Windows Security: Part 1
Windows 7 has been released to the public a little over three weeks ago, and although various advertisements tout the virtues of this new operating system, there appears to be not much of a reaction within the user community. My purpose in saying this is not to run down Windows 7. In fact, it appears to be a very good operating. (But then again, compared to Vista, what wouldn’t be good?)
The virtues of Windows 7 aside, there appears to be a continued use of but waning interest in Windows operating systems in general. I remember when Windows NT was first released. There was a kind of electric “buzz” within the user community. Tech “ragsheets” soon were filled with news about this then new operating system. New magazines such as what was then called Windows NT Magazine appeared and quickly picked up thousands of subscribers. The world of desktop computing quickly switched from Novell NetWare to Windows NT. To some degree, the same was true of both Windows 2000 and Windows XP. Bill Gates seemed to own the world, and the world was excited about what was happening.
Anticipating that the at-the-time Windows revolution would create the need for security courses on Windows operating systems, I decided to create a multi-day course on Windows NT security. Doing this was anything but an easy task, partially because Microsoft did not at the time make sufficient information about NT security available (although since then this vendor has done a great job in supplying such information). But frankly, I also did not know much about Windows, let alone security in Windows operating systems, and what I found out about these operating systems seemed very strange to me. Why, for example, were there settings in the Registry that were redundant with settings in c:\%systemroot%\system32, allowing for multiple ways for perpetrators and malware to change these settings without authorization? (By the way, I have still not figured this issue out—if you know, please tell me.)
I finally got my Windows NT course together and began teaching it. Demand was amazingly high, and I started to realize that I may have been able to quit my job and just teach Windows NT courses to make a living, although I never did so. I taught for both SANS and the Computer Security Institute (CSI), as well as for others, and I remember one time in 1998 that I had approximately 300 attendees in a two-day Windows NT security course that I taught at a SANS conference in San Diego. I could not even begin to make out the faces of attendees way back in the last rows.
About four years later I developed a course in Windows 2000 security. Windows 2000 was revolutionary in that it was the first operating system with Active Directory (AD), and much of security was (and still is) built around AD. Windows 2000 also introduced many new and highly useful features, many of them security-related, and interest in Windows 2000 and Windows 2000 security continued to be high, as evidenced by good attendance at the courses on this subject that I taught at the time.
SANS and I went separate directions in 2002, but this organization continued to offer a course (complete with certification, yet!) on Windows 2000 security and later (because by then there were several different Windows operating systems) just Windows security. I assume that there were many attendees of this course; but one thing I distinctly noticed was that the demand for the Windows 2000 security course I taught for CSI at that time started to subside. I developed and taught courses on Windows XP security and later Windows Server 2003 security and the trend continued—fewer people were signing up for the course. The last Windows Server 2003 security course I taught had only nine attendees. The same must have been true for the SANS Windows security course, because I notice that at many SANS events, this course is no longer taught.
Like anything else, one something that was originally radically new first surfaces, it is “hot,” but then the excitement starts to die. Additionally, if a system administrator knows how to lock down version n – 1 of a Windows operating system, much of that knowledge will apply to version n, in large part (but not completely) precluding the need to go to training on how to secure version n. Additionally, Vista (which represents a horrible miscalculation on Microsoft’s part) substantially dampened enthusiasm related to Windows operating systems.
The proverbial baton of excitement has been passed to Linux, especially to the Debian flavor(and, in particular, the Ubuntu flavor of Debian), but the majority of users still use Windows. Which vendor still sells the most operating systems? Microsoft, of course. Windows operating systems are going to be with us for a long time. Microsoft (but not necessarily other operating system vendors) will continue to make a fortune off of operating systems as well as the many useful applications and other products that this software giant makes. But don’t expect anybody to be all that excited about them any more—not even if nice new technology like Windows 7 surfaces.