Microsoft Vista for IT Security Professionals

PatchGuardIn 2002, Microsoft announced its Trustworthy Computing Initiative. Unless you were living in your Y2K fallout shelter at the time, you were well aware of the numerous security issues that Microsoft was facing on a daily (if not hourly) basis. In a paper by Craig Mundie (et al.), trust from a user perspective was broken down into four areas: Business Integrity, Privacy, Reliability, and Security.
Reliability and Business Integrity are straightforward; users should expect that the products be reliable and that vendors shall act in a reasonable manner. In Security, users are believed to expect the traditional CIA triad of security: confidentiality, integrity, and availability (see Figure 5.20). The belief was that users should be confident that their systems will be able to withstand an attack. Likewise, with Privacy, Microsoft s belief was that at no time should user data be vulnerable to outside forces.
These principles were to be a key component of Windows 2003, which was supposed to be much more secure than previous Windows releases. To be fair, the number of patches specifically for Windows 2003 (not including Internet Explorer or Media Player) was greatly reduced from those of Windows 2000. Microsoft also did a much better job of being proactive as opposed to reactive to security flaws. The introduction of Windows Update, Software Update Services (SUS), and later, Windows Server Update Services (WSUS), helped remove some of the black cloud from Microsoft with relation to security. Unfortunately, there continue to...