VH, speaking of Longhorn
Security in Longhorn will be better when the new operating system is released in 2006 than security in Windows XP , which debuted in 2001 -- or so Microsoft has promised.
How much better though, is a matter of how effective Microsoft, as well as Longhorn users, will be at staying one step ahead of the hackers that will surely be gunning for Longhorn vulnerabilities.
For I.T. managers planning for Longhorn deployment, the key security factor is the great unknown -- anticipating future vulnerabilities that right now are a glint in the evil eye of hackers. All I.T. can do for now is to upgrade existing systems in anticipation of Longhorn's arrival.
New Attacks, New Threats
"All infrastructure vendors have to fight yesterday's wars because of their vast installed bases. So, new attacks will come out and new vulnerabilities will be found in those products," John Pescatore, vice-president at Gartner Research, told NewsFactor. "Longhorn should stop many of the attacks we see today, but I can guarantee we will be fighting new security battles even before Longhorn ships."
Pescatore added that many pre-Longhorn I.T. security investments will be obsolete by 2007.
For clients, Pescatore is recommending pre-Longhorn investments in vulnerability management, intrusion prevention and identity management -- versus anti-viral, patch management, and other solutions that won't put processes in place that deal with changing vulnerabilities, threats and attacks.
Several new security-promoting technologies are to be built into Longhorn. These include an ability to periodically check user's systems against new security fixes in a centralized patch database, and to institute far more stringent access controls and permission levels.
Longhorn Has Its Privileges
Already, Microsoft's Microsoft Developers Network site offers details, as well as preliminary code for least-privilege user account, application impact management and protected administrator, three features that will run in together to add roadblocks to unauthorized administrative access and privileges to perform certain actions.
These actions include backing up installed software, defragging and re-partitioning hard drives, and making major changes to enterprise management software.
These and other applications will be run with a special restrictive token that one individual in a company -- such as the head of I.T. -- has either sanctioned for use, or has already been deployed by the organization and designated as "trusted."
Additionally, Pescatore noted, Windows Next Generation Secure Computing base will enable the Longhorn kernel to take advantage of Intel's forthcoming LeGrand technology. LeGrand will enable the placement of Trusted Platform Module chips in newly manufactured PCs pre-installed with Longhorn. "This can have dramatic increases in digital rights management and the ability to run trusted code securely on a PC -- which you cannot do today," LeGrand said.
"Longhorn will be Microsoft's first desktop OS built after they started to care about security. So I do expect Longhorn to be more secure," Pescatore added.
