyond the operating system itself to address broader security management requirements, including policy compliance, network access, remediation, and IT security infrastructure management.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Network and Infrastructure
Analytics and ROI
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

"The new operating system will significantly improve the default security posture of Windows [and lead to a] substantial reduction in risk for most users."

-- Yankee Group security analyst Andrew Jaquith
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Risks of Wireless Email
Playtime: 8 min 23 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.

Washington DC Wedding
Find Bridal Jewelry, Bridal Shoes, Washington, D.C. Wedding Expo, and other wedding resources in the Washington DC area from PartyPOP.com