Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

10/30/2006
07:51 AM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

The Vista-Forefront Security Two-Step

Legacy apps - Microsoft and non-Microsoft - may not get Forefront and Vista security, security experts say

Vista deployment is still at least a year out for most enterprise deployments, but it's not too early to consider what to do if Microsoft's new Vista operating system and Forefront security family don't support your legacy Microsoft and non-Microsoft applications.

Organizations that can't change out legacy apps such as Microsoft SQL Server 2000 due to the custom code they wrote for it could find themselves left out in the cold security-wise with Vista and Forefront, experts say. Although Microsoft hasn't officially revealed just which older apps will not work with Vista and Forefront yet -- or to what extent -- security experts don't expect Microsoft to include older products such as SQL 2000 and ISA Server 2000, for instance, under the new generation of products.

"Forefront is not likely to be compatible with Windows 95/98/ME and may not run on NT 3.5, 4.0, or 2000 with some Service Packs," says Randy Abrams, director of technical education for Eset, and the former operations manager for Microsoft's Global Infrastructure Alliance for Internet Safety. "It is possible that the code will run on older systems, but very unlikely that MS will support it if it does."

Organizations that have customized their older Microsoft apps, for instance –- especially the SQL database product, which is often used for accounting and other custom financial apps -- can't necessarily replace it, even if they are going with Vista, says Chris Schwartzbauer, vice president of worldwide field operations for Shavlik Technologies. "There's no reason to change my SQL license because I wrote custom code around the app and it's unlikely I'll [be able] to stop such a critical process," he says.

That means organizations running these older apps will have to use security tools from third-party vendors instead.

William Bell, manager of security operations for CWIE, says his company will wait for Vista Service Pack 1 (SP1) before it even starts testing the new OS. "In general, no one is going to trust Vista out of the box," Bell says. "No major company is going to roll out Vista day one."

But Bell, who runs Windows Server 2004 as well as XP workstations throughout his organization, says securing the Windows OS is an important step. "If we can secure the base OS as much as possible, we can stop a lot of the problems we see today with XP or 2000," he says.

Microsoft wouldn't provide details on which apps Vista and Forefront won't support. A Microsoft spokesperson instead reiterated Vista's defense-in-depth approach: "Windows Vista contains numerous security features that working together help prevent malware from installing and help find and remove it if it has already been installed," the spokesperson says. "It's important to note that with Windows Vista, we're taking a defense-in-depth approach to helping protect users from malware, which includes features such as user account control, Windows service hardening, ASLR, and kernel patch protection."

One of the biggest hurdles will be managing the controls Vista has in place, such as its built-in firewall and user account settings. "It's not about breaking the OS, but exploiting a misconfigured app, or taking advantage of a vulnerability that exists because the user didn't run the patch or a service isn't turned on and being used as a launching-point into the enterprise," Shavlik's Schwartzbauer says.

CWIE's Bell agrees it won't be easy. "It's hard to centrally manage controls," he says. "It's going to be a big hurdle for companies."

But a more chilling question, security experts say, is whether or not Forefront will use common dynamic link libraries (DLLs), which could provide attackers with potential holes in the security software to launch their exploits. DLLs are essentially files of system controls and drivers. "If Forefront were to use common DLLs, such as those used for manipulating cabinet files, then a vulnerability that may now affect Windows Explorer could theoretically also affect the security software as well," Eset's Abrams says.

To avoid any compatibility surprises, enterprises should start by testing Forefront and/or Vista before deploying the products. "Vista in particular is vastly different than XP was in terms of security capability, and it can be crippled if deployed incorrectly," says Rob Enderle, principal analyst with the Enderle Group. "Part of what should occur here is revisiting where legacy applications run and whether you even need them anymore. Many can now be hosted and doing so will not only result in lower operating costs, but better uptime and less employee aggravation."

The Gartner Group recommends that enterprises running or considering security tools such as host-based intrusion detection or content-monitoring tools that are not compatible with the 64-bit Vista (and "for which no suitable alternative exists"), should forego Vista initially. They won't get full Vista functionality otherwise, according to the consulting firm.

Still, having Microsoft's Forefront and Vista in general really won't change much in how enterprises approach security, Eset's Abrams says. "Enterprises [still] need to configure their OSes as safely as they are able, and to choose security software based upon how well it will allow them to productively secure their environment," he says. Now they will just have another option with Microsoft, he reckons.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Microsoft Corp. (Nasdaq: MSFT)
  • ESET
  • Shavlik Technologies

    Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
     

    Recommended Reading:

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    COVID-19: Latest Security News & Commentary
    Dark Reading Staff 8/3/2020
    Pen Testers Who Got Arrested Doing Their Jobs Tell All
    Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
    New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
    Nicole Ferraro, Contributing Writer,  8/3/2020
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Current Issue
    Special Report: Computing's New Normal, a Dark Reading Perspective
    This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
    Flash Poll
    The Changing Face of Threat Intelligence
    The Changing Face of Threat Intelligence
    This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2020-15820
    PUBLISHED: 2020-08-08
    In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
    CVE-2020-15821
    PUBLISHED: 2020-08-08
    In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
    CVE-2020-15823
    PUBLISHED: 2020-08-08
    JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
    CVE-2020-15824
    PUBLISHED: 2020-08-08
    In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
    CVE-2020-15825
    PUBLISHED: 2020-08-08
    In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.