Administering Windows Vista Security:  The Big Surprises cover Click here to purchase
click here to download chapter 1

Mark Minasi on Administering Windows Vista Security: The Big Surprises

Sybex has just published my book on Vista security.  I wrote it to provide a quick read that focuses on the eight biggest Vista security technolgies, the "paradigm smashers" that may at first irritate or befuddle but will, I think ultimately be seen as some of Vista's most important aspects.  (Well, "most important" after the new Vista games, that is.<g>)

I think it can save you a lot of time, teeth-gnashing and hair-pulling... so please permit me to tell you a bit about it.

Initially I was all set to largely ignore Vista.  I'm glad that I didn't, because that would have been a big mistake, but the mistake grew out of the fact that for a long time, the Vista betas looked, well, not much more than a kind of XP Service Pack 3 with an ... oddly Mac-like ... GUI bolted atop it.

But August 2003's infamous XP worm, Blaster, changed all that.  Microsoft basically threw away all of the XP-modified-to-become-Vista code and restarted the Vista project from scratch.  Yup, that's true:  even commands that we've been using for decades like xcopy often behave in slightly different ways than they've ever done before.  Now, that made Vista interesting:  a completely rewritten Windows!

What made Vista even more interesting, though, was that Microsoft decided to take a number of technologies that weren't supposed to appear until Longhorn server, like NTFS's new "no-fault" transactional nature, the new Windows Integrity Control security layer, and BitLocker's ability to fully encrypt drive C: in what appears to be a fairly secure manner, and implement them in Vista.  And, of course, when there's new stuff to talk about in Windows, then I get the itch to write a book about it.

I was already working with my co-author John Mueller to create a Mastering Vista title, and that'll be out later.  Like my earlier Sybex Mastering books, that's a soup-to-nuts explanation of Vista.  But it dawned on me that there was a need for another book; that's where Administering Windows Vista Security:  The Big Surprises comes in.  In short, I felt that Vista included eight new security technologies that make Vista more secure than any previous version of Windows, but that could either scare away the casual evaluator or that are so subtle — but nonetheless important — that they might not be noticed.

In the first case, tools like User Account Control and BitLocker are obvious to any techie considering whether to deploy Vista earlier or later, but they both at first blush to present sufficient complexity that the techie might decide to shelve Vista deployment for a year or two, and that'd be a shame.  In the second case, tools like Windows Integrity Control and the major revision of Windows services in Vista just might not get noticed, and that would be as great a shame, because they offer the potential to secure Vista better — but that potential can only be realized by admins equipped with the details on those technologies.

My aim, then, was to write as short a book as possible to clearly explain those eight technologies with the intent of making it as easy as possible for a technical Windows user to understand them.  At 266 pages, I think I succeeded on the length part; here's an synopsis of each chapter, including a downloadable chapter, so that you can decide how I did on the explaining part!  You may also find a perusal of the book's table of contents helpful here:

Vista's new doodads — especially the security stuff — interested me so much that I spent months studying them, experimenting with them and dissecting them.  I even taught myself C++ so as to write some utilities for exercising the new features, which you'll read about in the book.  I really enjoyed learning about what's new in Vista, but, as always, I enjoyed explaining it to my readers even more.

If you're interested in acquiring The Big Surprises, you can order the book at Amazon by clicking here.

I appreciate your taking the time to read this page.  If you purchase my new book, please let me know how you like it.  Thanks!

— Mark

Book Outline

  1. Introduction
  2. What's in the book, how it's structured.  The book's focus:  all-new stuff, as brief as possible while leaving room for humor!  Explains and where possible shows how to extend the new Windows security technologies

  3. Vista: The Little Surprises

    As this book's intended for early adopters of Vista, we start out with some of the non-security surprises, a collection of the things that will trip up or, sometimes, delight an admin just getting started with Vista.  (You can read this chapter online here.)

    1. The Admin account is gone, sort of
    2. Boot.ini's gone, BCDEDIT is here
    3. You're running IPv6 now
    4. NTFS gets rollbacks
    5. Undelete comes to Windows
    6. Encryption news
    7. Making the new Event Viewer do its stuff
    8. Understanding WinRM, Windows' new remote admin protocol
  4. Understanding User Account Control: “Are You Sure, Mr. Administrator?”

    The first thing that most people used to administering Windows will notice is UAC, User Account Control. It’s Microsoft’s big change in Windows functionality intended to help the Windows community, who are all used to running as full-power administrators, make the painful shift to running as a user. Instead of suggesting that we spend the whole day logged on as non-admin users and use RunAs to elevate ourselves in particular applications, UAC is a sort of "reverse RunAs" in that it lets us stay logged in as admins all day, while at the same time reducing the amount of trouble we can get ourselves into. 

    UAC’s probably a good thing in the long run, but it can be frustrating for the veteran administrator if not understood. That veteran admin could choose to simply tweak a couple of group policies to shut UAC off — and this chapter shows how — but that admin just might choose differently if she understood exactly what UAC does. This chapter goes beyond the UI and explains the new concept of “split tokens” and what they mean for both admins and users… and how not disabling UAC may be the best thing you can do to fight root kits, worms, Trojans and viruses, as well as easily identifying the applications in your environment that aren't written well.

  5. Running As A User Made Easier: File System and Registry Virtualization

    One of the biggest obstacles that well-informed techies see to moving to a world where most of us run as a user is the objection that “hey, I’d love to run as a user, but my stupid apps won’t run unless I’m an admin because they try to write to places in on the disk and in the Registry where user types can’t go. What am I gonna do, find the developer and hit him in the head until he rewrites his code?” It’s a very valid objection, or was, anyway… until Vista. User Account Control, who we met in the previous chapter, does a bit of sleight-of-hand letting folks with normal user levels of privilege to run what once were just badly-written applications… automatically. Called “virtualization,” it’s got nothing to do with VMWare or Virtual Server, and everything to do with making things easier to run in lower power. With virtualization, you really can run apps that write to HKEY_LOCAL_MACHINE or System32, even if you’re not an admin, just like magic. But as with all magic, there are some gotchas. This chapter explains how virtualization works, where it doesn’t work, and how to know when it can and can’t help you.

  6. Your PC as a Military Computer: Windows Integrity Control in Vista

    Any admin using Vista for a week or so will come up against something astounding. She’ll try to delete a file, only to find that she lacks the permissions. Furthermore … and here’s the creepy part … all of the permission fiddling that she knows will be to no avail.

    Has Microsoft created files on Vista that even an administrator can’t delete? Well, yes, but only “kind of.” In an effort to stem the tide of malware, Microsoft has, believe it or not, gone beyond the “discretionary permissions” model for NTFS and Registry permissions that we’ve known since NT's inception in 1993 and added a model that to this point has not appeared in any operating systems on the planet, except for ones used in some special-purpose OSes designed for military and national security applications. This new layer of security is called “Windows Integrity Control” and, well, it’s no exaggeration to say that if you’re a long-time Windows admin, you’ve never seen anything like this. In this chapter, we explain the theory behind WIC, and then dive into your system’s insides to show you what MIC’s doing… and how you can get in on the act to do a little “mandating” of your own, including some advice and tools that you won't find anywhere else. And sadly we must warn our readers that this chapter cannot not be released to readers without the proper security clearances.

    (Okay, just joking on the last item.)

  7. Bitlocker: Solving the Laptop Security Problem

    Every year, American companies lose 600,000 laptops that are sometimes stolen but more often just left in cabs and airports. But no matter how they’re lost, those laptops sometimes contain data that can make or break organizations. For example, you may recall that a Veteran’s Administration government employee thanked those who'd defended the country in the past few decades by bringing home a laptop containing a database full of their information… and forgetting it in a public place. (After all, nothing says “thanks for keeping me safe” like simplifying identify theft.)

    The answer? Encrypt the whole bloody hard disk, and hide the key where it can’t be found. That’s in Vista in a new tool called “Bitlocker.” When Microsoft first talked about Bitlocker, it seemed like an interesting but impractical technology because it required that any system using Bitlocker have a cryptographic chip called a Trusted Platform Module (TPM) chip on its motherboard. The Vista implementation of BitLocker, however, lets you encrypt any system so long as it’s got either a TPM chip, or a USB slot.

    But making Vista work involves a ton of little details; this chapter, by co-author Byron Hynes, lays out all of the BitLocker details so you'll have all of the info that you'll need to plan a BitLocker rollout.  (Or decide not to.)

  8. Post-Boot Protection: Code Integrity, New Driver Signing Rules and PatchGuard

    By now you’ve seen that Vista does indeed incorporate built-in paranoia, and for good reason, as nowadays the bad guys are legion. In a change from all previous versions of Windows, Vista randomly re-assigns the locations of basic Windows services, making the job of worm writers all the more difficult. One more set of anti-malware provisions includes code integrity, a boot-time check of digital signatures on files, and a new set of rules for 64-bit Windows only. Under these rules, all drivers must be signed. This chapter explains both of those protections in detail. But that's not all for 64-bit systems: the 64-bit kernel contains a feature called "PatchGuard" that attempts to intelligently detect and stop malware, but that causes some anti-malware applications to fail.

  9. Services in Vista

    No Windows system can run without a legion of applications quietly running in the background called services. Although much-maligned in security literature, services are helpful processes that get a lot of the job of keeping Windows running done. But because they run all of the time, services with bugs quickly become some of the lowest of low-hanging fruit for attackers. Over the years, Microsoft has sought to make services harder to attack with simple adjustments and those changes have been valuable, but Vista takes things a step further and re-writes the rules of how services are built.

    Now, the whole idea of Vista's abilities to lock down services are intended for developers, but not every developer decides to take the time to use those lockdown capabilities.  That's where this chapter is of the most value, when we show you the tools that let you step in and clean up where a lazy developer chose not to bother to secure a service!