never-ever-****-with-my.net

Last Wednesday, Microsoft published Windows Vista Security Guide, which provides recommendations to harden computers that use specific security baselines for the following two environments:

1. Enterprise Client (EC)--client computers in this environment are
   located in a domain that uses Active Directory and only need to
   communicate with systems running Windows Server 2003--implementation of this security baseline is described in Chapter 1;
2. Specialized Security--Limited Functionality (SSLF)--concern for
   security in this environment is so great that a significant loss of
   functionality and manageability is acceptable--implementation of this security baseline is described in Chapter 5.

• Defend Against Malware--Chapter 2 includes information about how to most effectively use User Account Control (UAC), Windows Defender, Windows Firewall, Windows Security Center, Malicious Software Removal Tool, Software Restriction Policies, and Internet Explorer 7 security features (e.g., Protected Mode, ActiveX Opt-in, Cross-domain scripting attack protection, Security Status Bar, Phishing Filter, etc.);
• Protect Sensitive Data--Chapter 3 focuses on encryption and access control technologies that help protect mobile computing environments from potential loss and theft: BitLocker Drive Encryption, Encrypting File System (EFS), Rights Management Services (RMS) and Device control;
• Application Compatibility--Chapter 4 provides guidelines to preserve functionality of existing applications when using the new and enhanced security features of Windows Vista.

As pointed out by the ISC's Handler's Diary, and further to the ZDNet article reporting that Microsoft considers taking admin rights from employees (link posted last Wednesday), Microsoft published Standard User Analyzer, a tool that "helps developers and IT professionals diagnose issues that would prevent a program from running properly without administrator privileges.  On Windows Vista, even administrators run most programs with standard user privileges by default, so it is important to ensure that your application does not have administrator access as a dependency.

Using the Standard User Analyzer to test your application can identify the following administrator dependencies and return the results in a graphical interface:

• File access
• Registry access
• INI files
• Token issues
• Security privileges
• Name space issues
• Other issues"

• A MMC user interface replacing the current web-based UI,
• Improved filtering and views customization features,
• Simplified detection of required updates, and
• Better targetting capacities.

Nothing new here, but it took me a couple hours to remember where I found this before (Google kept giving me results for commercial software).

Bo Brantén published FileDisk, a virtual disk driver for Windows NT/2000/XP that uses one or more files to emulate physical disks. This works with CD images too. :-)

FileDisk is packaged with Gilles Vollant's nifty WinImage, which is shareware.

Also, I read Microsoft published Virtual CD-ROM Control Panel to mount ISO image files as CD-Rom devices (the tool is unsupported, I have not tested it).

Just as I read about VMWare Server Beta 2 release in my inbox, I saw in Computerworld that Microsoft made Virtual Server R2 free:

"Virtual Server 2005 originally cost $999 and $499 for the Enterprise and Standard editions, respectively, when released in September 2004. Microsoft then released Virtual Server R2 at $199 and $99 for the Enterprise and Standard editions, respectively, in December.

Longtime virtualization market leader VMware Inc., which already had a free product called VMware Player, responded in February by making its GSX Server free. Meanwhile, Linux-based vendors such as XenSource Inc. and Virtual Iron Software Inc. are readying new or updated versions of their virtualization software.

With today’s change, Microsoft is eliminating the Standard edition and making its Enterprise edition available for download at no charge."

Microsoft released an anti-cross site scripting library for its .NET Framework. It can be freely downloaded here.