windows vista inside out ch 10: ch 10: security essentials last modified 9-17-07
TRANSCRIPT
![Page 1: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/1.jpg)
Windows VistaWindows VistaInside OutInside Out
Ch 10: Ch 10: Security Essentials
Last modified 9-17-07
![Page 2: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/2.jpg)
Understanding Security Threats
Essential Security Measures Firewall Updates Antivirus Antispyware
Security Center In Control
Panel
![Page 3: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/3.jpg)
EditionsEditions
All the security software in this chapter is All the security software in this chapter is the same in all editions, exceptthe same in all editions, except
Parental ControlsParental Controls Only present in Home Basic, Home Premium, Only present in Home Basic, Home Premium,
and Ultimateand Ultimate Group Policy Group Policy
Only present in Business, Enterprise, and Only present in Business, Enterprise, and Ultimate versionsUltimate versions
![Page 4: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/4.jpg)
Security ThreatsSecurity Threats
VirusVirus Code that attaches to another programCode that attaches to another program Spreads when the infected program runsSpreads when the infected program runs
WormWorm A independent program A independent program Usually spreads through networks, by email or Usually spreads through networks, by email or
instant messaging, or blogs, etc.instant messaging, or blogs, etc.
![Page 5: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/5.jpg)
Security ThreatsSecurity Threats
SpywareSpyware Software that is installed without user’s Software that is installed without user’s
knowledgeknowledge Records personal informationRecords personal information Causes ads to displayCauses ads to display
TrojanTrojan Enables remote control of your computerEnables remote control of your computer Your computer becomes part of a Your computer becomes part of a botnetbotnet
![Page 6: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/6.jpg)
What’s New in Windows Vista
User Account Control (UAC) Helps to prevents installation of software
without user’s consent Windows Firewall
Now filters outgoing traffic Advanced configuration console is much more
complex than any previous Windows Firewall
![Page 7: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/7.jpg)
What’s New in Windows Vista
Windows Defender Antispyware
Internet Explorer Protected Mode
Parental Controls Lets parents control their children’s Internet
use and games
![Page 8: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/8.jpg)
What’s New in Windows Vista
Data RedirectionData Redirection Standard user accounts use virtualization to Standard user accounts use virtualization to
prevent changes to protected system folders prevent changes to protected system folders and the Registryand the Registry
Buffer Overrun ProtectionBuffer Overrun Protection Address Space Layout Randomization
(ASLR)• Make it hard to take over computers with system
calls
![Page 9: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/9.jpg)
What’s New in Windows Vista
64-bit Vista64-bit Vista PatchGuard: only signed drivers are allowedPatchGuard: only signed drivers are allowed
Data EncryptionData Encryption BitLocker Drive EncryptionBitLocker Drive Encryption
• Only on Enterprise and Ultimate editionsOnly on Enterprise and Ultimate editions Encrypting File SystemEncrypting File System
• Only fully supported on Business, Enterprise, and Only fully supported on Business, Enterprise, and Ultimate editions (see link Ch 10a)Ultimate editions (see link Ch 10a)
![Page 10: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/10.jpg)
What’s New in Windows Vista
Restrictions on removable drives USB flash drives and removable devices can
be controlled with Group Policy
![Page 11: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/11.jpg)
Preventing Unsafe Actions with User Account Control (UAC)
Administrator accounts Administrator accounts have two tokens: one have two tokens: one normal, one with normal, one with administrator privilegesadministrator privileges
Elevating privileges Elevating privileges requires clicking on a requires clicking on a User Account Control User Account Control boxbox
![Page 12: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/12.jpg)
What Triggers UAC Prompts
Installing and uninstalling applicationsInstalling and uninstalling applications Installing device drivers Installing device drivers
Unless they are in the Driver StoreUnless they are in the Driver Store Installing ActiveX ControlsInstalling ActiveX Controls Installing Windows UpdatesInstalling Windows Updates Changing settings for Windows Firewall Changing UAC settings
![Page 13: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/13.jpg)
What Triggers UAC Prompts
Configuring Windows Update Adding or removing user accounts Changing a user’s account type Configuring Parental Controls Running Task Scheduler Restoring backed-up system files Viewing or changing another user’s
folders and files
![Page 14: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/14.jpg)
Shield IconShield Icon
Indicates actions Indicates actions that will require that will require privilege escalationprivilege escalation
If you are logged in If you are logged in as a Standard Useras a Standard User The “credentials The “credentials
prompt” will ask for prompt” will ask for administrator administrator credentialscredentials
![Page 15: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/15.jpg)
Secure DesktopSecure Desktop
The greyed-out desktop that forces you to The greyed-out desktop that forces you to respond only to the User Account Control respond only to the User Account Control boxbox
Prevents other programs from running Prevents other programs from running during this important processduring this important process
![Page 16: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/16.jpg)
Disabling UACDisabling UAC
Control Panel, Control Panel, User Accounts, User Accounts, User Accounts, User Accounts, Turn User Turn User Account Control Account Control on or offon or off
Puts your Puts your computer at riskcomputer at risk
![Page 17: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/17.jpg)
Working Around UAC Without Disabling It
Use an administrator Command Prompt window No further elevation will be needed
Run as a standard user Fewer elevated options will appear
Use the “Administrator” account Disabled by default Not affected by User Account Control by
default
![Page 18: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/18.jpg)
Using Group Policy to Customize Using Group Policy to Customize UACUAC
Start, GPEDIT.MSCStart, GPEDIT.MSC
![Page 19: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/19.jpg)
Monitoring Security
Security Security Center in Center in Control Control PanelPanel
![Page 20: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/20.jpg)
Multiple Security ProgramsMultiple Security Programs
Running two antivirus applications at the Running two antivirus applications at the same time can freeze your computersame time can freeze your computer
Two firewalls can be hard to manage, but Two firewalls can be hard to manage, but usually doesn’t crash the machineusually doesn’t crash the machine
Two antispyware applications is commonly Two antispyware applications is commonly done and does no harmdone and does no harm
![Page 21: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/21.jpg)
Unrecognized Software
If your security software is not recognized, you can turn off the Security Center alerts
To see this message, turn off Windows Firewall and click “Show me my available options” in the Firewall section of Security Center
![Page 22: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/22.jpg)
Blocking Intruders with Windows Firewall
You should always run a personal firewall You should always run a personal firewall on your computeron your computer Even when you work behind a corporate or Even when you work behind a corporate or
home firewallhome firewall To protect you from your neighbors on the To protect you from your neighbors on the
LANLAN Laptops, USB flash memory sticks, etc. can Laptops, USB flash memory sticks, etc. can
bring infections inside your firewallbring infections inside your firewall
![Page 23: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/23.jpg)
Windows FirewallWindows Firewall
Filters incoming traffic only, by defaultFilters incoming traffic only, by default Stateful-inspection packet filteringStateful-inspection packet filtering
Remembers the requests you made recentlyRemembers the requests you made recently Allows incoming traffic only if you requested itAllows incoming traffic only if you requested it You can set exceptions to allow unsolicited You can set exceptions to allow unsolicited
incoming trafficincoming traffic This is safer than stateless firewallsThis is safer than stateless firewalls
They filter only by IP address, port, or protocolThey filter only by IP address, port, or protocol
![Page 24: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/24.jpg)
New Windows Firewall FeaturesNew Windows Firewall Features
Can filter outgoing trafficCan filter outgoing traffic Windows Firewall With Advanced Security
console allows many more settings Exceptions can be configured for
Services Active Directory accounts and groups, and
more Three separate profiles
Domain, Private non-domain, or Public
![Page 25: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/25.jpg)
Tools for Managing Windows Firewall
Windows Firewall, in Control Panel Windows Firewall With Advanced Security
A snap-in for Microsoft Management Console (MMC)
Group Policy Object Editor Available only in Business, Enterprise, and
Ultimate editions The Netsh utility
Command-line tool
![Page 26: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/26.jpg)
Firewall Profiles
DomainDomain Your computer is joined to an Active Directory Your computer is joined to an Active Directory
domaindomain Firewall settings usually controlled by settings Firewall settings usually controlled by settings
on the Domain Controlleron the Domain Controller PrivatePrivate
Your computer is connected to a Home or Your computer is connected to a Home or Work network in a workgroup configurationWork network in a workgroup configuration
PublicPublic Airport, library, coffehouse, etc.Airport, library, coffehouse, etc.
![Page 27: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/27.jpg)
Firewall Profiles
Press Logo keyPress Logo key Enter "firewall"Enter "firewall" Open "Windows Open "Windows
Firewall with Firewall with Advanced Advanced Security"Security"
Notice that the Notice that the profile you are profile you are using now is using now is marked "Active"marked "Active"
![Page 28: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/28.jpg)
Windows Firewall SettingsWindows Firewall Settings In Control Panel, in In Control Panel, in
"Security" section, "Security" section, click "Allow a program click "Allow a program through Windows through Windows Firewall"Firewall"
Here you are Here you are controlling only the controlling only the current profilecurrent profile
Demo: Turn off Demo: Turn off firewall, observe the firewall, observe the change in "Windows change in "Windows Firewall with Firewall with Advanced Security"Advanced Security"
![Page 29: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/29.jpg)
Allowing Connections Through the Allowing Connections Through the FirewallFirewall
You will need exceptions any time you You will need exceptions any time you want your computer to act as a serverwant your computer to act as a server Print serverPrint server File ServerFile Server Windows Meeting SpaceWindows Meeting Space GamesGames
All these functions require your computer All these functions require your computer to accept unsolicited incoming trafficto accept unsolicited incoming traffic
![Page 30: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/30.jpg)
ExceptionsExceptions
Checking a box Checking a box here lets a here lets a program through program through the firewallthe firewall
If the item you If the item you need is not visible, need is not visible, use the "Add use the "Add program…" or program…" or "Add port…" "Add port…" buttonsbuttons
![Page 31: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/31.jpg)
Firewall AlertsFirewall Alerts
Clicking Clicking "Unblock" on "Unblock" on this alert does this alert does the same thing the same thing as checking the as checking the box on the box on the Exceptions tabExceptions tab
![Page 32: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/32.jpg)
Windows Update
Start, All Programs, Windows UpdateStart, All Programs, Windows Update
![Page 33: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/33.jpg)
Updating Many ComputersUpdating Many Computers
If you have a network of computers at a If you have a network of computers at a business, automatic updates are not the business, automatic updates are not the best practicebest practice It ties up your Internet connectionIt ties up your Internet connection Not all machines get the same updates at the Not all machines get the same updates at the
same timesame time Some updates may be harmful to your Some updates may be harmful to your
software, so you want to block themsoftware, so you want to block them
![Page 34: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/34.jpg)
Microsoft Update Catalog
Link Ch 10b Stand-alone
installable versions of each update for Windows
Includes "all supported versions"
BUT try searching for MS04-011, no Win 2000 updates appear
See link Ch 10c
![Page 35: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/35.jpg)
Windows Server Update Services(WSUS)
Runs on Windows Server 2003 or 2008 Downloads updates from Microsoft Computers get updates from the WSUS
server, not Microsoft See link Ch 10d
![Page 36: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/36.jpg)
Antivirus Software
Microsoft recommends these vendors for Microsoft recommends these vendors for Vista antivirus softwareVista antivirus software
For details, see link Ch 10eFor details, see link Ch 10e For independently certified antivirus For independently certified antivirus
products, see link Ch 10fproducts, see link Ch 10f
![Page 37: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/37.jpg)
Cleaning an Infected SystemCleaning an Infected System
Microsoft's Malicious Software Removal Tool (MSRT) Link Ch 10g
McAfee Stinger Link Ch 10h
![Page 38: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/38.jpg)
Stopping Spyware with Windows Defender
Spyware causes things like:Spyware causes things like: Unexpected new toolbars, favorites, and links
in your web browser Changes to your browser’s home page and
default search provider Numerous pop-up ads Sudden occurrence of computer crashes or
slow performance
![Page 39: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/39.jpg)
Windows DefenderWindows Defender
Press Logo key, Press Logo key, type in DEFtype in DEF
Scans each Scans each day, by defaultday, by default
![Page 40: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/40.jpg)
Real-Time ProtectionReal-Time Protection
In Windows In Windows Defender, Defender, Tools, Tools, OptionsOptions
![Page 41: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/41.jpg)
Parental Controls
Only in Only in Home Home Basic, Basic, Home Home Premium, Premium, and and Ultimate Ultimate EditionsEditions
![Page 42: Windows Vista Inside Out Ch 10: Ch 10: Security Essentials Last modified 9-17-07](https://reader036.vdocuments.us/reader036/viewer/2022062517/56649ed25503460f94be1b71/html5/thumbnails/42.jpg)
Activity ViewerActivity Viewer