You will have noticed the previous two posts were about Vista changes. Why did I post them? Well because I am actually FINALLY forcing myself to really dig into it and understand how it impacts joeware. Honestly I should have spent considerable time on this before but I will use the excuse of being far too busy with the job that pays for my food and housing…. If I was dedicated to my software business, this would be unacceptable and I would need to knock myself on the head. Since the software business is “on the side” I am not so impatient with myself and less willing to give myself a concussion for not spending time playing with the new stuff… Truth be told, for work I am happy when I get to play with even * 2003 revision level Microsoft stuff, I seem to spend a lot of time working on figuring out Windows 2000 and Exchange 2000 revision level issues… Longhorn and Vista aren’t even words I can utter at work as it just isn’t in the cards in a near time frame for the businesses I work on at the moment.
The reading I have done certainly indicates there is a rather large change in the security posture of the Windows client OS and the same will likely be so with Longhorn. I expect it will piss some people off. I expect that the pissed off folks will fit into a couple of categories
1. People who have already done substantial work to lock their environment down and have come up with good and realistic safe ways for handling management.
2. People who don’t give a shit about how secure things are and just want to get “it done” with “it” being whatever they need to do.
The first set will grumble and piss and moan but will get over it and find new ways to do things and after a month or several months will be just as efficient as they are now. The second set…. I am more worried about them. They will likely look at disabling everything and not work towards cleaning up and doing things “the right way”. If you are in that second set of people[1], I urge you now to start taking security seriously. Just because you have never had a problem, or more accurately you have never detected a problem, doesn’t mean you aren’t having a problem or that you won’t have a problem in the future.
I think it will take a bit for all of us to spin up on the new stuff and beat Microsoft up for any bad/incorrect documentation we find. One the RTM version of Vista is out and you start hitting docs that aren’t correct, I highly encourage you to tell Microsoft so they can fix it. If you don’t know how to get that feedback to them, contact me via my email address and let me know the details, where the document came from (actual URL) and what you found wrong with it and I will look into getting that feedback to Microsoft. I consider it to be extremely important because bad documentation is simply going to encourage people to turn off valuable good security features because they won’t think they are working properly.
joe
[1] These would be the folks who stumbled on this blog, I am sure the folks who regularly read this blog are far more enlightened than this. If they weren’t the type of person who took security seriously, I don’t really much expect they would enjoy reading what I usually have to say.
Good blog, I’ll be forwarding this one along to a few people I know. I can completely understand your statement about Exchange 2003 or Server 2003. One place I’m at is on 2000 for both and another is just starting to migrate to 2003. I was recently told that I’d be fired if I installed R2 on a box…sometimes I just don’t have the energy to argue.
I’m guessing 2010 for Vista/E2K7/W2K7 but that is why we have virtual machines and test labs and reading MVP blogs and activedir.org.
In my part of the country all you need is a CISSP and you can get a decent high level job in security. Yes a 5 day boot camp can get you close to six figures. (now I need to go back and read your MCSE rant haha)