So, why is it version 7 anyway? So far things look good under the hood of Windows 7 Beta (build 7000). There is still a lot of inspection to do, and yes, I still prefer it's
BSD based arch-nemesis ]:->. One thing that I am liking very much is the included MMC snap-in 'Windows Firewall with Advanced Security' console. At a glance this console lets you view and administer the local system firewall settings in a much more granular fashion. I never messed with it in Vista (Mainly because I was too busy getting deep into Leopard). It's a quick click to view all active firewall rules, various security associations (SA) and connection security rules (IPsec rules to form an SA). It's even easier to disable/enable rules, delete rules and block access both inbound and outbound. It is closely paired with the
netsh advfirewall tool. One thing I'd like to express to the typical windoze-bash-and-crasher is RTFM.
For those die-hard ipfw/netfilter people, like myself, drop into a command shell and explore:
netsh advfirewall firewall>show rule name=all
There is a lot here, however, and technet documentation is lacking at best. It's not as quick and dirty as
iptables -nL or
ipfw show, but it'll do for now... I'll be exploring different settings and poking on it with some assessment tools over the next couple of weeks.
My advice, go into the MMC snap in and disable any rules that won't be needed. It's pretty straight forward. My experience tells me that Windows is
"less secure" not just because of the larger install base, but largely due to ignorance and neglect. Have fun tuning.
Microsoft has released an 'open-source' (that's right!) application called !exploitable, which was announced at the CanSecWest security conference in Vancouver, British Columbia. It's a Windows debugger extension that can be used during the first phases of application design. Testers can test the stability and security of an application by throwing unexpected data at it, also called fuzzing. It is available at this link on CodePlex.
So, why is it version 7 anyway? So far things look good under the hood of Windows 7 Beta (build 7000). There is still a lot of inspection to do, and yes, I still prefer it's BSD based arch-nemesis ]:->. One thing that I am liking very much is the included MMC snap-in 'Windows Firewall with Advanced Security' console. At a glance this console lets you view and administer the local system firewall settings in a much more granular fashion. I never messed with it in Vista (Mainly because I was too busy getting deep into Leopard). It's a quick click to view all active firewall rules, various security associations (SA) and connection security rules (IPsec rules to form an SA). It's even easier to disable/enable rules, delete rules and block access both inbound and outbound. It is closely paired with the netsh advfirewall tool. One thing I'd like to express to the typical windoze-bash-and-crasher is RTFM.
There is a lot here, however, and technet documentation is lacking at best. It's not as quick and dirty as iptables -nL or ipfw show, but it'll do for now... I'll be exploring different settings and poking on it with some assessment tools over the next couple of weeks. My advice, go into the MMC snap in and disable any rules that won't be needed. It's pretty straight forward. My experience tells me that Windows is "less secure" not just because of the larger install base, but largely due to ignorance and neglect. Have fun tuning.
