Windows Vista Security: Securing Vista Against Malicious Attacks [Paperback]

Roger A. Grimes (Author), Jesper M. Johansson (Author)

Book Description

Publication Date: July 2, 2007 | ISBN-10: 0470101555 | ISBN-13: 978-0470101551

Written by two veteran Windows security experts—one a Microsoft Security MVP and Foundstone Security Consultant, and the other a former senior member of Microsoft's Security Engineering Team—this essential resource prepares end users and technical administrators to handle various security problems that exist in Windows Vista as well as possible future threats. Offering in-depth coverage of all significant new security technologies in Windows Vista, this book addresses User Account Control, the new Firewall, Internet Explorer 7.0, Windows Defender, Service Hardening, and BitLocker.

Editorial Reviews

From the Back Cover

It's not the computer. The hacker's first target is YOU!

A dirty little secret that vendors don't want you to know is that good computer security doesn't cost a thing. Any solution you can buy is guaranteed to fail. Malicious hackers use this fact to their advantage. Real security is gained by understanding the enemy's tactics and offsetting them with appropriate and consistently applied Windows settings. These expert authors realize that an effective strategy is two parts technology and one part psychology. Along with learning about Vista's new security features (such as UAC, integrity controls, BitLocker, Protected Mode, and IIS 7), learn common-sense recommendations that will immediately provide reliable value.

Vista Security Tips

• Have a healthy sense of paranoia

• Understand and apply the basics properly

• Use longer passwords. No, longer than that

• Use admin privilege very sparingly

• Don't believe Internet Explorer Protected Mode will stop all attacks

• Don't believe DEP can stop all attacks

• Don't believe any technology can stop all attacks

About the Author

Roger A. Grimes, CPA, CISSP, four-time MVP, is a 20-year industry veteran and author of seven books and over 200 articles on Windows security. Currently working for Microsoft as an ACE Team senior security consultant, Roger previously taught Windows and Linux security for Foundstone and is a highly requested industry speaker.

Jesper M. Johansson is currently working on application security and developer security training on large software projects. Prior to his current work he was a senior security strategist at Microsoft Corporation and is a well known authority on Windows operating system security. He holds a Ph.D. in Management Information Systems.

Product Details

• Paperback: 582 pages
• Publisher: Wiley (July 2, 2007)
• Language: English
• ISBN-10: 0470101555
• ISBN-13: 978-0470101551
• Product Dimensions: 7.4 x 1.3 x 9.2 inches
• Shipping Weight: 1.8 pounds (View shipping rates and policies)
• Average Customer Review: 3.6 out of 5 stars  See all reviews (5 customer reviews)
• Amazon Best Sellers Rank: #2,033,374 in Books (See Top 100 in Books)
  • #100 in Books > Computers & Technology > Home Computing & How-to > Microsoft How-to > Windows OS > Windows Vista

Most Helpful Customer Reviews

6 of 8 people found the following review helpful

5.0 out of 5 stars The more I read and use Vista the more I like it August 31, 2007

By S. Bradley

Format:Paperback

Show me someone complaining about User Account Control, and I'll either show you

a. a person setting up the system initially or
b. a person who's not using Vista on a regular basis.

I play a game where I see how often I get the UAC prompt. There's many a week I get none at all.

What UAC points out is how little we know and understand about rights and permissions on our system. What this book points out is why we need and should want UAC on. Turn it off and Internet Explorer protected mode gets disabled.

Read this book. It will want you to install Vista that much more. It gave me a better understanding of the process going on with User account control. It gave me an understanding of how Administrator wasn't the horrifically bad thing it was in XP. About the security processes under the hood. The information in this book was invaluable to me in understanding more about the technologies under the hood.

(Full disclosure I read chapters of this book before it was published)

2 of 3 people found the following review helpful

4.0 out of 5 stars Sound Information From Respected Experts March 20, 2008

By sixmonkeyjungle VINE™ VOICE

Format:Paperback

A few years ago, Oracle had the audacity to run a marketing campaign claiming that their database product was "unbreakable". It didn't take long for someone to break it, and for Oracle to back-pedal their marketing stance and claim that they didn't mean it was 100% impervious, just that security was stronger and they had an "unbreakable" mindset, or something to that effect.

Since the introduction of Windows Vista, it has been hailed by Microsoft and by most media outlets as the "most secure" Windows operating system yet. Microsoft critics have been quick to jump up and down every time a weakness or vulnerability has been discovered- emphatically pointing out that it is, in fact flawed. They fail to realize that there is a big difference between "most secure" and "unbreakable", and that nobody ever claimed it was perfect.

With Vista, Microsoft took tremendous strides on the security front and introduced a variety of new features and technologies. UAC (User Account Control) has been widely criticized, mostly by Microsoft's competition and those who don't really understand its purpose or how to use it. Microsoft also included hard drive encryption with Bitlocker, the new and improved Internet Explorer 7, and more. There is a learning curve to understand these new components and use them properly.

Grimes and Johansson provide the knowledge and details you need to know to understand these new security features. They walk you through how to configure them to protect your Windows system. They also understand that the user is the key to security, and they take a holistic approach in trying to educate the reader on sound security practices that complement the security technology in Vista.

The book is a little "rah rah" Microsoft in spots, but that doesn't take anything away from its exceptional value. Pick this book up and put it to use.

5 of 8 people found the following review helpful

1.0 out of 5 stars Fifty pages of information bloated to 500 December 19, 2007

By Knafn Books

Format:Paperback

I can't recommend this for a beginner or an advanced security expert. The useful information in this book is hard to find amongst the poor writing and condescending tone.

The information that is here is hard to find. For example, the eight-point list of Vista security essentials includes "Remove unnecessary software and services." Neither the index nor the table of contents provides much guidance on how to find the information on removing services or identifying which are necessary. (I still haven't found that information in the book).

There are random bold-faced notes throughout the book. I haven't figured out the algorithm that the authors used to elevate a paragraph to bold face.

There is repetitive cheerleading for Windows Vista and Internet Explorer. In the words of Joe Friday: "Just the facts, ma'am."