Foreword
In 2001, the IT community was celebrating the long-awaited release of Microsoft’s Windows XP. The release of Windows XP was a major milestone for Microsoft because it was the first time that the company had created an NT kernel-based operating system intended for both businesses and consumers. Windows XP was designed to render DOS-based operating systems such as Windows 9x and Windows ME obsolete forever. Sadly, the celebration was short-lived, though, as it became apparent that Windows XP and Internet Explorer were both plagued with security problems.
At first these security problems were mostly a concern for businesses. It wasn’t long, however, before consumers began to feel the consequences of these security holes as well. Nuisances such as Trojans, spyware, pop-ups, and browser hijackers quickly went from existing in relative obscurity to becoming an almost overnight epidemic.
In 2003, Microsoft was hard at work on Service Pack 2 for Windows XP, which was originally intended to consist of a set of critical security patches and hotfixes that had been rolled up into a service pack. But everything changed when the Slammer worm hit.
The development team in Redmond was already hard at work on a new desktop operating system, code-named Longhorn (now known as Windows Vista). Longhorn was slated to include code that would prevent Slammer-type worms from being effective, but the new operating system was still years away from being ready to be released.
Fearing another Slammer-type attack, Microsoft Vice President Jim Allchin made the decision to halt the development of Longhorn and mandated that much of the Longhorn code be adapted to Windows XP and included in Service Pack 2.
Service Pack 2 was released on August 6, 2004. However, the service pack didn’t fix all of Windows XP’s security problems, although it did help to some extent. In retrospect it was probably good that Microsoft created Service Pack 2 from Longhorn code. This strategy gave the company the chance to see that the code was not completely secure, thus providing Microsoft with a chance to rewrite the code prior to Vista’s release.
All this hard work apparently has paid off, though. Windows Vista is the first desktop operating system released under Microsoft’s Trustworthy Computing Initiative, and it is without a doubt the most secure OS that Microsoft has released to date.
Even so, Vista isn’t completely secure right out of the box. Like every previous Windows operating system, Vista is highly customizable, and the settings that you configure Vista to use play a role in how secure the operating system really is. For example, there will undoubtedly be security updates released for Vista as new security threats are discovered. If Vista isn’t configured to receive these updates, though, then it will be less secure than an updated version of Vista.
That’s where Microsoft Vista for IT Security Professionals is helpful. This book discusses all of the enhanced security mechanisms that are present in Vista. It also shows you how to configure these mechanisms for optimal security.
—Brien M. Posey
Vice President of Research and Development, Relevant Technologies