I couldn't have gotten this book out quickly enough without the hard work of my coauthors Byron Hynes and Jennifer Allen.
I met Byron Hynes at TechEd through a mutual friend, Steve Riley, at Microsoft. Byron is a guy who's spent many years teaching technical seminars and writing documentation. He just joined Microsoft a year ago and is hard at work doing the security-related documentation about Server 2007. He also may be the single human being on the planet who best understands the new BitLocker encryption system that arrives with Vista—so I was pretty happy to hear that he'd do the BitLocker chapter for this book. But don't worry that you'll just get a sales pitch from him—Byron's a straight shooter when it comes to talking about Windows strengths, as well as weaknesses. Jennifer Allen is a technical writer and editor in the Microsoft Security Technology group, where she manages and creates documentation for security technologies. Jennifer resides in Seattle, Washington, and is a native of Washington state.
I greatly appreciate each coauthor's hard work, and I think you'll enjoy their contributions.
What's Inside This Book
Here's a quick look at the things that you'll learn in this book.
As I've said, we'll see some real paradigm-busters in this book, but I wanted to start you off gently with Chapter 1. In that chapter, I tell you how to solve a few annoying problems (like restoring the Administrator account, which is disabled by default) and then, I explain a dozen or so subtle changes to security defaults. These are things that you might well not notice…until you trip over one of them. (For example, did you know that in Vista, Power Users go away?) But not all of the surprises are bad ones, as I'll walk you through an unexpected bright star in the Vista constellation—the Event Viewer. Covering that will also let me do some drill-down on Windows Remote Management, a new piece of Windows infrastructure that we're all going to have to get facile with.
In Chapter 2, we dive right into Vista security with the first of those eight biggies that I've mentioned. And, unlike most of the new Vista security technologies that we'll cover, this is one that you probably have heard of or come across: User Account Control or UAC, also known as "the Vista feature that everyone loves to hate." It's Microsoft's significant shift in Windows functionality intended to help the Windows community, who are all used to running as full-power administrators, make the painful shift to running as a user. UAC is definitely a good thing in the long run, but it can be frustrating for the veteran administrator, if not understood. That veteran admin could choose to simply tweak a couple of group policies to shut UAC off—and this chapter shows how—but that admin just might choose differently if she understood exactly what UAC does. This chapter goes beyond the UI and explains the new concept of "split tokens" and what they mean for both admins and users…and how not disabling UAC may be the best thing you can do to fight rootkits, worms, Trojans, and viruses.
In Chapter 3, I explain the second of the Big Eight, file system and Registry virtualization. It's a technology built into Vista that, like UAC, helps make the transition from today's world, where 99 percent of us spend our days logged in as an administrator, to a safer world of tomorrow, where we spend most of our time logged on as standard users. We need that because a lot of malware can't possibly infect our systems if we're logged on as standard users rather than administrators. But one of the biggest obstacles that well-informed techies see to moving to a world where most of us run as a user is the objection that "hey, I'd love to run as a user, but my stupid apps won't run unless I'm an admin because they try to write to places on the disk and in the Registry where user types can't go. What am I gonna do, find the developer and hit him in the head until he rewrites his code?" It's a very valid objection, or was, anyway…until Vista. Vista does a bit of sleight of hand letting folks with normal user levels of privilege to run what once were just badly written applications…automatically. Called "virtualization," it's got nothing to do with VMWare or Virtual Server, and everything to do with making things easier to run in lower power. With virtualization, you really can run apps that write to HKEY_LOCAL_MACHINE or System32, even if you're not an admin, just like magic. But as with all magic, there are some gotchas. This chapter explains how virtualization works, where it doesn't work, and how to know when it can and can't help you.
Chapter 4 introduces the technology that caused my cranial pop: the Windows integrity control, formerly known as Mandatory Integrity Control or MIC. In an effort to stem the tide of malware, Microsoft has, believe it or not, gone beyond the "discretionary permissions" model for NTFS and Registry permissions that we've known since its inception in 1993 and added a model that to this point has not appeared in any operating systems on the planet, except for ones used in some special-purpose OSes designed for military and national security applications. This new layer of security is called the "Windows Integrity control" and, well, it's no exaggeration to say that if you're a long-time Windows admin, you've never seen anything like this. In this chapter, I explain the theory behind the Windows integrity control, and then dive into your system's insides to show you what Windows integrity is doing…and how you can get in on the act to do insert a bit more "integrity" of your own into Vista. There is one downside to this chapter, however: we must sadly warn our readers that this chapter cannot not be read by persons without the proper security clearances.
Note Okay, just joking on the last item. But as I was writing this on the eve of Vista's release in late October 2006, its name was still in flux so for all I know it'll have another name.
In Chapter 5, Byron joins us to explain the fourth in my list of big new security technologies, the one piece of "Palladium," Microsoft's vision of security way back in 2002, that has actually seen the light of day: BitLocker Full Volume Encryption. Every year, American companies lose 600,000 laptops that are sometimes stolen but often just left in cabs and airports. But no matter how they're lost, they sometimes contain data that can make or break organizations. For example, you may recall the recent story about a Veteran's Administration employee who brought home a laptop whose hard disk contained the records of all veterans, including all of the information needed for a bad guy to commit identity theft against them… and the laptop was stolen from his home. Yikes! The answer? (Besides shooting the dummy who did that, that is.) Encrypt the entire hard disk, and hide the key where it can't be found. That's in Vista in a new tool called BitLocker.
When Microsoft first talked about BitLocker, it seemed like an interesting but impractical technology because it required that any system using BitLocker have a cryptographic chip called a Trusted Platform Module (TPM) chip on its motherboard. The Vista implementation of BitLocker, however, lets you encrypt any system so long as it's got either a TPM chip or a USB slot. If you've got a laptop, or if you're in charge of a fleet of laptops, then this may be the single most gotta-have-it feature of Vista!
In Chapter 6, Jennifer Allen joins us to explain three more of my list of significant Vista security technologies: code integrity, new driver signing rules, and PatchGuard. By this point in the book, you will have seen that Vista may be the first version of Windows with "Paranoia Inside," to borrow from Intel's well-known logo. In a change from all previous versions of Windows, Vista randomly reassigns the locations of basic Windows services, making the job of worm writers all the more difficult. One more set of anti-malware provisions includes code integrity, a boot-time check of digital signatures on files, and a new set of rules for 64-bit Windows only. Under these rules, all drivers must be signed. This chapter explains both of those protections in detail. But that's not all for 64-bit systems: the 64-bit kernel contains a feature called PatchGuard that attempts to intelligently detect and stop malware.
Chapter 7 I discuss that old security bugbear, Windows services. Although much maligned in security literature, services are helpful processes that get a lot of the job of keeping Windows running done. But because they run all of the time, services with bugs quickly become some of the lowest of low-hanging fruit for attackers. Over the years, Microsoft has sought to make services harder to attack with simple adjustments and those changes have been valuable, but Vista takes things a step further and rewrites the rules of how services are built. In this chapter, I explain how Vista services have changed, and how that affects administering Windows systems.
At that point, we'll be done with our quick look at Vista security's big surprises. I suspect that by then, you'll agree that at least security-wise, Vista is as different from previous versions of Windows as a Rolls-Royce is from a roller skate.
Stay Up to Date with My Free Newsletter
Keeping track of Windows administration and security is a job in itself, as it changes so fast. We did our best in this book to get you information that's as up to date as is possible, but remember that we wrote this from the betas, and things can and will change. (Heck, as I write this, no one seems to have any really strong feel for when Vista will ship. But the technologies that we're discussing here will appear in Vista and Server 2007 whether they ship late or early, so the sooner you're acquainted with them, the better.) I don't know if we'll get around to writing a second edition of this, but whether we do or not, why wait for another edition to stay up to date?
So I'm extending the following offer to my readers. Visit my website at http://www.minasi.com and register to receive my free Windows Networking newsletter. It covers everything from NT 4 to 2000 to XP to 2003, Vista and even a little Linux. Every month that I can, I send you a short update on tips and things that I've learned, as well as any significant errata that appear in the book (which I'm praying don't appear). It won't be spam—as the saying goes, "Spammers must die!"—just a short heads-up on whatever I've come across that's new (to me) and interesting about NT, 2000, XP, 2003, or Vista. I've been doing this newsletter since 1999, so you can also peruse the newsletter archives. Past newsletters have also included lengthy articles on running and securing Microsoft's free database servers MSDE and SQL Server Express, DNS troubleshooting, configuring the Indexing Service, and IPSec, so I think you'll find it a worthwhile newsletter for the price.
