Dwayne's Blog : Security

Windows SteadyState 2.5

dwaynef — Tue, 24 Jun 2008 20:16:00 GMT

Windows SteadyState is the successor to Shared Computer Toolkit, it allows creater control over shared access computers (schools/internet cafe's/libraries/etc or even a shared household computer) with the ability to limit access to functionality and bascially not save changes, reboot and you return to original state.

SteadyState hompage, technical faq, 2.5 handbook, Steadystate download

Windows SteadyState is free, features include

Getting Started – Provides the initial steps to help you during your first time use of Windows SteadyState.

Windows Disk Protection – Help protect the Windows partition, which contains the Windows operating system and other programs, from being modified without administrator approval.Windows SteadyState allows you to set Windows Disk Protection to remove all changes upon restart, to remove changes at a certain date and time, or to not remove changes at all. If you choose to use Windows Disk Protection to remove changes, any changes made by shared users when they are logged on to the computer are removed when the computer is restarted

User Restrictions and Settings – The user restrictions and settings can help to enhance and simplify the user experience. Restrict user access to programs, settings, Start menu items, and options in Windows. You can also lock shared user accounts to prevent changes from being retained from one session to the next.

User Account Manager – Create and delete user accounts. You can use Windows SteadyState to create user accounts on alternative drives that will retain user data and settings even when Windows Disk Protection is turned on. You can also import and export user settings from one computer to another—saving valuable time and resources.

Computer Restrictions – Control security settings, privacy settings, and more, such as preventing users from creating and storing folders in drive C and from opening Microsoft Office documents from Internet Explorer®.

Schedule Software Updates – Update your shared computer with the latest software and security updates when it is convenient for you and your shared users.

Microsoft Acquires Komoku

dwaynef — Fri, 21 Mar 2008 15:28:00 GMT

Microsoft strengthens anti-malware protection with leading-edge rootkit detection provider.

REDMOND, Wash. — March 20, 2008 — Today Microsoft Corp. announced it has acquired Maryland-based Komoku Inc., a provider of advanced rootkit security detection solutions. Microsoft expects to add Komoku’s functionality into upcoming versions of the Forefront line of enterprise security products and Windows Live OneCare, Microsoft’s all-in-one PC care solution.

More details on the Forefront team blog

Firewire compromise

dwaynef — Fri, 07 Mar 2008 20:16:00 GMT

Nasty little Windows hack using Firewire (disable in System properties if not using), just to remind us how many more problems physical access can allow, following on the memory cooling exploit which actually compromised Windows, Mac & Linux, blog here

The new (not so new apparently) firewire exploit is explained by a New Zealand security consultant, tool included, here

Security Development Lifecycle Blog

dwaynef — Fri, 07 Mar 2008 17:30:00 GMT

Interesting blog around the SDL, this one I've preached a bit for a while. When discussing OS security issues, it's not about who's OS has 3 vulnerabilities this month vs. 4 for the next guy, it's about how we in the industry are trying/striving to fix these issues.

http://blogs.msdn.com/sdl/archive/2008/02/21/the-first-step-on-the-road-to-more-secure-software-is-admitting-you-have-a-problem.aspx

Nice article worth a read for those who either develop or support custom apps

http://blogs.msdn.com/sdl/archive/2008/03/06/crawling-toward-sdl.aspx